r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e50dac5108a698d61ca49516033d1a20
53d243b89fc00deb9bfae07351bbe36ddb7c1df3
e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17629
Expires: Wed, 05 Apr 2023 02:22:16 GMT
Date: Tue, 04 Apr 2023 21:28:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a4074549843769a3da3f055bcb5a78ff
f99062d34cf71bda6a9c64061fb9e61008f94021
895e3801806f031611a25bec5652cc1a46dfa76ea6784f5064d859c1a5b9ddf7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "895E3801806F031611A25BEC5652CC1A46DFA76EA6784F5064D859C1A5B9DDF7"
Last-Modified: Tue, 04 Apr 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3613
Expires: Tue, 04 Apr 2023 22:28:40 GMT
Date: Tue, 04 Apr 2023 21:28:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 903ed2d58f1f33d069b70c4b53f1cb1f
0ef89cd6eb79a2ddd74434f9233cf486fffc1142
d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7186
Expires: Tue, 04 Apr 2023 23:28:13 GMT
Date: Tue, 04 Apr 2023 21:28:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Alert, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 20:28:45 GMT
content-type: application/json
age: 3582
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 95f61d351f5fc9533cc78e255ce9bc06
fba284117f347782ac23c51d141d7e3ec15a867e
7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3
GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Xdy6yUATRbPzQLOyg2DQyW0Vb67t38RX32C8P2782Ssv37n4M0+Q4YW9bUqX6aa3U3Op26iAfxuBjE5jXVglhg==
x-amz-request-id: 0JNNDSTPXCC8RBJ2
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 20:53:21 GMT
age: 2106
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
go.allison-bangs.com/go.php?t=42425&aid=115443&sid=143429_1669583&clickid=pndxb642c966b0009d0c4
3.89.175.212200 OK 938 B URL HTTP/1.1 go.allison-bangs.com/go.php?t=42425&aid=115443&sid=143429_1669583&clickid=pndxb642c966b0009d0c4
IP 3.89.175.212:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (403)
Hash 3317a3cece34115c97a5f5a89f1843aa
f26839de9c99f8d89914c562d4363ff1c50807cf
dc72993c6de3aa17b3884415a53e8644b35ad7795d405b0ad48985c16aca2b23
GET /go.php?t=42425&aid=115443&sid=143429_1669583&clickid=pndxb642c966b0009d0c4 HTTP/1.1
Host: go.allison-bangs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Tue, 04 Apr 2023 21:28:27 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Server: nginx
Set-Cookie: bd_ovtu=1; expires=Wed, 05-Apr-2023 21:28:27 GMT; Max-Age=86400; path=/; domain=.allison-bangs.com
bdreff=NONE; expires=Sun, 01-Oct-2023 21:28:27 GMT; Max-Age=15552000; path=/; domain=.allison-bangs.com
tour=42425; expires=Sun, 01-Oct-2023 21:28:27 GMT; Max-Age=15552000; path=/; domain=.allison-bangs.com
affsubid=115443-143429_1669583; expires=Sun, 01-Oct-2023 21:28:27 GMT; Max-Age=15552000; path=/; domain=.allison-bangs.com
bdvisit=115443; expires=Wed, 05-Apr-2023 21:28:27 GMT; Max-Age=86400; path=/; domain=.allison-bangs.com
bdcounter=1; expires=Wed, 05-Apr-2023 21:28:27 GMT; Max-Age=86400; path=/; domain=.allison-bangs.com
xk=30010050139cc573dab52b79276b3946; expires=Sun, 01-Oct-2023 21:28:27 GMT; Max-Age=15552000; path=/; domain=.allison-bangs.com
X-Powered-By: PHP/8.1.17
X-Robots-Tag: otherbot: noindex, nofollow, googlebot: noindex, nofollow
Transfer-Encoding: chunked
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 21:28:27 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
go.allison-bangs.com/native.history.js
3.89.175.212200 OK 22 kB URL HTTP/1.1 go.allison-bangs.com/native.history.js
IP 3.89.175.212:0
File type ASCII text, with very long lines (22102), with no line terminators
Hash 4391c3ebd46fb772c788c32d1885afdd
824d318a296d3ae4bc8023f254d61a94818e0866
968c9f4d687c2584b5073a12074aa9d18601af83399d4b6c420b022ecda05f7f
GET /native.history.js HTTP/1.1
Host: go.allison-bangs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.allison-bangs.com/go.php?t=42425&aid=115443&sid=143429_1669583&clickid=pndxb642c966b0009d0c4
Cookie: bd_ovtu=1; bdreff=NONE; tour=42425; affsubid=115443-143429_1669583; bdvisit=115443; bdcounter=1; xk=30010050139cc573dab52b79276b3946
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 22102
Content-Type: text/plain
Date: Tue, 04 Apr 2023 21:28:27 GMT
Etag: "642599e7-5656"
Last-Modified: Thu, 30 Mar 2023 14:17:11 GMT
Server: nginx
go.allison-bangs.com/go.min.js
3.89.175.212200 OK 306 B URL HTTP/1.1 go.allison-bangs.com/go.min.js
IP 3.89.175.212:0
File type ASCII text, with very long lines (305)
Hash b8891bcb893d3ee2806e7989a3031af3
de5aab743d1bd13e45a864f7413a83b215b2cb1a
ccfb01fbbefd9557045ec789bdaadcca96ca9da1b27ba23c6082a58f86b90df0
GET /go.min.js HTTP/1.1
Host: go.allison-bangs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.allison-bangs.com/go.php?t=42425&aid=115443&sid=143429_1669583&clickid=pndxb642c966b0009d0c4
Cookie: bd_ovtu=1; bdreff=NONE; tour=42425; affsubid=115443-143429_1669583; bdvisit=115443; bdcounter=1; xk=30010050139cc573dab52b79276b3946
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 306
Content-Type: text/plain
Date: Tue, 04 Apr 2023 21:28:27 GMT
Etag: "642599e7-132"
Last-Modified: Thu, 30 Mar 2023 14:17:11 GMT
Server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, ETag, Cache-Control, Expires, Backoff, Last-Modified, Pragma, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 21:14:45 GMT
age: 822
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2820ca2dae3aed6a76736f236502749b
d2e4995fdd0fbb64d9051f50be93023a752ef449
0ac73659b8f464575a3596da96a94fc6dbc26a4d5a90bec1331a5df5ad796006
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0AC73659B8F464575A3596DA96A94FC6DBC26A4D5A90BEC1331A5DF5AD796006"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4333
Expires: Tue, 04 Apr 2023 22:40:40 GMT
Date: Tue, 04 Apr 2023 21:28:27 GMT
Connection: keep-alive
tours.specia1.com/t/872/v1/images/logo_white.png
143.204.55.19200 OK 25 kB URL HTTP/2 tours.specia1.com/t/872/v1/images/logo_white.png
IP 143.204.55.19:0
File type PNG image data, 448 x 138, 8-bit/color RGBA, non-interlaced\012- data
Hash 18b79c1f332877218cbc64f02756b001
59248df18e21ff9de87ca4c28da6b8a9f7a3485f
ef897169496fdd94fbe5bec6875fd140d7b362d4cf4293ad3f7f1895ea19e773
GET /t/872/v1/images/logo_white.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 25108
last-modified: Wed, 29 Mar 2023 13:34:14 GMT
server: AmazonS3
date: Tue, 04 Apr 2023 21:28:16 GMT
etag: "18b79c1f332877218cbc64f02756b001"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NYgbvzqcJoAoxKmX9cy3PDLLUaLbNwdFhXSWfsqcbJfXwv83bhp0Eg==
age: 78
X-Firefox-Spdy: h2
tours.specia1.com/t/872/v1/images/logo_black.png
143.204.55.19200 OK 25 kB URL HTTP/2 tours.specia1.com/t/872/v1/images/logo_black.png
IP 143.204.55.19:0
File type PNG image data, 448 x 138, 8-bit/color RGBA, non-interlaced\012- data
Hash 36ef95442672cd2ec77bda692c3bc2a1
53c27f0c79d8692b7710e8060f31d80610af3625
c7c60d2f491dc5f2cdcc7288c8c7f70e5e55cb22d00001ea8dbeae895edf13fc
GET /t/872/v1/images/logo_black.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 25128
last-modified: Wed, 29 Mar 2023 13:34:14 GMT
server: AmazonS3
date: Tue, 04 Apr 2023 21:28:16 GMT
etag: "36ef95442672cd2ec77bda692c3bc2a1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ak6_JmkdFs1M8TP447BqsSdA0Vn68ChXwDvxJfWidrAHz4JGGOFnMQ==
age: 157
X-Firefox-Spdy: h2
tours.specia1.com/t/872/v1/images/address.png
143.204.55.19200 OK 1.4 kB URL HTTP/2 tours.specia1.com/t/872/v1/images/address.png
IP 143.204.55.19:0
File type PNG image data, 33 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash bd9476d9f407e290f817f77a0bf37674
3862e9f828f2241182269654dcc00d6e8c7f3927
2d56035b1871d7689d1a95dd4b9d38ab9ebf0bc2e0a0b59f474fe2f39816c690
GET /t/872/v1/images/address.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 1384
last-modified: Wed, 29 Mar 2023 13:34:14 GMT
server: AmazonS3
date: Tue, 04 Apr 2023 21:28:16 GMT
etag: "bd9476d9f407e290f817f77a0bf37674"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DBFoMsdjmibkWIYUITEq5Ip6S_ghQ25YEJzgED1mS2gpTc78M2CIwA==
age: 157
X-Firefox-Spdy: h2
tours.specia1.com/t/872/v1/images/no.png
143.204.55.19200 OK 2.4 kB URL HTTP/2 tours.specia1.com/t/872/v1/images/no.png
IP 143.204.55.19:0
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash f4c850c3599943476c895e408d566458
e69289912fdd5a47b6261ac9cb4d4b7080672c8e
24d772537dc40a1048cdf09f8ee61cfbbd8317b8f0dd3bb2154f96e1b8d31def
GET /t/872/v1/images/no.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 2369
last-modified: Wed, 29 Mar 2023 13:34:14 GMT
server: AmazonS3
date: Tue, 04 Apr 2023 21:28:16 GMT
etag: "f4c850c3599943476c895e408d566458"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4T3s5aWmvFOZm6kW9VDoliaHgIy6MBgZQExiVfBhX5oBy3iyuxLVTw==
age: 163
X-Firefox-Spdy: h2
tours.specia1.com/t/872/v1/images/ok.png
143.204.55.19200 OK 6.1 kB URL HTTP/2 tours.specia1.com/t/872/v1/images/ok.png
IP 143.204.55.19:0
File type PNG image data, 100 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 7550af9d46dd32ea5d0d5834425368db
3b55ef2c8f5009e500ef95a266b8cba86146b4e8
1cb5bb6aa110033f4c0178ace377811d87ec6f64b5a0aa6d1ddf477342e7dddd
GET /t/872/v1/images/ok.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 6092
last-modified: Wed, 29 Mar 2023 13:34:14 GMT
server: AmazonS3
date: Tue, 04 Apr 2023 21:28:16 GMT
etag: "7550af9d46dd32ea5d0d5834425368db"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HTF1NUJwvA9IqDDXSMh4b-2zFFG6K7BmTJp4Vp-15STHO0SoRgAz-Q==
age: 164
X-Firefox-Spdy: h2
utl-1.com/1.6.20/utl.min.js
143.204.55.43200 OK 307 kB URL HTTP/2 utl-1.com/1.6.20/utl.min.js
IP 143.204.55.43:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 307 kB (307271 bytes)
Hash 16abec94a42aa716dd831a52bca3b1b7
35ccd145a5ddeb1556c8995668b137769f3f4f3e
d2edbef8944e5e94cd67c37b0a6960841eacb87327c493790313ca2870feac34
GET /1.6.20/utl.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 307271
date: Wed, 08 Jun 2022 03:05:36 GMT
last-modified: Mon, 06 Apr 2020 12:48:16 GMT
etag: "16abec94a42aa716dd831a52bca3b1b7"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ofobf3BNuNruKIUX3aoDLTs16FCG9De37F0UFzizGV7sdKpP6eH28A==
age: 25986173
X-Firefox-Spdy: h2
utl-1.com/1.6.20/mst2.min.js
143.204.55.43200 OK 18 kB URL HTTP/2 utl-1.com/1.6.20/mst2.min.js
IP 143.204.55.43:0
File type ASCII text, with very long lines (17707), with no line terminators
Hash 1ce673324943ed678ec7908cf7815cab
43bb8e53ec84a337356b04e3a63c15d96b3b729c
863efe6006e4a42f8b6312fc39d79c2aa4c22ce3d1fc845122a064779a26a74e
GET /1.6.20/mst2.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 17707
date: Tue, 10 Jan 2023 03:09:41 GMT
last-modified: Mon, 06 Apr 2020 12:48:16 GMT
etag: "1ce673324943ed678ec7908cf7815cab"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: F3pIvg745wymuHcrc-BIjsvMxEskLbvAc1xq4bTDdwBaY0A8HSUYlg==
age: 7323528
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4741fb0e250c9bcfbf5ecf935786156a
b5ee9286de89da804036335ad071bcdf0bd69b6f
0273c45d6b16ec9f44aef454cfcc190ac3e953899347c346effb38e335806309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:28:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4741fb0e250c9bcfbf5ecf935786156a
b5ee9286de89da804036335ad071bcdf0bd69b6f
0273c45d6b16ec9f44aef454cfcc190ac3e953899347c346effb38e335806309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:28:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:28:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:31:10 GMT
expires: Wed, 03 Apr 2024 10:31:10 GMT
cache-control: public, max-age=31536000
age: 39438
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:28:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:28:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
34.210.143.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.210.143.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cm8p0dJXR9ch1RIZV4j+0w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yEqhJqVgml17PhiexyxaYtm4lM4=
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:31:23 GMT
expires: Wed, 03 Apr 2024 10:31:23 GMT
cache-control: public, max-age=31536000
age: 39425
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 09:29:05 GMT
expires: Wed, 03 Apr 2024 09:29:05 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 43163
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
143.204.48.16200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 143.204.48.16:0
Hash a2f7c37de39ae3a16d894b0780a2eedf
4a4b938bcdfcd4bc8d1d53ef6675019e4c8469a1
1216b5b213c80393672b7466b424390b036f1682cce61b4951fe580a501b65d0
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=94808
Date: Tue, 04 Apr 2023 21:28:28 GMT
Etag: "642b65d4-1d7"
Expires: Wed, 05 Apr 2023 23:48:36 GMT
Last-Modified: Mon, 03 Apr 2023 23:48:36 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3K2xQUns1IbWhCbyvrhwwit_FFwVVmaNQuJz-Wm-lY-7AUQnBGG8TQ==
cdn.tours-78-94.wellhello.com/instantcheat/imgs/arrow.svg
54.230.111.40200 OK 867 B URL HTTP/2 cdn.tours-78-94.wellhello.com/instantcheat/imgs/arrow.svg
IP 54.230.111.40:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d1482bd31dde1707b316f22bbe818ff4
98b63cc34e21b7d3092b70c00dc5a579ce0825ba
6efee9ca3dd0b249814e53fab132821a3c1b5370fdb02c704947399485ec43b9
Analyzer Verdict Alert fortinet Phishing
GET /instantcheat/imgs/arrow.svg HTTP/1.1
Host: cdn.tours-78-94.wellhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 867
date: Thu, 01 Sep 2022 02:07:19 GMT
server: nginx
last-modified: Fri, 26 Aug 2022 17:05:54 GMT
etag: "6308fd72-363"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ezJ3LifMtaLB8xfdXaHFkn1THblBBUFSKYXHfk1RJ0QXGZo1Qfnomg==
age: 18645669
X-Firefox-Spdy: h2
cdn.tours-78-94.wellhello.com/snapcheat/img/svg/arrow.svg
54.230.111.40200 OK 867 B URL HTTP/2 cdn.tours-78-94.wellhello.com/snapcheat/img/svg/arrow.svg
IP 54.230.111.40:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d1482bd31dde1707b316f22bbe818ff4
98b63cc34e21b7d3092b70c00dc5a579ce0825ba
6efee9ca3dd0b249814e53fab132821a3c1b5370fdb02c704947399485ec43b9
Analyzer Verdict Alert fortinet Phishing
GET /snapcheat/img/svg/arrow.svg HTTP/1.1
Host: cdn.tours-78-94.wellhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 867
date: Mon, 29 Aug 2022 01:29:26 GMT
server: nginx
last-modified: Fri, 26 Aug 2022 17:05:55 GMT
etag: "6308fd73-363"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: onZlpIk8yUK9dKQx1eWj0ljg4JpSP3Kf5F31hdHhnAy692yQWMtslw==
age: 18907142
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:28:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.r2m01.amazontrust.com/
143.204.48.16200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 143.204.48.16:0
Hash a2f7c37de39ae3a16d894b0780a2eedf
4a4b938bcdfcd4bc8d1d53ef6675019e4c8469a1
1216b5b213c80393672b7466b424390b036f1682cce61b4951fe580a501b65d0
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=94808
Date: Tue, 04 Apr 2023 21:28:28 GMT
Etag: "642b65d4-1d7"
Expires: Wed, 05 Apr 2023 23:48:36 GMT
Last-Modified: Mon, 03 Apr 2023 23:48:36 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: a_uL5fq_XNKhGA8qPq7uchP4KtoFYfYiRd3nndvFW-5UrxTBJ2uYKA==
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7a3256d07136b1afe7c6d9f980c191af
9f9033c703844308181c0eb32d674766e9d165c3
cac25e46b92056d9fe9412569269ba15c5799549394f4a23974baf2403d82c08
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CAC25E46B92056D9FE9412569269BA15C5799549394F4A23974BAF2403D82C08"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3805
Expires: Tue, 04 Apr 2023 22:31:53 GMT
Date: Tue, 04 Apr 2023 21:28:28 GMT
Connection: keep-alive
secure.authbill.com/tour/api.php
68.169.87.223200 OK 4.8 kB URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with very long lines (20405), with no line terminators
Hash 2c52104cbb6259e25de3f430d981f6a0
0794c091b4c15a50e328317de1050efb6151795b
6aba8684a9eb0aab82c8aa6aa3c73e86b5fb8d34f9d991ad9b6c847ae8b44b36
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Tue, 04 Apr 2023 21:28:28 GMT
server: Apache
set-cookie: PHPSESSID=D420~03caa496e508dc754fddb5813d132304; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 4820
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 385 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with very long lines (804), with no line terminators
Hash 673c190a4e2e73a6d3038928b8598f4c
6318b3faf1ccacf7f381d3c423d6a9882950c24c
39c4489106d62ae1d75f7c483c1a1a15311010cfe8445440c74d7582c6bba28c
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Tue, 04 Apr 2023 21:28:28 GMT
server: Apache
set-cookie: PHPSESSID=237E~6efa7b408607e9f5f25462f796e0ea6b; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 385
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 56 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type ASCII text, with no line terminators
Hash 932d2aa0bb044b8411adb6c19d71dff6
f45764622a21dccd6ea2f197b1fca73f18e8b273
94b841dc97f93dbb1c3411266f2b19deafb8f024984e57a899b5534a94c5ecdb
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Tue, 04 Apr 2023 21:28:28 GMT
server: Apache
set-cookie: PHPSESSID=4DD2~23b086722020e247b3d040dbf66197cd; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 56
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
142.250.74.106200 OK 723 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
IP 142.250.74.106:0
Hash b825e0ca518c8cc59eb5cb0d8818e453
e668b8169006526a3c92a8c84f62a2c45a559652
1b8ba82902585946dd4e14dc213ade92e54c4a6303d1e721d5556d278dd20969
GET /css2?family=Roboto:wght@300;400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Apr 2023 21:28:28 GMT
date: Tue, 04 Apr 2023 21:28:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
secure.authbill.com/tour/api.php
68.169.87.223200 OK 160 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 616ca5f84e79e9e7c84ce84f9ba2ab4d
8b337ca41ad52bccc7e4b9c580e1827948a393af
23e8857f52418653f6cf83afefcd2dd2dedc47f93cc6bdfbbb9afbc5c9b00bc4
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Tue, 04 Apr 2023 21:28:28 GMT
server: Apache
set-cookie: PHPSESSID=74D2~275a933aca59304152fbd9d4475d2331; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 160
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 160 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 616ca5f84e79e9e7c84ce84f9ba2ab4d
8b337ca41ad52bccc7e4b9c580e1827948a393af
23e8857f52418653f6cf83afefcd2dd2dedc47f93cc6bdfbbb9afbc5c9b00bc4
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Tue, 04 Apr 2023 21:28:28 GMT
server: Apache
set-cookie: PHPSESSID=237E~e4c24c666740a4fb58219cdf0cc4ca98; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 160
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 20 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 647
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Tue, 04 Apr 2023 21:28:28 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
set-cookie: PHPSESSID=120F~b8760aa9ba03f95a512e6d6549accab7; path=/; secure; HttpOnly
bd_ovtu=11; expires=Wed, 05-Apr-2023 21:28:28 GMT; Max-Age=86400; path=/; domain=.authbill.com
vary: Accept-Encoding
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
tours.specia1.com/favicon.ico
143.204.55.19404 Not Found 135 B URL HTTP/2 tours.specia1.com/favicon.ico
IP 143.204.55.19:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 099932ca2bd11bb7199b743d53f85aac
701258c8138e05d6da3293c71d99ed1771ab965b
ee7d7d2b00daf807d887344419f4d4c03bd65008dc92486385250dca3a3cd42e
GET /favicon.ico HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c
Cookie: tour=42425; affsubid=115443-143429_1669583; reff=http%3A%2F%2Fgo.allison-bangs.com%2F; upgrade_tour=42425; custom_tracking=%5B%22address%22%2C%22ad_type%22%2C%22app_id%22%2C%22app_name%22%2C%22auth_token%22%2C%22a_aid%22%2C%22a_bid%22%2C%22banner%22%2C%22banner_id%22%2C%22banner_size%22%2C%22bn%22%2C%22c%22%2C%22cid%22%2C%22city%22%2C%22clickid%22%2C%22click_id%22%2C%22click_url%22%2C%22cmp_bo%22%2C%22cmp_member_id%22%2C%22consent%22%2C%22dx%22%2C%22email%22%2C%22exotracker%22%2C%22f%22%2C%22fbclid%22%2C%22fbid%22%2C%22first_name%22%2C%22gclid%22%2C%22gdpr%22%2C%22h%22%2C%22hts_id%22%2C%22hx%22%2C%22keyword%22%2C%22landerid%22%2C%22lander_id%22%2C%22last_name%22%2C%22misc_tour_info%22%2C%22niche%22%2C%22np%22%2C%22offer%22%2C%22origin%22%2C%22phone_number%22%2C%22placement%22%2C%22product%22%2C%22product_id%22%2C%22profile_visited%22%2C%22publisher%22%2C%22rcid%22%2C%22referer%22%2C%22reqid%22%2C%22rgc%22%2C%22rgh%22%2C%22rgm%22%2C%22schedule%22%2C%22sdaf%22%2C%22sdfsadf%22%2C%22session_initiated_by%22%2C%22sl%22%2C%22smoochy_user_id%22%2C%22snapchat_username%22%2C%22source%22%2C%22state%22%2C%22street%22%2C%22sv_cheating_mon%22%2C%22template%22%2C%22thumb_id%22%2C%22tracker_id%22%2C%22upgrade_uuid%22%2C%22upg_reason%22%2C%22userage%22%2C%22useremail%22%2C%22userzip%22%2C%22user_id%22%2C%22wellhello_profile_id%22%2C%22wellhello_upgrade_tour%22%2C%22xk%22%2C%22zip%22%5D; prop_bn=38; prop_clickid=pndxb642c966b0009d0c4; prop_hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c; prop_xk=30010050139cc573dab52b79276b3946; guid=07258C2F-F2E1-4CBC-804C-2BC7809811BF; affiliate_115443_is_terminated=0; geoip=%7B%22country_code%22%3A%22NO%22%2C%22country_name%22%3A%22Norway%22%2C%22region%22%3A%22Oslo%22%2C%22city%22%3A%22Oslo%22%2C%22latitude%22%3A59.9127502441%2C%22longitude%22%3A10.7460899353%2C%22zipcode%22%3A%220131%22%2C%22isp_name%22%3A%22Blix%20Group%20AS%22%2C%22mobile_brand%22%3A%22%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
content-length: 135
last-modified: Wed, 29 Mar 2023 13:32:34 GMT
etag: "099932ca2bd11bb7199b743d53f85aac"
x-amz-error-code: NoSuchKey
x-amz-error-message: The specified key does not exist.
x-amz-error-detail-key: favicon.ico
date: Tue, 04 Apr 2023 21:28:28 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xtIA8yiwV7l8SjwmQbvb0XE7XGmKhK4rOCQ9q28NCzqGSZSDp23uMw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13579
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 21:28:29 GMT
Connection: keep-alive
tours.specia1.com/t/872/v1/custom.js
143.204.55.19200 OK 2.2 kB URL HTTP/2 tours.specia1.com/t/872/v1/custom.js
IP 143.204.55.19:0
Hash 93b1e7baf67540372cdc3010fae97042
654d349f7c6ce5343f8cd4fcb5087051f343485f
d93419a5096381e35d40c4ca4108623d9802b41a59262f4a7363fcb05a9255d8
GET /t/872/v1/custom.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript
last-modified: Wed, 29 Mar 2023 13:34:14 GMT
server: AmazonS3
content-encoding: gzip
date: Tue, 04 Apr 2023 21:28:16 GMT
etag: W/"da60e0f1788c52dfee34da8042b8720a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XR9p0vygF8Ktd4-jgNbib0uRLEPqF3-GReBePaHBIHVXSG2jd3ME2Q==
age: 279
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fde7605b95c3ac6b8de339dbd12e17b1
b44d521b31be7b3fe378a0e070c49379a6eab26e
5496cf7c705ccc67dd13f86a07d9a352424d58591aa67afe1e1361c640f8d510
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6803
x-amzn-requestid: 6c78179f-0d11-4a23-8e86-e4f05d7c7f90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0fq3HrioAMF7ww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4645-758850e07ef9b1512b684c35;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:33:57 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: fYzW2B9Nf5JLhQdDSzDsT7h-auY41wg3PSAaSI6U68BNGvtHI99W7A==
via: 1.1 ee32c7a76e2727d565413cc6c352ef48.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:51:49 GMT
age: 85000
etag: "b44d521b31be7b3fe378a0e070c49379a6eab26e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 790b71fc2b1faa08db8b4334c9c3f9e3
e1defe547d4ffca2560cd8f25c4f7a92a9ae87b4
eed429169c9d3feb115463d8ead934fa348cdca60aabf0c88d4553ed23575c9c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10535
x-amzn-requestid: 8efe600f-9818-4c23-afd3-41c5a4dece2f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0frbFHSoAMF8HQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4648-65e8e6fd575fdc91668d6676;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:34:00 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: NhzzKWFDbSlLrixhTlz5sZSW4x_TPkwj7Kzt6M2m1FmXR7ZdBCCq0w==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 22:01:36 GMT
age: 84413
etag: "e1defe547d4ffca2560cd8f25c4f7a92a9ae87b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5f70c40-8b38-48db-b482-a5cc8f1580ef.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5f70c40-8b38-48db-b482-a5cc8f1580ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9d1360ec3cb182322e0a0c445f57e5b7
9f71e3cd002ca8116d917c3b7fb57291099269d1
e3d216e879d771bf2507928ba1b26465c87a4202a4cdc03483f002c2826a81b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5f70c40-8b38-48db-b482-a5cc8f1580ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6912
x-amzn-requestid: 53fcdc8a-e064-4e81-b5ac-5d0ae4bcfdb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0fpuEZ-IAMFxaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b463d-3b7b43f30dd66fae5dc9ea6a;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:33:49 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: I29hcOKFN0L3ivDpD5pWg-Kg22Z10td_Vll6SRScTslvd__JZnJyTg==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:52:12 GMT
age: 84977
etag: "9f71e3cd002ca8116d917c3b7fb57291099269d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeae50b2-4a88-4f71-ae4f-7fd74b695fe8.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeae50b2-4a88-4f71-ae4f-7fd74b695fe8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 80fcfbf9081b3ede0bbbb18635a9cbf4
037891066a15726bb272a8d74f96abb1520b4fe3
5cf70d8254f20aea5ca12439a4558f459d6bbf162f5e1a0f9b62e79de29d4b29
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeae50b2-4a88-4f71-ae4f-7fd74b695fe8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6898
x-amzn-requestid: a56b192d-c797-4521-9af4-e3baaa8e6205
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0frbGsRoAMFjiA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4648-5aeb60706595f7762c545067;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:34:00 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: FntrW1uzEjetZkzVLvN-VUeVu4uWI0ceRV5-OY12YFGq5LQKFfS2mg==
via: 1.1 8ead054384c1626556ee4410cad35692.cloudfront.net (CloudFront), 1.1 f268a165a18929fd0a24a3189fbd16b2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:52:14 GMT
age: 84975
etag: "037891066a15726bb272a8d74f96abb1520b4fe3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ad137bebd56918d96431d867ae123332
8572417b762ea2b1dccc3d4236336456be6be1cf
92a575b8055174a83ac1066e2ff931525760c9b96f3e588077ce0ce24a0a7b46
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8658
x-amzn-requestid: 36fb7671-bd9a-43fc-8920-c5948711d560
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNkNGjHIAMFsBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6429294d-5e753ae346a583ac5cbb42f4;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:05:49 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: UPNt2yE-_295UTjOFpgSxhrl1XjSOSgQVJoEf__wc0y5btcJ9dIT1w==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:23:35 GMT
age: 50694
etag: "8572417b762ea2b1dccc3d4236336456be6be1cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6eccc3c-84ad-4e21-956c-e1be89a82cfa.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6eccc3c-84ad-4e21-956c-e1be89a82cfa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bc87aa979c0767120514f1e4b758ff17
67f5976f5c3664fdddf0df409fd06c6654f2f844
6933b54d13aba860ff4e8c5978ffa4a2e546b15a17c783fcf5d87bfb817a28f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6eccc3c-84ad-4e21-956c-e1be89a82cfa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4815
x-amzn-requestid: 9f83c9c3-43ef-4753-8407-8592386870f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNUVHDcoAMFtNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642928e8-733f938a34d9987746b87996;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:04:08 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 9BppJUd9FJVFIdgyG6EjmTfnhfGUvyf2Zovd7TX2r6HndLV2zdtzpg==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:12:10 GMT
age: 51379
etag: "67f5976f5c3664fdddf0df409fd06c6654f2f844"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tours.specia1.com/t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c
143.204.55.19200 OK 0 B URL HTTP/2 tours.specia1.com/t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c
IP 143.204.55.19:0
GET /t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.allison-bangs.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 29 Mar 2023 13:34:18 GMT
server: AmazonS3
content-encoding: gzip
date: Tue, 04 Apr 2023 21:28:16 GMT
etag: W/"444c28c03205ad0b822f2a43e8c75411"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yAXaLz33-rr9QisHgZiFjo9wBGHM_DwvfuX2qgSs8KzkiicSF6T-8w==
age: 43
X-Firefox-Spdy: h2
tours.specia1.com/t/872/v1/VID_20181217_154147.mp4
143.204.55.19206 Partial Content 0 B URL HTTP/2 tours.specia1.com/t/872/v1/VID_20181217_154147.mp4
IP 143.204.55.19:0
GET /t/872/v1/VID_20181217_154147.mp4 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://tours.specia1.com/t/888/hl/?t=42425&aid=115443&sid=143429_1669583&xk=30010050139cc573dab52b79276b3946&bn=38&gu=http%3A%2F%2Fgo.allison-bangs.com%2Fgo.php%3Ft%3D42425%26aid%3D115443%26sid%3D143429_1669583%26clickid%3Dpndxb642c966b0009d0c4%26hts_id%3Dda6b7fcd-a529-4524-ab65-eca3cee89c4c&clickid=pndxb642c966b0009d0c4&i18n_country=NO&hts_id=da6b7fcd-a529-4524-ab65-eca3cee89c4c
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
content-length: 910056
last-modified: Wed, 29 Mar 2023 13:34:14 GMT
server: AmazonS3
date: Tue, 04 Apr 2023 21:28:16 GMT
etag: "6c3a32bd8094df4abad02ce4c96ccaf2"
vary: Accept-Encoding
content-range: bytes 0-910055/910056
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dqtDqDChQMnZIKM9vXWuI6kngJ2m3Secw6uCp6KVtrd0LSfllWMZNQ==
age: 158
X-Firefox-Spdy: h2