sexstarez.com/pMzWBC?keyword={keyword}&cost={actual_cost}¤cy=usd&external_id={zone_id}&creative_id={variation_id}&ad_campaign_id={campaign_id}&source={src_hostname}&sub_id_1=POPUNDER&sub_id_2=BIDxxxxx&sub_id_3={src_hostname}&sub_id_5=Exo&sub_id_6={campaign_id}
136.244.78.174301 Moved Permanently 0 B URL HTTP/1.1 sexstarez.com/pMzWBC?keyword={keyword}&cost={actual_cost}¤cy=usd&external_id={zone_id}&creative_id={variation_id}&ad_campaign_id={campaign_id}&source={src_hostname}&sub_id_1=POPUNDER&sub_id_2=BIDxxxxx&sub_id_3={src_hostname}&sub_id_5=Exo&sub_id_6={campaign_id}
IP 136.244.78.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pMzWBC?keyword={keyword}&cost={actual_cost}¤cy=usd&external_id={zone_id}&creative_id={variation_id}&ad_campaign_id={campaign_id}&source={src_hostname}&sub_id_1=POPUNDER&sub_id_2=BIDxxxxx&sub_id_3={src_hostname}&sub_id_5=Exo&sub_id_6={campaign_id} HTTP/1.1
Host: sexstarez.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 05 Feb 2023 11:13:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Location: https://sexstarez.com/pMzWBC?keyword=%7Bkeyword%7D&cost=%7Bactual_cost%7D¤cy=usd&external_id=%7Bzone_id%7D&creative_id=%7Bvariation_id%7D&ad_campaign_id=%7Bcampaign_id%7D&source=%7Bsrc_hostname%7D&sub_id_1=POPUNDER&sub_id_2=BIDxxxxx&sub_id_3=%7Bsrc_hostname%7D&sub_id_5=Exo&sub_id_6=%7Bcampaign_id%7D
Pragma: no-cache
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5498
Expires: Sun, 05 Feb 2023 12:45:28 GMT
Date: Sun, 05 Feb 2023 11:13:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6489
Expires: Sun, 05 Feb 2023 13:01:59 GMT
Date: Sun, 05 Feb 2023 11:13:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 10:36:17 GMT
content-type: application/json
age: 2253
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21113
Expires: Sun, 05 Feb 2023 17:05:43 GMT
Date: Sun, 05 Feb 2023 11:13:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xTIIFP9GmtAb2w8B7ck83t30aTsjebMJ+A/946vcQ7AwPpBJz6WN4Sm5vcBiomCGsNURxlLz974=
x-amz-request-id: 9AP0GPSC5R2PFXPV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 10:53:14 GMT
age: 1236
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 11:13:50 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 52ef1fd13bbf1ee1c7f3fb9b72ac727c
60f1372caad2df68406cd770cbfb5dd345603b07
b6773b77441e778b5e0a0affe66473c750e8d4dfef7f769cf57a913b65955459
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6773B77441E778B5E0A0AFFE66473C750E8D4DFEF7F769CF57A913B65955459"
Last-Modified: Sun, 05 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=647
Expires: Sun, 05 Feb 2023 11:24:37 GMT
Date: Sun, 05 Feb 2023 11:13:50 GMT
Connection: keep-alive
sexstarez.com/pMzWBC?keyword=%7Bkeyword%7D&cost=%7Bactual_cost%7D¤cy=usd&external_id=%7Bzone_id%7D&creative_id=%7Bvariation_id%7D&ad_campaign_id=%7Bcampaign_id%7D&source=%7Bsrc_hostname%7D&sub_id_1=POPUNDER&sub_id_2=BIDxxxxx&sub_id_3=%7Bsrc_hostname%7D&sub_id_5=Exo&sub_id_6=%7Bcampaign_id%7D
136.244.78.174302 Found 0 B URL HTTP/1.1 sexstarez.com/pMzWBC?keyword=%7Bkeyword%7D&cost=%7Bactual_cost%7D¤cy=usd&external_id=%7Bzone_id%7D&creative_id=%7Bvariation_id%7D&ad_campaign_id=%7Bcampaign_id%7D&source=%7Bsrc_hostname%7D&sub_id_1=POPUNDER&sub_id_2=BIDxxxxx&sub_id_3=%7Bsrc_hostname%7D&sub_id_5=Exo&sub_id_6=%7Bcampaign_id%7D
IP 136.244.78.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pMzWBC?keyword=%7Bkeyword%7D&cost=%7Bactual_cost%7D¤cy=usd&external_id=%7Bzone_id%7D&creative_id=%7Bvariation_id%7D&ad_campaign_id=%7Bcampaign_id%7D&source=%7Bsrc_hostname%7D&sub_id_1=POPUNDER&sub_id_2=BIDxxxxx&sub_id_3=%7Bsrc_hostname%7D&sub_id_5=Exo&sub_id_6=%7Bcampaign_id%7D HTTP/1.1
Host: sexstarez.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 05 Feb 2023 11:13:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Location: https://go.moartraffic.com/go.php?t=52593&aid=147136&sid=Exo_%7Bcampaign_id%7D&click_id=s8hnpa17llm
Pragma: no-cache
Set-Cookie: _subid=s8hnpa17llm;Expires=Wednesday, 08-Mar-2023 11:13:50 GMT;Max-Age=2678400;Path=/
e6c81=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE3XCI6MTY3NTU5NTYzMH0sXCJjYW1wYWlnbnNcIjp7XCIxNVwiOjE2NzU1OTU2MzB9LFwidGltZVwiOjE2NzU1OTU2MzB9In0.M6CRitopA6GTlvXn7-lieGZWwCTytQIAHsMOKM7Lxss;Expires=Thursday, 12-Mar-2076 22:27:40 GMT;Max-Age=1675682030;Path=/
_token=uuid_s8hnpa17llm_s8hnpa17llm63df8f6ea82a73.19991509;Expires=Wednesday, 08-Mar-2023 11:13:50 GMT;Max-Age=2678400;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 11:07:20 GMT
age: 390
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 30a941492060ef259a457c7e6f73c981
7fa9f4a868f76a348ac0341a5abbec766ea56fdd
8ff6178e627786a8405e0073e65d0ce33fb4f6315846962e525ff2cb93c3f97e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8FF6178E627786A8405E0073E65D0CE33FB4F6315846962E525FF2CB93C3F97E"
Last-Modified: Sun, 05 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10917
Expires: Sun, 05 Feb 2023 14:15:48 GMT
Date: Sun, 05 Feb 2023 11:13:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4258
Expires: Sun, 05 Feb 2023 12:24:49 GMT
Date: Sun, 05 Feb 2023 11:13:51 GMT
Connection: keep-alive
push.services.mozilla.com/
54.201.249.32101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.201.249.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8EXvGMGxsPsfaIz24vgxNw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1vegwSjVF/YSYlzxGgDf7hujuE0=
go.moartraffic.com/go.php?t=52593&aid=147136&sid=Exo_%7Bcampaign_id%7D&click_id=s8hnpa17llm
64.188.52.46200 OK 533 B URL HTTP/1.1 go.moartraffic.com/go.php?t=52593&aid=147136&sid=Exo_%7Bcampaign_id%7D&click_id=s8hnpa17llm
IP 64.188.52.46:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (399)
Hash 2aa1a91aeee7c0564c032cadc651d74d
f61af38c0427260969f29ef947b38daf9f6ac1a5
fbc73d876f13e506517b510a4c7c3f467eddcdfeeb5d94f042d6b97dc0d1dea6
GET /go.php?t=52593&aid=147136&sid=Exo_%7Bcampaign_id%7D&click_id=s8hnpa17llm HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:13:51 GMT
server: Apache
set-cookie: bd_ovtu=1; expires=Mon, 06-Feb-2023 11:13:51 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdreff=NONE; expires=Fri, 04-Aug-2023 11:13:51 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
tour=53231; expires=Fri, 04-Aug-2023 11:13:51 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
affsubid=147136-Exo_%7Bcampaign_id%7D; expires=Fri, 04-Aug-2023 11:13:51 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
bdvisit=147136; expires=Mon, 06-Feb-2023 11:13:51 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdcounter=1; expires=Mon, 06-Feb-2023 11:13:51 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
xk=c0d190b21bf862d08c6fee2fc66ff8bf; expires=Fri, 04-Aug-2023 11:13:51 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-robots-tag: otherbot: noindex, nofollow, googlebot: noindex, nofollow
vary: Accept-Encoding
content-encoding: gzip
content-length: 533
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
go.moartraffic.com/native.history.js
64.188.52.46200 OK 6.5 kB URL HTTP/1.1 go.moartraffic.com/native.history.js
IP 64.188.52.46:0
File type ASCII text, with very long lines (22102), with no line terminators
Hash 8353bbacfdb868f80448dcdb30c2e2d2
7232562be4f0f7a1aaa403c9d6c5d2ed17345cfd
fd7be3058aae52c67b43703962b3b6039b0ac2709a82a68a150aebae3e19ae38
GET /native.history.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=52593&aid=147136&sid=Exo_%7Bcampaign_id%7D&click_id=s8hnpa17llm
Cookie: bd_ovtu=1; bdreff=NONE; tour=53231; affsubid=147136-Exo_%7Bcampaign_id%7D; bdvisit=147136; bdcounter=1; xk=c0d190b21bf862d08c6fee2fc66ff8bf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:13:51 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 6519
x-content-type-options: nosniff
go.moartraffic.com/go.min.js
64.188.52.46200 OK 221 B URL HTTP/1.1 go.moartraffic.com/go.min.js
IP 64.188.52.46:0
File type ASCII text, with very long lines (305)
Hash 77d3c60f4f2cc6ab7f7c0f9187dfd6fe
7a8ce851238850aeadfb637638c52891aeb53c42
98de9958ac1d81fdeea1f165dfe95f2da4d7e592f452d7c8ca699a1c914e3f2e
GET /go.min.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=52593&aid=147136&sid=Exo_%7Bcampaign_id%7D&click_id=s8hnpa17llm
Cookie: bd_ovtu=1; bdreff=NONE; tour=53231; affsubid=147136-Exo_%7Bcampaign_id%7D; bdvisit=147136; bdcounter=1; xk=c0d190b21bf862d08c6fee2fc66ff8bf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:13:52 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 221
x-content-type-options: nosniff
go.moartraffic.com/favicon.ico
64.188.52.46200 OK 198 B URL HTTP/1.1 go.moartraffic.com/favicon.ico
IP 64.188.52.46:0
File type MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Hash c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b
GET /favicon.ico HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=52593&aid=147136&sid=Exo_%7Bcampaign_id%7D&click_id=s8hnpa17llm
Cookie: bd_ovtu=1; bdreff=NONE; tour=53231; affsubid=147136-Exo_%7Bcampaign_id%7D; bdvisit=147136; bdcounter=1; xk=c0d190b21bf862d08c6fee2fc66ff8bf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:13:52 GMT
server: Apache
last-modified: Fri, 03 Feb 2023 11:22:19 GMT
etag: "c6-5f3c9e504d0c5"
accept-ranges: bytes
content-length: 198
content-type: image/vnd.microsoft.icon
x-content-type-options: nosniff
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 27686a8e92ac946e8d3f1b69072525f1
8873cd0cfc4474d864418d259769cba135801048
7f31c0393850b0a7f6ed8a9f6ee046d8b7d09d9e3fbb86426f1279da21adff31
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 11:13:52 GMT
Etag: "63deb27a-1d7"
Server: ECS (dcb/7F60)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IHyjq-np2487T-SjVhEYYakijHZGD0MTf6phwzdldB0lW6kcXvJQTA==
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4886
Expires: Sun, 05 Feb 2023 12:35:18 GMT
Date: Sun, 05 Feb 2023 11:13:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4886
Expires: Sun, 05 Feb 2023 12:35:18 GMT
Date: Sun, 05 Feb 2023 11:13:52 GMT
Connection: keep-alive
tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
143.204.55.34200 OK 4.3 kB URL HTTP/2 tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
IP 143.204.55.34:0
Hash 7c98e9677ee826e40da58576626630e6
f2aa58bf656edf3369ecd7ae9c477b21b783e30c
7a92a45d618250e1ffb29d311c7d5a29b57ba00f12d460fcf4c7288529839d72
GET /t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 01 Feb 2023 12:33:22 GMT
server: AmazonS3
content-encoding: gzip
date: Sun, 05 Feb 2023 11:09:25 GMT
etag: W/"462637b619dce9434733f891fc06d8b9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: W1oZ2fdAOqyTas6tLL9Hrjr5b_5cwBJqaDemgWI0_c5HlY_TTjt4DQ==
age: 268
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4886
Expires: Sun, 05 Feb 2023 12:35:18 GMT
Date: Sun, 05 Feb 2023 11:13:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4886
Expires: Sun, 05 Feb 2023 12:35:18 GMT
Date: Sun, 05 Feb 2023 11:13:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 27053
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WVfpilnwhnRXBhJkHBWjxxoP09f7SqlRk8CdWRWOubIIwe0CX89bUA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:09:58 GMT
age: 47034
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 11:30:27 GMT
age: 85405
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 11:30:27 GMT
age: 85405
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d53279-1206-40a7-be9b-b504e0748218.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d53279-1206-40a7-be9b-b504e0748218.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7fff69db25a1c7a3fbe154a3c80ac5aa
638e08807f73b70ab87b804816f9eb3e8dd2aa74
be96b347ba90dda9c39975077d963ff875831a14a4269e28edc0d2f80928bba6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d53279-1206-40a7-be9b-b504e0748218.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: af4c4533-48b8-4b02-951a-3e61933fb126
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3fyFrMoAMFr_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c64-0346b30d0ded67912070f671;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IJBXK8DSlmaj48MVSTo-8A69jOe3x2cvnZYRLfyXZ7jZWqsMbTZsEg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:26 GMT
age: 48626
etag: "638e08807f73b70ab87b804816f9eb3e8dd2aa74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5beaead015b2b4fb6d36009926ba0378
67e7c49ea7648fc6d1dffc22588862c993b785b7
6ae0cec9ade23fd53e9c1407b0324a8060892a65a6b675ccffa4a4c82b66f1ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 280f7003-2696-4a82-bd50-82b0a2b66faf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsSpoEA0oAMFSBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db3170-35dcb9513c891af201b973d1;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 03:43:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IxfTibTq6T_wq9a5YCIBZLBb70BI7AOLEAYMYYuMZPhvVKjDbFfrvA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:52:08 GMT
etag: "67e7c49ea7648fc6d1dffc22588862c993b785b7"
content-type: image/jpeg
age: 48104
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tours.specia1.com/t/2263/images/logo_white_2.png
143.204.55.34200 OK 9.1 kB URL HTTP/2 tours.specia1.com/t/2263/images/logo_white_2.png
IP 143.204.55.34:0
File type PNG image data, 501 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 6fe25a4f0710d67fc21726fdfb5e73d0
eb70dff6051828ec62ad2d2e5c863d36be3ee4a8
3d95583dbaecdc3ee7f88d48a9cc6832fb628ed75580e76f9aa10a5d03e4ad6a
GET /t/2263/images/logo_white_2.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 9132
last-modified: Wed, 01 Feb 2023 12:33:22 GMT
server: AmazonS3
date: Sun, 05 Feb 2023 11:10:55 GMT
etag: "6fe25a4f0710d67fc21726fdfb5e73d0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: D8GIE9hXQ8mWGqKsP3wWPU61OlYka5dHq78bCisby6wy9WANNQZxSA==
age: 178
X-Firefox-Spdy: h2
tours.specia1.com/t/2263/images/logo_black_2.png
143.204.55.34200 OK 10 kB URL HTTP/2 tours.specia1.com/t/2263/images/logo_black_2.png
IP 143.204.55.34:0
File type PNG image data, 501 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash ffb66174418fa434555a80759d6532f9
eaeda463262a30b33008f0c5b9206768b2030f30
0d6ddbad5957f2f83b0cd020c13d0cabee057778f042c2a68600075c426fe1cc
GET /t/2263/images/logo_black_2.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 10055
last-modified: Wed, 01 Feb 2023 12:33:22 GMT
server: AmazonS3
date: Sun, 05 Feb 2023 11:09:01 GMT
etag: "ffb66174418fa434555a80759d6532f9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bLxHhMTYAB3d3OY38zjPOp-sy5uYcYrpwuLwxZ2EqASW8a9rcUygqg==
age: 292
X-Firefox-Spdy: h2
tours.specia1.com/t/2263/images/address.png
143.204.55.34200 OK 1.4 kB URL HTTP/2 tours.specia1.com/t/2263/images/address.png
IP 143.204.55.34:0
File type PNG image data, 33 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash bd9476d9f407e290f817f77a0bf37674
3862e9f828f2241182269654dcc00d6e8c7f3927
2d56035b1871d7689d1a95dd4b9d38ab9ebf0bc2e0a0b59f474fe2f39816c690
GET /t/2263/images/address.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 1384
last-modified: Wed, 01 Feb 2023 12:33:21 GMT
server: AmazonS3
date: Sun, 05 Feb 2023 11:10:56 GMT
etag: "bd9476d9f407e290f817f77a0bf37674"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1RhfGjoXWC6NMIMsLwe1PWSIYxRUhXwFekLCnfMdQofk_r6a_dmMDQ==
age: 177
X-Firefox-Spdy: h2
use.typekit.net/mrt4etr.css
23.36.76.122200 OK 730 B URL HTTP/2 use.typekit.net/mrt4etr.css
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (516)
Hash 48d569c2132e78b226cef321f1b56ad0
9ed81741274a95adda0e52e13a8dd02ccf93ba1a
b6d7366398fc003517f8d67147ed22c7711a7248524f0771498481dd247f5701
GET /mrt4etr.css HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 730
date: Sun, 05 Feb 2023 11:13:52 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9aa8ebe5c25a1b0708176ec45fa3d102
7f3e4b20d83d3a1c6115d6d516c2ccf8ebbb8fb0
ae106fae549a09fdbfd0c6a7075104191f0d9d9f4e749c538c25da20135da9d4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2561
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:13:52 GMT
Last-Modified: Sun, 05 Feb 2023 10:31:11 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
p.typekit.net/p.css?s=1&k=mrt4etr&ht=tk&f=24539.24540.24547.24548&a=8479565&app=typekit&e=css
23.36.76.122200 OK 5 B URL HTTP/2 p.typekit.net/p.css?s=1&k=mrt4etr&ht=tk&f=24539.24540.24547.24548&a=8479565&app=typekit&e=css
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
Hash 83d24d4b43cc7eef2b61e66c95f3d158
f0cafc285ee23bb6c28c5166f305493c4331c84d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
GET /p.css?s=1&k=mrt4etr&ht=tk&f=24539.24540.24547.24548&a=8479565&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/css
content-length: 5
last-modified: Thu, 28 Jul 2022 22:24:50 GMT
etag: "62e30cb2-5"
cache-control: public, max-age=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
date: Sun, 05 Feb 2023 11:13:52 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash f1508822ae4316673036e763bb4292fd
b65be51e597a546fd55ee16daab7d56e4ae5a4c2
5f9b530c407f8f1e5daad653e95a17ccaad7dc1fe1dd7ebc57611d7cd4cf8082
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=115738
Date: Sun, 05 Feb 2023 11:13:52 GMT
Etag: "63deae45-1d7"
Expires: Mon, 06 Feb 2023 19:22:50 GMT
Last-Modified: Sat, 04 Feb 2023 19:13:09 GMT
Server: ECS (dcb/7FA6)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ve3bjndDiuRMmXAAJCbeHsflkGMKOpy7zlK5J_t2xpHGjU6j_dAIXg==
Age: 581
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash f1508822ae4316673036e763bb4292fd
b65be51e597a546fd55ee16daab7d56e4ae5a4c2
5f9b530c407f8f1e5daad653e95a17ccaad7dc1fe1dd7ebc57611d7cd4cf8082
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=118220
Date: Sun, 05 Feb 2023 11:13:52 GMT
Etag: "63deae45-1d7"
Expires: Mon, 06 Feb 2023 20:04:12 GMT
Last-Modified: Sat, 04 Feb 2023 19:13:09 GMT
Server: ECS (dcb/7F5E)
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3-zyi_ar0nA2FoPGHIJea06nVBqiaCgQ30UoYpdUXDgTWArNe3x4Uw==
Age: 3063
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 0f9644b403571eecc3d22d52b7d7516f
8d7fb0c894c57ea92728f2b2ac69a71017ba3bcb
9a5d4e92d4c9b95f24d865fe1845bbc16f35ae4755943b0447beb6e316c558f3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 11:13:52 GMT
Etag: "63de7d0f-1d7"
Last-Modified: Sun, 05 Feb 2023 09:59:06 GMT
Server: ECS (dcb/7FA5)
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: s4gs4p22q5mmJOoymz0CvcwS2ta1zndYHhmnr1D3UlJYG4ThwGPX_g==
Age: 4486
cdn.tours-78-94.wellhello.com/snapcheat/img/svg/arrow.svg
54.230.111.123200 OK 867 B URL HTTP/2 cdn.tours-78-94.wellhello.com/snapcheat/img/svg/arrow.svg
IP 54.230.111.123:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d1482bd31dde1707b316f22bbe818ff4
98b63cc34e21b7d3092b70c00dc5a579ce0825ba
6efee9ca3dd0b249814e53fab132821a3c1b5370fdb02c704947399485ec43b9
Analyzer Verdict Alert fortinet Phishing
GET /snapcheat/img/svg/arrow.svg HTTP/1.1
Host: cdn.tours-78-94.wellhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 867
date: Mon, 29 Aug 2022 01:29:26 GMT
server: nginx
last-modified: Fri, 26 Aug 2022 17:05:55 GMT
etag: "6308fd73-363"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iTJuxPSq_-oEJ6ork4fIk8JWfA7gzs904acZReHuFvNjuXUDTpFREg==
age: 13859066
X-Firefox-Spdy: h2
cdn.tours-78-94.wellhello.com/instantcheat/imgs/arrow.svg
54.230.111.123200 OK 867 B URL HTTP/2 cdn.tours-78-94.wellhello.com/instantcheat/imgs/arrow.svg
IP 54.230.111.123:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d1482bd31dde1707b316f22bbe818ff4
98b63cc34e21b7d3092b70c00dc5a579ce0825ba
6efee9ca3dd0b249814e53fab132821a3c1b5370fdb02c704947399485ec43b9
Analyzer Verdict Alert fortinet Phishing
GET /instantcheat/imgs/arrow.svg HTTP/1.1
Host: cdn.tours-78-94.wellhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 867
date: Thu, 01 Sep 2022 02:07:19 GMT
server: nginx
last-modified: Fri, 26 Aug 2022 17:05:54 GMT
etag: "6308fd72-363"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Wu0ZYK_YqloDnuvAtvqts5ynrmYc2wn701r6CGbohDVmiHDTPM0_kg==
age: 13597593
X-Firefox-Spdy: h2
use.typekit.net/af/4cc789/00000000000000003b9b46ed/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
23.36.76.122200 OK 47 kB URL HTTP/2 use.typekit.net/af/4cc789/00000000000000003b9b46ed/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 47364, version 1.0\012- data
Hash 17d1dd61c2ca9a1f49ed95d672e98137
f6aad362b6d2ca35f2074439ecc85fd028fa91e0
b3db5b321134954282781d3367d7914e8a8cf5285dc35427820ecd889df5ff5a
GET /af/4cc789/00000000000000003b9b46ed/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 47364
etag: "f9c1c4c847938c564b6f041956a850b045edf78a"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Sun, 05 Feb 2023 11:13:52 GMT
X-Firefox-Spdy: h2
utl-1.com/1.6.42/mst2.min.js
143.204.55.32200 OK 18 kB URL HTTP/2 utl-1.com/1.6.42/mst2.min.js
IP 143.204.55.32:0
File type ASCII text, with very long lines (17794), with no line terminators
Hash 3a2e1fe5f9de68d28807b0b5675235f4
1ec71f3bf36850118f94eacb5c7949f449b3a0b7
252d3a0ef9c3754cdf38a02570d1a84fa4d94d53ac2eaeeada2e141f9c11a2e2
GET /1.6.42/mst2.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 17794
date: Tue, 20 Sep 2022 14:24:04 GMT
last-modified: Fri, 16 Sep 2022 14:37:04 GMT
etag: "3a2e1fe5f9de68d28807b0b5675235f4"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QJR0zYgI4ggQRI1VNTkmZpYdSUqc_SoSg-kyc5YaeG3JV0m6xeY6ag==
age: 11911789
X-Firefox-Spdy: h2
use.typekit.net/af/02ad94/00000000000000003b9b46f3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
23.36.76.122200 OK 48 kB URL HTTP/2 use.typekit.net/af/02ad94/00000000000000003b9b46f3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 48496, version 1.0\012- data
Hash 95fbd058cd64c46fafd4d7b223761e51
467d1a7ae11b5d3776c646768f3bcd0986c6500a
547b25285152529ca4f1cf1866154c61f5d92fd3d090d7f976d741f6551e321a
GET /af/02ad94/00000000000000003b9b46f3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 48496
etag: "4589238bed773a5851c5884d8dd0501591bd1cb5"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Sun, 05 Feb 2023 11:13:52 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 0f9644b403571eecc3d22d52b7d7516f
8d7fb0c894c57ea92728f2b2ac69a71017ba3bcb
9a5d4e92d4c9b95f24d865fe1845bbc16f35ae4755943b0447beb6e316c558f3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 11:13:52 GMT
Etag: "63de7d0f-1d7"
Server: ECS (dcb/7ECB)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BPOX2XlSZEgwW-o-Nf9qoUsCZf6pP35alY-pAgkIEVY7ODmB2ysAow==
utl-1.com/1.6.42/utl.min.js
143.204.55.32200 OK 312 kB URL HTTP/2 utl-1.com/1.6.42/utl.min.js
IP 143.204.55.32:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 312 kB (312299 bytes)
Hash 1ebaf1813111fc553ecbb1e5b1ee667b
e14cd8c0503102bf8519ac281839b5a307528604
c6dca79a9e9adc2437fbb52fa10254a664aaa35a06ba9c3ee0f03851c87498e5
GET /1.6.42/utl.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 312299
date: Tue, 20 Sep 2022 10:48:16 GMT
last-modified: Fri, 16 Sep 2022 14:37:04 GMT
etag: "1ebaf1813111fc553ecbb1e5b1ee667b"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7M3SVKZpJtIbCHXtMTYapm7GwqBvyPgdBmCzc1QslmdRHzEJbGbmuw==
age: 11924737
X-Firefox-Spdy: h2
tours.specia1.com/t/2263/qkkie_chicktok-1.mp4
143.204.55.34206 Partial Content 22 kB URL HTTP/2 tours.specia1.com/t/2263/qkkie_chicktok-1.mp4
IP 143.204.55.34:0
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Hash 6135cc780d511b9188a2d05895d67552
c015a1c7007a0e83667d45100b63fd1e17c5ff34
f125a8d95dd83db2536b9e6fb327cc7fe62eaed9cac2d6907f401d90a9d8c96f
GET /t/2263/qkkie_chicktok-1.mp4 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
content-length: 1417974
last-modified: Wed, 01 Feb 2023 12:33:22 GMT
server: AmazonS3
date: Sun, 05 Feb 2023 11:10:02 GMT
etag: "cf340b48752036c064fea34dd809e582"
vary: Accept-Encoding
content-range: bytes 0-1417973/1417974
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6UtyUUM5Ancw1dCNMJP_yDULAMVKWoAkQ0xizuY-p-rCUBwmk_iTMA==
age: 231
X-Firefox-Spdy: h2
tours.specia1.com/assets/specia1/ga.js?_=1675595673023
143.204.55.34200 OK 392 B URL HTTP/2 tours.specia1.com/assets/specia1/ga.js?_=1675595673023
IP 143.204.55.34:0
Hash eac15786f9b8937b5689ddf3faf0351d
c3bc0f68e5b6ec584c0034c1264ce966d354f341
6003f930e7a6ff14bd5520a7324f5a4ffcecbd182aaff2e8ace7ec65d885aa45
GET /assets/specia1/ga.js?_=1675595673023 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
Cookie: tour=53231; affsubid=147136-Exo_%7Bcampaign_id%7D; reff=https%3A%2F%2Fgo.moartraffic.com%2F; upgrade_tour=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 392
last-modified: Wed, 01 Feb 2023 12:32:33 GMT
server: AmazonS3
date: Sun, 05 Feb 2023 11:11:21 GMT
etag: "eac15786f9b8937b5689ddf3faf0351d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hsN6DCElwLnREd9miv7j4W_OwVNCn78HfAVonk3XlfdGl0A2WOUIQA==
age: 245
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e10ffc0fa3c9c5008f8a32202e3b618
91e1c97100e3a99bfb360635edbe52efc3a8bd04
1274fcc9eae3ca8981a960fab60ca57ec5d0848a05df1da3a3e34ee686593516
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1274FCC9EAE3CA8981A960FAB60CA57EC5D0848A05DF1DA3A3E34EE686593516"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3304
Expires: Sun, 05 Feb 2023 12:08:57 GMT
Date: Sun, 05 Feb 2023 11:13:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e10ffc0fa3c9c5008f8a32202e3b618
91e1c97100e3a99bfb360635edbe52efc3a8bd04
1274fcc9eae3ca8981a960fab60ca57ec5d0848a05df1da3a3e34ee686593516
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1274FCC9EAE3CA8981A960FAB60CA57EC5D0848A05DF1DA3A3E34EE686593516"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18796
Expires: Sun, 05 Feb 2023 16:27:09 GMT
Date: Sun, 05 Feb 2023 11:13:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e10ffc0fa3c9c5008f8a32202e3b618
91e1c97100e3a99bfb360635edbe52efc3a8bd04
1274fcc9eae3ca8981a960fab60ca57ec5d0848a05df1da3a3e34ee686593516
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1274FCC9EAE3CA8981A960FAB60CA57EC5D0848A05DF1DA3A3E34EE686593516"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3304
Expires: Sun, 05 Feb 2023 12:08:57 GMT
Date: Sun, 05 Feb 2023 11:13:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e10ffc0fa3c9c5008f8a32202e3b618
91e1c97100e3a99bfb360635edbe52efc3a8bd04
1274fcc9eae3ca8981a960fab60ca57ec5d0848a05df1da3a3e34ee686593516
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1274FCC9EAE3CA8981A960FAB60CA57EC5D0848A05DF1DA3A3E34EE686593516"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3393
Expires: Sun, 05 Feb 2023 12:10:26 GMT
Date: Sun, 05 Feb 2023 11:13:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e10ffc0fa3c9c5008f8a32202e3b618
91e1c97100e3a99bfb360635edbe52efc3a8bd04
1274fcc9eae3ca8981a960fab60ca57ec5d0848a05df1da3a3e34ee686593516
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1274FCC9EAE3CA8981A960FAB60CA57EC5D0848A05DF1DA3A3E34EE686593516"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18881
Expires: Sun, 05 Feb 2023 16:28:34 GMT
Date: Sun, 05 Feb 2023 11:13:53 GMT
Connection: keep-alive
secure.authbill.com/tour/api.php
68.169.87.223200 OK 56 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type ASCII text, with no line terminators
Hash de03dc48295bf2b6249b483c41445071
0bdaed4f46ab57396fd5cdd0f824b757e3da5447
a2f24821c77776d122a6c4ca9e283e9d223c6c569a560702b08685914d4a7e27
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:13:53 GMT
server: Apache
set-cookie: PHPSESSID=237E~4d5f5e51aa7943b96b240137bcee1b15; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 56
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
104.18.217.65200 OK 5.9 kB URL HTTP/2 cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
IP 104.18.217.65:0
File type HTML document text\012- HTML document, ASCII text
Hash 128da97940445bd15a79ce5d8a2aca81
4ac79b0d06ab0a8bd8e6bb5948a4525fab3514e4
d1e1afce820f0c1c5395b8ce0eac2149915a34cef7c877020d111c4f54412f02
GET /scripts/sak/iz_setcid.html?v=1 HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 11:13:52 GMT
content-type: text/html
last-modified: Tue, 05 Apr 2022 12:00:20 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cache-control: public, max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 1499070
expires: Wed, 08 Mar 2023 11:13:52 GMT
server: cloudflare
cf-ray: 794b3821fb370b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure.authbill.com/tour/api.php
68.169.87.223200 OK 385 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with very long lines (804), with no line terminators
Hash 673c190a4e2e73a6d3038928b8598f4c
6318b3faf1ccacf7f381d3c423d6a9882950c24c
39c4489106d62ae1d75f7c483c1a1a15311010cfe8445440c74d7582c6bba28c
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:13:53 GMT
server: Apache
set-cookie: PHPSESSID=74D2~7750826346ff50ab048b75a6f7f1154f; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 385
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 21 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type very short file (no magic)
Hash 7ac8c27439ed6e2a30373651a2898777
1249bc89db36deb369d6388319453f015bd83e04
e240a7a561e7c84b32d4695ddc4c0d6c38a8e0c3f2581711c1971680f033437e
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:13:53 GMT
server: Apache
set-cookie: PHPSESSID=4DD2~7fd18ced1481c8a3fdcd321ba58a8f9e; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 21
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 159 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:13:53 GMT
server: Apache
set-cookie: PHPSESSID=D420~a6fe5a6f0dddee459de23e67dba4c0f9; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 159 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:13:53 GMT
server: Apache
set-cookie: PHPSESSID=237E~7c5e6fcbe561a4bab61012820a13c0ce; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 20 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 651
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:13:53 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
set-cookie: PHPSESSID=4DD2~2061870f3618600db8c9e69eb3a8804b; path=/; secure; HttpOnly
bd_ovtu=11; expires=Mon, 06-Feb-2023 11:13:53 GMT; Max-Age=86400; path=/; domain=.authbill.com
vary: Accept-Encoding
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sun, 05 Feb 2023 09:45:20 GMT
expires: Sun, 05 Feb 2023 11:45:20 GMT
cache-control: public, max-age=7200
age: 5313
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&_v=j99&a=963487168&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F2263%2F%3Ft%3D53231%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26xk%3Dc0d190b21bf862d08c6fee2fc66ff8bf%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D52593%2526aid%253D147136%2526sid%253DExo_%25257Bcampaign_id%25257D%2526click_id%253Ds8hnpa17llm%2526hts_id%253Da1e42991-4de7-4672-a6d4-d5a93cbecfb7%26click_id%3Ds8hnpa17llm%26i18n_country%3DNO%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=ChickTok&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2053231&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1476317217.1675595674&tid=UA-148167200-1&_gid=1790578724.1675595674&z=1427177810
142.250.74.46200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&_v=j99&a=963487168&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F2263%2F%3Ft%3D53231%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26xk%3Dc0d190b21bf862d08c6fee2fc66ff8bf%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D52593%2526aid%253D147136%2526sid%253DExo_%25257Bcampaign_id%25257D%2526click_id%253Ds8hnpa17llm%2526hts_id%253Da1e42991-4de7-4672-a6d4-d5a93cbecfb7%26click_id%3Ds8hnpa17llm%26i18n_country%3DNO%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=ChickTok&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2053231&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1476317217.1675595674&tid=UA-148167200-1&_gid=1790578724.1675595674&z=1427177810
IP 142.250.74.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j99&a=963487168&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F2263%2F%3Ft%3D53231%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26xk%3Dc0d190b21bf862d08c6fee2fc66ff8bf%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D52593%2526aid%253D147136%2526sid%253DExo_%25257Bcampaign_id%25257D%2526click_id%253Ds8hnpa17llm%2526hts_id%253Da1e42991-4de7-4672-a6d4-d5a93cbecfb7%26click_id%3Ds8hnpa17llm%26i18n_country%3DNO%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=ChickTok&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2053231&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1476317217.1675595674&tid=UA-148167200-1&_gid=1790578724.1675595674&z=1427177810 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sat, 04 Feb 2023 15:06:36 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 72437
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=963487168&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F2263%2F%3Ft%3D53231%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26xk%3Dc0d190b21bf862d08c6fee2fc66ff8bf%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D52593%2526aid%253D147136%2526sid%253DExo_%25257Bcampaign_id%25257D%2526click_id%253Ds8hnpa17llm%2526hts_id%253Da1e42991-4de7-4672-a6d4-d5a93cbecfb7%26click_id%3Ds8hnpa17llm%26i18n_country%3DNO%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=ChickTok&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2053231&ec=Tour%3A%2053231&ea=Current%20step%3A%2001&el=Total%20steps%3A%2015&_u=YEBAAEABAAAAACAAI~&jid=1344369735&gjid=897012654&cid=1476317217.1675595674&tid=UA-148167200-1&_gid=1790578724.1675595674&_r=1&_slc=1&z=1016372097
142.250.74.46200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=963487168&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F2263%2F%3Ft%3D53231%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26xk%3Dc0d190b21bf862d08c6fee2fc66ff8bf%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D52593%2526aid%253D147136%2526sid%253DExo_%25257Bcampaign_id%25257D%2526click_id%253Ds8hnpa17llm%2526hts_id%253Da1e42991-4de7-4672-a6d4-d5a93cbecfb7%26click_id%3Ds8hnpa17llm%26i18n_country%3DNO%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=ChickTok&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2053231&ec=Tour%3A%2053231&ea=Current%20step%3A%2001&el=Total%20steps%3A%2015&_u=YEBAAEABAAAAACAAI~&jid=1344369735&gjid=897012654&cid=1476317217.1675595674&tid=UA-148167200-1&_gid=1790578724.1675595674&_r=1&_slc=1&z=1016372097
IP 142.250.74.46:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j99&a=963487168&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F2263%2F%3Ft%3D53231%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26xk%3Dc0d190b21bf862d08c6fee2fc66ff8bf%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D52593%2526aid%253D147136%2526sid%253DExo_%25257Bcampaign_id%25257D%2526click_id%253Ds8hnpa17llm%2526hts_id%253Da1e42991-4de7-4672-a6d4-d5a93cbecfb7%26click_id%3Ds8hnpa17llm%26i18n_country%3DNO%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=ChickTok&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2053231&ec=Tour%3A%2053231&ea=Current%20step%3A%2001&el=Total%20steps%3A%2015&_u=YEBAAEABAAAAACAAI~&jid=1344369735&gjid=897012654&cid=1476317217.1675595674&tid=UA-148167200-1&_gid=1790578724.1675595674&_r=1&_slc=1&z=1016372097 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
date: Sun, 05 Feb 2023 11:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-148167200-1&cid=1476317217.1675595674&jid=1344369735&gjid=897012654&_gid=1790578724.1675595674&_u=YEBAAEAAAAAAACAAI~&z=2020606291
64.233.165.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-148167200-1&cid=1476317217.1675595674&jid=1344369735&gjid=897012654&_gid=1790578724.1675595674&_u=YEBAAEAAAAAAACAAI~&z=2020606291
IP 64.233.165.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-148167200-1&cid=1476317217.1675595674&jid=1344369735&gjid=897012654&_gid=1790578724.1675595674&_u=YEBAAEAAAAAAACAAI~&z=2020606291 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 05 Feb 2023 11:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js
104.18.217.65200 OK 1.5 kB URL HTTP/2 cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js
IP 104.18.217.65:0
File type ASCII text, with very long lines (2530), with no line terminators
Hash c5046a87da73546cbac5c5062136eab0
db2cfdf0551277c5748953c95cb93ec95a4a1b2d
79eba5253f4ee1b197d3e537ff908556fca12e1f4a27ea69d7a72b876f4e3077
GET /scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 11:13:52 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-bgj: minify
etag: W/"6336ac72-9e2"
last-modified: Fri, 30 Sep 2022 08:44:34 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 123736
expires: Wed, 08 Mar 2023 11:13:52 GMT
server: cloudflare
cf-ray: 794b38210a820b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1476317217.1675595674&jid=1344369735&_u=YEBAAEAAAAAAACAAI~&z=2072768621
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1476317217.1675595674&jid=1344369735&_u=YEBAAEAAAAAAACAAI~&z=2072768621
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1476317217.1675595674&jid=1344369735&_u=YEBAAEAAAAAAACAAI~&z=2072768621 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 11:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1476317217.1675595674&jid=1344369735&_u=YEBAAEAAAAAAACAAI~&z=2072768621
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1476317217.1675595674&jid=1344369735&_u=YEBAAEAAAAAAACAAI~&z=2072768621
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1476317217.1675595674&jid=1344369735&_u=YEBAAEAAAAAAACAAI~&z=2072768621 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 11:13:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.izooto.com/optin/1.js?v=3
104.18.217.65200 OK 6.5 kB URL HTTP/2 cdn.izooto.com/optin/1.js?v=3
IP 104.18.217.65:0
File type HTML document, ASCII text, with very long lines (8123)
Hash 936ba218c2625051d5c03a8c5515ef6e
6334e1f7e3c29afa5217379eab00794f46597231
85c4e96f9fffe027f88358e434820776d366c50325905b524917c77d7dda2fef
GET /optin/1.js?v=3 HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Cookie: IZCID=62d8d42c-7d8b-40a4-8dbb-72d6a9382bde
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 11:13:55 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-bgj: minify
cf-polished: origSize=8282
etag: W/"63208990-205a"
last-modified: Tue, 13 Sep 2022 13:45:52 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1804975
expires: Wed, 08 Mar 2023 11:13:55 GMT
server: cloudflare
cf-ray: 794b3831d91e0b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.izooto.com/scripts/sdk/izooto.js
104.18.217.65200 OK 0 B URL HTTP/2 cdn.izooto.com/scripts/sdk/izooto.js
IP 104.18.217.65:0
GET /scripts/sdk/izooto.js HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 11:13:52 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-bgj: minify
etag: W/"63dcf809-3fe14"
last-modified: Fri, 03 Feb 2023 12:03:21 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 169781
expires: Wed, 08 Mar 2023 11:13:52 GMT
server: cloudflare
cf-ray: 794b38213aa60b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
tours.specia1.com/t/2263/tiktok-3-loop.mp4
143.204.55.34206 Partial Content 0 B URL HTTP/2 tours.specia1.com/t/2263/tiktok-3-loop.mp4
IP 143.204.55.34:0
GET /t/2263/tiktok-3-loop.mp4 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
content-length: 1593436
last-modified: Wed, 01 Feb 2023 12:33:22 GMT
server: AmazonS3
date: Sun, 05 Feb 2023 11:09:07 GMT
etag: "6d8932a536de28cf2545560f00a370b1"
vary: Accept-Encoding
content-range: bytes 0-1593435/1593436
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: przfOfEbWT67fv528kINjnI7r1FGe-MLXA8rJUKRxTGIH2utsHn7Ig==
age: 286
X-Firefox-Spdy: h2
tours.specia1.com/t/2263/css/style.css
143.204.55.34200 OK 0 B URL HTTP/2 tours.specia1.com/t/2263/css/style.css
IP 143.204.55.34:0
GET /t/2263/css/style.css HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 01 Feb 2023 12:33:21 GMT
server: AmazonS3
content-encoding: gzip
date: Sun, 05 Feb 2023 11:09:26 GMT
etag: W/"e9a3243e364eb8363251f6fd5152d951"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EokgdGgMU5Yi8SCVwtJ-dmCJ_zrPrtM9p4rz5KaULl7hZRpp5FSAaA==
age: 267
X-Firefox-Spdy: h2
tours.specia1.com/t/2263/custom.js
143.204.55.34200 OK 0 B URL HTTP/2 tours.specia1.com/t/2263/custom.js
IP 143.204.55.34:0
GET /t/2263/custom.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 01 Feb 2023 12:33:21 GMT
server: AmazonS3
content-encoding: gzip
date: Sun, 05 Feb 2023 11:08:58 GMT
etag: W/"544421a9899c2fd1bb3d5dfc5aaa24a7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ub-ML9nQW7abgjTe0mBTNBqbgzWOKiOyXxmL5M7ZKbxjM4Y6eBuTiA==
age: 295
X-Firefox-Spdy: h2
tours.specia1.com/t/common/js/footer_override.min.js
143.204.55.34200 OK 0 B URL HTTP/2 tours.specia1.com/t/common/js/footer_override.min.js
IP 143.204.55.34:0
GET /t/common/js/footer_override.min.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2263/?t=53231&aid=147136&sid=Exo_%7Bcampaign_id%7D&xk=c0d190b21bf862d08c6fee2fc66ff8bf&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52593%26aid%3D147136%26sid%3DExo_%257Bcampaign_id%257D%26click_id%3Ds8hnpa17llm%26hts_id%3Da1e42991-4de7-4672-a6d4-d5a93cbecfb7&click_id=s8hnpa17llm&i18n_country=NO&hts_id=a1e42991-4de7-4672-a6d4-d5a93cbecfb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 01 Feb 2023 12:34:28 GMT
server: AmazonS3
content-encoding: gzip
date: Sun, 05 Feb 2023 11:13:52 GMT
etag: W/"bce527ef9e6ea886fffc7cee9fc69826"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UvL2CHdIF56PgA8VGMqM3KMvgz83kg1cWtbKJuexPbaSztusmGdO1A==
age: 189
X-Firefox-Spdy: h2