r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9ce33c47154f4826255fe9bbe54d72be
e10a363c007a6d15ed43eb35b4e5c246d85c5eed
cf423db1a8ad1dce1b5c25f6025d14411b4a46e95a6001288949f046e244bc24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF423DB1A8AD1DCE1B5C25F6025D14411B4A46E95A6001288949F046E244BC24"
Last-Modified: Fri, 10 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9569
Expires: Sun, 12 Mar 2023 11:26:09 GMT
Date: Sun, 12 Mar 2023 08:46:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e7a9cb518d929d10c471394adc89cdfa
d609cb0d94e645141ab1372f19c014c1b00b83af
200db48dd5e87cba8dc962e8981f72def9c12e21d5a417361c4f77425e55597a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "200DB48DD5E87CBA8DC962E8981F72DEF9C12E21D5A417361C4F77425E55597A"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10084
Expires: Sun, 12 Mar 2023 11:34:44 GMT
Date: Sun, 12 Mar 2023 08:46:40 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Backoff, Alert, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 12 Mar 2023 08:13:58 GMT
content-type: application/json
age: 1962
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae4d7bec26e013433e638f87260aa632
62384e39bc90d0b2ab92895220f0383e678669f4
b704031d560770485c9552dcf56b911b7b5ad45d8a3f73acd17dbbbeeff294f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B704031D560770485C9552DCF56B911B7B5AD45D8A3F73ACD17DBBBEEFF294F4"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10122
Expires: Sun, 12 Mar 2023 11:35:22 GMT
Date: Sun, 12 Mar 2023 08:46:40 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: RD0/lLl64fe+MhSH7JZmeibeVOfPAH+GQWg9MBrexFMqCCUNelmG4SyYOla+oMC3hd/hkROI39Y=
x-amz-request-id: AQQX564XN7RRG7CH
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 12 Mar 2023 08:19:38 GMT
age: 1622
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 08:46:40 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 12 Mar 2023 08:12:32 GMT
age: 2048
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
go.moartraffic.com/go.php?=&t=53517&aid=145864&sid=2732&click_id=1640d915d354625.87456633&ocode=MjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA
64.188.52.46200 OK 572 B URL HTTP/1.1 go.moartraffic.com/go.php?=&t=53517&aid=145864&sid=2732&click_id=1640d915d354625.87456633&ocode=MjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA
IP 64.188.52.46:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (449)
Hash 1ed503cf312b4822ae86c4a0c97d1def
57af4cc70e22f8f3421e8702b00f42b11b63e125
41b9f140b6bd959e3c6a15962e64f7f8ca4bb3bdd8025ff10c7a9b1a473ace87
GET /go.php?=&t=53517&aid=145864&sid=2732&click_id=1640d915d354625.87456633&ocode=MjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
date: Sun, 12 Mar 2023 08:46:40 GMT
server: Apache
set-cookie: bd_ovtu=1; expires=Mon, 13-Mar-2023 08:46:40 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdreff=NONE; expires=Fri, 08-Sep-2023 08:46:40 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
tour=53517; expires=Fri, 08-Sep-2023 08:46:40 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
affsubid=145864-2732; expires=Fri, 08-Sep-2023 08:46:40 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
bdvisit=145864; expires=Mon, 13-Mar-2023 08:46:40 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdcounter=1; expires=Mon, 13-Mar-2023 08:46:40 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
xk=50f150854b632228ddc1a0ad2760b901; expires=Fri, 08-Sep-2023 08:46:40 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-robots-tag: otherbot: noindex, nofollow, googlebot: noindex, nofollow
vary: Accept-Encoding
content-encoding: gzip
content-length: 572
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d960a8d21b339ab0d7987e3b1eb16fdc
08d4430c549151295ee4e1dc8f24dbd3d9456b0b
522b75aa714f87a716a9a693a7c3ed1cab6e5b1725f20a67df46dec2967b5960
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "522B75AA714F87A716A9A693A7C3ED1CAB6E5B1725F20A67DF46DEC2967B5960"
Last-Modified: Thu, 09 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2404
Expires: Sun, 12 Mar 2023 09:26:45 GMT
Date: Sun, 12 Mar 2023 08:46:41 GMT
Connection: keep-alive
go.moartraffic.com/go.min.js
64.188.52.46200 OK 221 B URL HTTP/1.1 go.moartraffic.com/go.min.js
IP 64.188.52.46:0
File type ASCII text, with very long lines (305)
Hash 77d3c60f4f2cc6ab7f7c0f9187dfd6fe
7a8ce851238850aeadfb637638c52891aeb53c42
98de9958ac1d81fdeea1f165dfe95f2da4d7e592f452d7c8ca699a1c914e3f2e
GET /go.min.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.moartraffic.com/go.php?=&t=53517&aid=145864&sid=2732&click_id=1640d915d354625.87456633&ocode=MjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA
Cookie: bd_ovtu=1; bdreff=NONE; tour=53517; affsubid=145864-2732; bdvisit=145864; bdcounter=1; xk=50f150854b632228ddc1a0ad2760b901
HTTP/1.1 200 OK
date: Sun, 12 Mar 2023 08:46:41 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 221
x-content-type-options: nosniff
go.moartraffic.com/native.history.js
64.188.52.46200 OK 6.5 kB URL HTTP/1.1 go.moartraffic.com/native.history.js
IP 64.188.52.46:0
File type ASCII text, with very long lines (22102), with no line terminators
Hash 8353bbacfdb868f80448dcdb30c2e2d2
7232562be4f0f7a1aaa403c9d6c5d2ed17345cfd
fd7be3058aae52c67b43703962b3b6039b0ac2709a82a68a150aebae3e19ae38
GET /native.history.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.moartraffic.com/go.php?=&t=53517&aid=145864&sid=2732&click_id=1640d915d354625.87456633&ocode=MjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA
Cookie: bd_ovtu=1; bdreff=NONE; tour=53517; affsubid=145864-2732; bdvisit=145864; bdcounter=1; xk=50f150854b632228ddc1a0ad2760b901
HTTP/1.1 200 OK
date: Sun, 12 Mar 2023 08:46:41 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 6519
x-content-type-options: nosniff
go.moartraffic.com/favicon.ico
64.188.52.46200 OK 198 B URL HTTP/1.1 go.moartraffic.com/favicon.ico
IP 64.188.52.46:0
File type MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Hash c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b
GET /favicon.ico HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.moartraffic.com/go.php?=&t=53517&aid=145864&sid=2732&click_id=1640d915d354625.87456633&ocode=MjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA
Cookie: bd_ovtu=1; bdreff=NONE; tour=53517; affsubid=145864-2732; bdvisit=145864; bdcounter=1; xk=50f150854b632228ddc1a0ad2760b901
HTTP/1.1 200 OK
date: Sun, 12 Mar 2023 08:46:41 GMT
server: Apache
last-modified: Thu, 09 Mar 2023 15:53:15 GMT
etag: "c6-5f679a4832316"
accept-ranges: bytes
content-length: 198
content-type: image/vnd.microsoft.icon
x-content-type-options: nosniff
push.services.mozilla.com/
35.164.194.236101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.194.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rg00AUJw4haqYcI1PbPH4w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: n3hMzPdnPJI91YsonSptnG0oLjw=
ocsp.r2m02.amazontrust.com/
108.157.228.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 108.157.228.227:0
Hash a43ddac4db026416349375c6ed82f9ac
4d75b12fac1f053bf3e3c6ddb9f292937c0263b7
5c8c894167ca524ce67476b8d5195c264f3889d54bc0aff51dddb22d784e8c06
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 12 Mar 2023 08:46:41 GMT
Etag: "640ba5e2-1d7"
Last-Modified: Sun, 12 Mar 2023 07:43:58 GMT
Server: ECAcc (bsa/EAE4)
X-Cache: Miss from cloudfront
Via: 1.1 a7b25290e9400fd200644534ae04f210.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: QrN0UUGaDrjeF9LqoBij1YDHyQ5kFRK6NpjCQK2XhtgB5D4NYnrdXg==
Age: 3763
utl-1.com/1.6.43/mst2.min.js
143.204.55.32200 OK 18 kB URL HTTP/2 utl-1.com/1.6.43/mst2.min.js
IP 143.204.55.32:0
File type ASCII text, with very long lines (17794), with no line terminators
Hash 3a2e1fe5f9de68d28807b0b5675235f4
1ec71f3bf36850118f94eacb5c7949f449b3a0b7
252d3a0ef9c3754cdf38a02570d1a84fa4d94d53ac2eaeeada2e141f9c11a2e2
GET /1.6.43/mst2.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 17794
date: Tue, 14 Feb 2023 01:19:46 GMT
last-modified: Thu, 09 Feb 2023 16:59:31 GMT
etag: "3a2e1fe5f9de68d28807b0b5675235f4"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: V4BgV9KihQcEALBBfF00TmnGWZACcP2no-gmqTIjEzpy46PFKewVVw==
age: 2273216
X-Firefox-Spdy: h2
utl-1.com/1.6.43/utl.min.js
143.204.55.32200 OK 312 kB URL HTTP/2 utl-1.com/1.6.43/utl.min.js
IP 143.204.55.32:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 312 kB (312485 bytes)
Hash b72bbe0d1a790b12882c2cab493d9e9f
d25b84a192e99e1e30f44c0966d487bd3f581151
07432419d184898c33329bb40579b0a8f837b7eaa24a0422b32286658e873152
GET /1.6.43/utl.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 312485
date: Fri, 10 Feb 2023 12:42:54 GMT
last-modified: Thu, 09 Feb 2023 16:59:31 GMT
etag: "b72bbe0d1a790b12882c2cab493d9e9f"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ID6dctbr3z3oxHN3EVKAk_bSDJSDhlQ0qnSSGHkvDxQIa45FKlW3Ew==
age: 2577828
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
108.157.228.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 108.157.228.227:0
Hash c6af0d92ea98bfa747e4031ac2e2d305
ad848e8b8fc8c3058e78a036ff502f8c653fc4e4
bb90fb6c334b15e01218b2c7b78ce22b81834eb38b9148a9d95f3bd1dee291a6
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=144206
Date: Sun, 12 Mar 2023 08:46:41 GMT
Etag: "640d215e-1d7"
Expires: Tue, 14 Mar 2023 00:50:07 GMT
Last-Modified: Sun, 12 Mar 2023 00:48:30 GMT
Server: ECAcc (dcb/7FE4)
X-Cache: Miss from cloudfront
Via: 1.1 d009c4305a73ef1e26138117423d6076.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: IICHwPgIpA6NlUHJI3Zc6WmkZcxQFaNurZrKM_EDASFlsWP9NHiPGw==
Age: 97
cdn.tours-78-94.wellhello.com/snapcheat/img/svg/arrow.svg
54.230.111.34200 OK 867 B URL HTTP/2 cdn.tours-78-94.wellhello.com/snapcheat/img/svg/arrow.svg
IP 54.230.111.34:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d1482bd31dde1707b316f22bbe818ff4
98b63cc34e21b7d3092b70c00dc5a579ce0825ba
6efee9ca3dd0b249814e53fab132821a3c1b5370fdb02c704947399485ec43b9
Analyzer Verdict Alert fortinet Phishing
GET /snapcheat/img/svg/arrow.svg HTTP/1.1
Host: cdn.tours-78-94.wellhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 867
date: Mon, 29 Aug 2022 01:29:26 GMT
server: nginx
last-modified: Fri, 26 Aug 2022 17:05:55 GMT
etag: "6308fd73-363"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Y95boWJYE7TsbyGzAp-VAx-MP78QSrQybqBlzTPxmBwWo_ORBumA3Q==
age: 16874235
X-Firefox-Spdy: h2
tours.specia1.com/t/2474/images/address.png
143.204.55.19200 OK 1.4 kB URL HTTP/2 tours.specia1.com/t/2474/images/address.png
IP 143.204.55.19:0
File type PNG image data, 33 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash bd9476d9f407e290f817f77a0bf37674
3862e9f828f2241182269654dcc00d6e8c7f3927
2d56035b1871d7689d1a95dd4b9d38ab9ebf0bc2e0a0b59f474fe2f39816c690
GET /t/2474/images/address.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2474/?t=53517&aid=145864&sid=2732&xk=50f150854b632228ddc1a0ad2760b901&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26click_id%3D1640d915d354625.87456633%26ocode%3DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&click_id=1640d915d354625.87456633&i18n_country=NO&hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 1384
date: Sun, 12 Mar 2023 08:46:42 GMT
last-modified: Fri, 03 Mar 2023 12:09:58 GMT
etag: "bd9476d9f407e290f817f77a0bf37674"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: pUb8Ur8akh__tnfVuvcnlCmEIOWp8jqrcJRal1gOJxK2kH6KFZGFjg==
X-Firefox-Spdy: h2
tours.specia1.com/t/2474/images/logo_white.png
143.204.55.19200 OK 19 kB URL HTTP/2 tours.specia1.com/t/2474/images/logo_white.png
IP 143.204.55.19:0
File type PNG image data, 484 x 157, 8-bit/color RGBA, non-interlaced\012- data
Hash 57723c59a490cdc5f9645fcbf96e254d
156713839803504687c28443c5be28316d31bedb
96133109e7eaa64a2f2115650196e300610dd2f6d86cd94da946e49783dc4721
GET /t/2474/images/logo_white.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2474/?t=53517&aid=145864&sid=2732&xk=50f150854b632228ddc1a0ad2760b901&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26click_id%3D1640d915d354625.87456633%26ocode%3DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&click_id=1640d915d354625.87456633&i18n_country=NO&hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 19113
date: Sun, 12 Mar 2023 08:46:42 GMT
last-modified: Fri, 03 Mar 2023 12:09:58 GMT
etag: "57723c59a490cdc5f9645fcbf96e254d"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sWG86izEn42h4p7y5lFWXwwAsgiqsFrerxhu03n_vbx7KDQAy-ovtg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c5612c5131d59819b60bcd3123fbe1e
86f82bfa3a20987ac256d2efd06dc95c0df285e8
00fc14cc05fb85329d10ee97f1c959244f274c67d56a37f4eb8006acd0e867bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tours.specia1.com/t/2474/images/logo_black.png
143.204.55.19200 OK 18 kB URL HTTP/2 tours.specia1.com/t/2474/images/logo_black.png
IP 143.204.55.19:0
File type PNG image data, 484 x 157, 8-bit/color RGBA, non-interlaced\012- data
Hash 863040326e7ee96ec3a96840734f7e4e
2f4362e638f85dfa03d95c8ca2fda6b6da7fb87c
5bc938e42c64b57dc42b3f9a853824e84043c202fb7b9d9b1d131de3377593f7
GET /t/2474/images/logo_black.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2474/?t=53517&aid=145864&sid=2732&xk=50f150854b632228ddc1a0ad2760b901&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26click_id%3D1640d915d354625.87456633%26ocode%3DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&click_id=1640d915d354625.87456633&i18n_country=NO&hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 17763
date: Sun, 12 Mar 2023 08:46:42 GMT
last-modified: Fri, 03 Mar 2023 12:09:58 GMT
etag: "863040326e7ee96ec3a96840734f7e4e"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xFKUrg0tS1S4l16bLzPhWUM6LfwcoFifMXV6vryzvEIDvIWlqZ_imA==
X-Firefox-Spdy: h2
tours.specia1.com/t/2474/css/style.css
143.204.55.19200 OK 7.5 kB URL HTTP/2 tours.specia1.com/t/2474/css/style.css
IP 143.204.55.19:0
Hash 5a738e2ce3e2045b370e4a41f4f1acfa
97bfcca9abc68e57dc3e48a078da6534ba1c0919
6d1d42167172c06c7eebb2a8f6bfee992d010431e982e8cccedec136baa4a3b4
GET /t/2474/css/style.css HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2474/?t=53517&aid=145864&sid=2732&xk=50f150854b632228ddc1a0ad2760b901&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26click_id%3D1640d915d354625.87456633%26ocode%3DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&click_id=1640d915d354625.87456633&i18n_country=NO&hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Sun, 12 Mar 2023 08:46:42 GMT
last-modified: Fri, 03 Mar 2023 12:09:58 GMT
etag: W/"2af7ef00c11ecda0a6cd9c323b762a32"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eKM4Cti_vdoJ0c6jrc25WecJo0jIl-1X8VW3Sdnzmch_r3CfwAxBJg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c11248ad196c57fdf878000b4591a416
f86236c890bcceaf313e5021bf8ef6669688ea77
550e8187d0a76ef1d3127e200c20ab609ee72a44bc05c040bf178f4c8ec5eebc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 08 Mar 2023 13:15:37 GMT
expires: Thu, 07 Mar 2024 13:15:37 GMT
cache-control: public, max-age=31536000
age: 329465
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c11248ad196c57fdf878000b4591a416
f86236c890bcceaf313e5021bf8ef6669688ea77
550e8187d0a76ef1d3127e200c20ab609ee72a44bc05c040bf178f4c8ec5eebc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.izooto.com/scripts/sdk/izooto.js
104.18.217.65200 OK 66 kB URL HTTP/2 cdn.izooto.com/scripts/sdk/izooto.js
IP 104.18.217.65:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash df200bc8a8fc4231997bb43e1bea1419
43e43239ff7dd8a998287f2717420f1b51fc271b
ed03d4d14707b6751ae0b846758e7a71a55b9f47142a691f36998fc55cdb63e3
GET /scripts/sdk/izooto.js HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 12 Mar 2023 08:46:42 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1382400
cf-bgj: minify
etag: W/"640b1d24-4396b"
last-modified: Fri, 10 Mar 2023 12:05:56 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 160668
expires: Tue, 28 Mar 2023 08:46:42 GMT
server: cloudflare
cf-ray: 7a6ac4aa1999b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Mar 2023 13:09:06 GMT
expires: Wed, 06 Mar 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 416256
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c11248ad196c57fdf878000b4591a416
f86236c890bcceaf313e5021bf8ef6669688ea77
550e8187d0a76ef1d3127e200c20ab609ee72a44bc05c040bf178f4c8ec5eebc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 72f15337388edc041852feb8985eff89
54da1a7bfb63ad92b8d32341a612a6606a6849f5
0317d930b4268a2e93f52f95ddf31a2bc41216f92fea6f438458c59c008eb12d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0317D930B4268A2E93F52F95DDF31A2BC41216F92FEA6F438458C59C008EB12D"
Last-Modified: Fri, 10 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9802
Expires: Sun, 12 Mar 2023 11:30:04 GMT
Date: Sun, 12 Mar 2023 08:46:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 72f15337388edc041852feb8985eff89
54da1a7bfb63ad92b8d32341a612a6606a6849f5
0317d930b4268a2e93f52f95ddf31a2bc41216f92fea6f438458c59c008eb12d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0317D930B4268A2E93F52F95DDF31A2BC41216F92FEA6F438458C59C008EB12D"
Last-Modified: Fri, 10 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9802
Expires: Sun, 12 Mar 2023 11:30:04 GMT
Date: Sun, 12 Mar 2023 08:46:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 72f15337388edc041852feb8985eff89
54da1a7bfb63ad92b8d32341a612a6606a6849f5
0317d930b4268a2e93f52f95ddf31a2bc41216f92fea6f438458c59c008eb12d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0317D930B4268A2E93F52F95DDF31A2BC41216F92FEA6F438458C59C008EB12D"
Last-Modified: Fri, 10 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9802
Expires: Sun, 12 Mar 2023 11:30:04 GMT
Date: Sun, 12 Mar 2023 08:46:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 72f15337388edc041852feb8985eff89
54da1a7bfb63ad92b8d32341a612a6606a6849f5
0317d930b4268a2e93f52f95ddf31a2bc41216f92fea6f438458c59c008eb12d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0317D930B4268A2E93F52F95DDF31A2BC41216F92FEA6F438458C59C008EB12D"
Last-Modified: Fri, 10 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9802
Expires: Sun, 12 Mar 2023 11:30:04 GMT
Date: Sun, 12 Mar 2023 08:46:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 72f15337388edc041852feb8985eff89
54da1a7bfb63ad92b8d32341a612a6606a6849f5
0317d930b4268a2e93f52f95ddf31a2bc41216f92fea6f438458c59c008eb12d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0317D930B4268A2E93F52F95DDF31A2BC41216F92FEA6F438458C59C008EB12D"
Last-Modified: Fri, 10 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9802
Expires: Sun, 12 Mar 2023 11:30:04 GMT
Date: Sun, 12 Mar 2023 08:46:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7461
Expires: Sun, 12 Mar 2023 10:51:03 GMT
Date: Sun, 12 Mar 2023 08:46:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7461
Expires: Sun, 12 Mar 2023 10:51:03 GMT
Date: Sun, 12 Mar 2023 08:46:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7461
Expires: Sun, 12 Mar 2023 10:51:03 GMT
Date: Sun, 12 Mar 2023 08:46:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7461
Expires: Sun, 12 Mar 2023 10:51:03 GMT
Date: Sun, 12 Mar 2023 08:46:42 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fd5c28821c8bf2d62d0c4332f06bd71
6e2c08457854437b2b851340277d31439e5ab470
86725a37e80a10c5b0b52a10e498225d97565752ec25303cb159a34386a49523
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8845
x-amzn-requestid: b556bc0e-9cf5-4062-9df4-0ccee00cbab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BoswFH5soAMF2SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4cd-0ba8e60549c78f9d3b720a20;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: EFRUOo6vNYBlNXfP-XzizobifYejOdXIuu_bj2owYGiDHDsv1HrMhA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 c5c7edc18be1805f007e0576da02e554.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 22:03:58 GMT
age: 38564
etag: "6e2c08457854437b2b851340277d31439e5ab470"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1645617e-315b-4828-a837-6f43c26239f3.webp
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1645617e-315b-4828-a837-6f43c26239f3.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a260ac2164ba9dcf80a9d9785b00b64
8440defe1b992f47d6cc744ea89149f570129630
06f9cd692a85c54e65efba8deded48dbd13fb4bac84e5adb601b6dd872037d9a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1645617e-315b-4828-a837-6f43c26239f3.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3749
x-amzn-requestid: 21224146-a517-4aa7-9107-eb0f533d5b62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bosz6E4IIAMFZUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4e5-6e6b5aa1791c251476ab1627;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: v_EOFrBNjtaW5R_y5KiKNmKhjTwbKZXfdp_wtAD652qF3kgo5OPFUw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:53:25 GMT
age: 39197
etag: "8440defe1b992f47d6cc744ea89149f570129630"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8980abd4-3861-4dc6-92e7-2c13517ad40e.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8980abd4-3861-4dc6-92e7-2c13517ad40e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60c95e46b874e5404fe3d3cc03e60512
2a5c926ca9264e71c52e7a714389ffba9caa7a71
65bfa154efbb8a169f32c8b8cffd31faaacc6daf7b7e4fb2ac655b68e1a8c4e5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8980abd4-3861-4dc6-92e7-2c13517ad40e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7117
x-amzn-requestid: 42df44a6-6963-4db2-9ab5-534c9883a559
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bosv8ErJIAMFtfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4cc-20f83d8f7715fff50d8977a3;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: UkM0v5LR5xQj0uH3b7UE6XuOq_6xo2ah3kNnFZnQEjFJF4oUXjdS8A==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 50faaaa196a6b0875217ef7827f97d7c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:42:45 GMT
etag: "2a5c926ca9264e71c52e7a714389ffba9caa7a71"
content-type: image/jpeg
age: 39837
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfe3b026-408f-4d8a-8fbd-5c6ae59ab237.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfe3b026-408f-4d8a-8fbd-5c6ae59ab237.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ebf97627ec9fd083bf5c22de39a524b5
35866e5d26ee25485d090011a1d50ec603d6761b
0b518329364fb793881cb0ff5ef464ecc4cd90c3694dcb7cfef40d0958446a14
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfe3b026-408f-4d8a-8fbd-5c6ae59ab237.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5381
x-amzn-requestid: 6507e3ee-6ce1-46d3-89d7-409b6d7000f2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BosvnHK_IAMFdkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4ca-3d2fb61641f8b1212fc60c8c;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: BOGljcKXBmUlBQDfklSuTJqcybZt876or6lsCUU34hQmw7U4quARFA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 1d000d0dfe9d69b4983f619fdc5499d6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:42:45 GMT
age: 39837
etag: "35866e5d26ee25485d090011a1d50ec603d6761b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:42:55 GMT
age: 39827
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26033b42139d27c847cf9881a17e0332
b196fbef36c2a5242abfc5d7115f1efd39499453
028dd1c86eaab6b991ad3dcb7fda21cdcfe8f9b22155c6bcb9363fbe379096ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4512
x-amzn-requestid: e9ba0dc3-3e1a-4ff5-8d0d-57386ced2fb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BotIeGZ-IAMFmBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf569-1a45fa73148fb01f3822ee29;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:40:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 5dasHBaMZCENF6r8miupz4Jzeqy_tuotsvkcSRgs6AtsrWexauN6SQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 abbf2df97f9d83839470842dc2e68cb6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:42:45 GMT
age: 39837
etag: "b196fbef36c2a5242abfc5d7115f1efd39499453"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
secure.authbill.com/tour/api.php
68.169.87.223200 OK 56 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type ASCII text, with no line terminators
Hash 31b75288e0bafdcfb1c5fa5e6da67374
2f2c477aba0952a8241b8eb987d8bcf2857eb667
6e35996ee8c8550209a9584336cdb667443e7680b22cf441693d23753ea7007e
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 12 Mar 2023 08:46:42 GMT
server: Apache
set-cookie: PHPSESSID=120F~22da7e2aca9545b87e3f269cd84f467d; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 56
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 385 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with very long lines (804), with no line terminators
Hash 673c190a4e2e73a6d3038928b8598f4c
6318b3faf1ccacf7f381d3c423d6a9882950c24c
39c4489106d62ae1d75f7c483c1a1a15311010cfe8445440c74d7582c6bba28c
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 12 Mar 2023 08:46:42 GMT
server: Apache
set-cookie: PHPSESSID=74D2~7335f40646cafa6f562b025e762b4c7d; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 385
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 4.8 kB URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with very long lines (20405), with no line terminators
Hash 2c52104cbb6259e25de3f430d981f6a0
0794c091b4c15a50e328317de1050efb6151795b
6aba8684a9eb0aab82c8aa6aa3c73e86b5fb8d34f9d991ad9b6c847ae8b44b36
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 12 Mar 2023 08:46:42 GMT
server: Apache
set-cookie: PHPSESSID=4DD2~b8b15aa2c1693b9c391544667f1507fc; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 4820
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 21 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type very short file (no magic)
Hash 7ac8c27439ed6e2a30373651a2898777
1249bc89db36deb369d6388319453f015bd83e04
e240a7a561e7c84b32d4695ddc4c0d6c38a8e0c3f2581711c1971680f033437e
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 12 Mar 2023 08:46:42 GMT
server: Apache
set-cookie: PHPSESSID=120F~3bad2187a9c88acb0c48fd38cb7d3b58; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 21
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 159 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 12 Mar 2023 08:46:42 GMT
server: Apache
set-cookie: PHPSESSID=D420~dc9abbebe2d6ff01f199668b7f89041b; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 159 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Sun, 12 Mar 2023 08:46:42 GMT
server: Apache
set-cookie: PHPSESSID=74D2~055be8c16515df62f7609900f70c54fa; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
tours.specia1.com/t/2474/custom.js
143.204.55.19200 OK 2.1 kB URL HTTP/2 tours.specia1.com/t/2474/custom.js
IP 143.204.55.19:0
File type ASCII text, with very long lines (314)
Hash 73772af49ceba4db93d8aa36565e99fe
bd3098da6fd292667306cd8031c731ccf0c5da5b
01becd14000590e8e207de0669388777250d6357e7652024104c783bd4428693
GET /t/2474/custom.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2474/?t=53517&aid=145864&sid=2732&xk=50f150854b632228ddc1a0ad2760b901&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26click_id%3D1640d915d354625.87456633%26ocode%3DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&click_id=1640d915d354625.87456633&i18n_country=NO&hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 12 Mar 2023 08:46:42 GMT
last-modified: Fri, 03 Mar 2023 12:09:58 GMT
etag: W/"20867a8ec29ac402f426044c37f79d86"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ju-ax8magwy44RGtmRWUC-1-1gb9JyCmGeRIgMF9OjE2G4HOXsKc4w==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f400ce71f7bcba5802fd1f9382ea6645
0abb4a603c84d51aa6825854717b99d7f4e7fe17
1f694fda1949c4f68e042dec8b3e688c97473e805668b206574954ed1439450a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.142200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.142:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sun, 12 Mar 2023 07:53:25 GMT
expires: Sun, 12 Mar 2023 09:53:25 GMT
cache-control: public, max-age=7200
age: 3198
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f400ce71f7bcba5802fd1f9382ea6645
0abb4a603c84d51aa6825854717b99d7f4e7fe17
1f694fda1949c4f68e042dec8b3e688c97473e805668b206574954ed1439450a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j99&a=80668935&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F2474%2F%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26xk%3D50f150854b632228ddc1a0ad2760b901%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D53517%2526aid%253D145864%2526sid%253D2732%2526click_id%253D1640d915d354625.87456633%2526ocode%253DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%2526hts_id%253Dc5ced4e3-c842-4121-9e81-ab80ede58db4%26click_id%3D1640d915d354625.87456633%26i18n_country%3DNO%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&dr=http%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=Trick%20Or%20Cheat!&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2053517&ec=Tour%3A%2053517&ea=Current%20step%3A%2001&el=Total%20steps%3A%206&_u=YEBAAEABAAAAACAAI~&jid=1843466887&gjid=1795881989&cid=1340009152.1678610804&tid=UA-148167200-1&_gid=454535029.1678610804&_r=1&_slc=1&z=418115609
142.250.74.142200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=80668935&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F2474%2F%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26xk%3D50f150854b632228ddc1a0ad2760b901%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D53517%2526aid%253D145864%2526sid%253D2732%2526click_id%253D1640d915d354625.87456633%2526ocode%253DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%2526hts_id%253Dc5ced4e3-c842-4121-9e81-ab80ede58db4%26click_id%3D1640d915d354625.87456633%26i18n_country%3DNO%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&dr=http%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=Trick%20Or%20Cheat!&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2053517&ec=Tour%3A%2053517&ea=Current%20step%3A%2001&el=Total%20steps%3A%206&_u=YEBAAEABAAAAACAAI~&jid=1843466887&gjid=1795881989&cid=1340009152.1678610804&tid=UA-148167200-1&_gid=454535029.1678610804&_r=1&_slc=1&z=418115609
IP 142.250.74.142:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j99&a=80668935&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F2474%2F%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26xk%3D50f150854b632228ddc1a0ad2760b901%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D53517%2526aid%253D145864%2526sid%253D2732%2526click_id%253D1640d915d354625.87456633%2526ocode%253DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%2526hts_id%253Dc5ced4e3-c842-4121-9e81-ab80ede58db4%26click_id%3D1640d915d354625.87456633%26i18n_country%3DNO%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&dr=http%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=Trick%20Or%20Cheat!&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2053517&ec=Tour%3A%2053517&ea=Current%20step%3A%2001&el=Total%20steps%3A%206&_u=YEBAAEABAAAAACAAI~&jid=1843466887&gjid=1795881989&cid=1340009152.1678610804&tid=UA-148167200-1&_gid=454535029.1678610804&_r=1&_slc=1&z=418115609 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
date: Sun, 12 Mar 2023 08:46:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tours.specia1.com/t/2474/favicon.ico
143.204.55.19200 OK 4.3 kB URL HTTP/2 tours.specia1.com/t/2474/favicon.ico
IP 143.204.55.19:0
File type MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Hash 690a3f68651bbce4a0f121309801495d
0778b2771e982e6f49f842a354485fb0ee67d246
c0e52a46bb28c882584126b718cbb256bddaca6978cb484a7370358356a57236
GET /t/2474/favicon.ico HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2474/?t=53517&aid=145864&sid=2732&xk=50f150854b632228ddc1a0ad2760b901&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26click_id%3D1640d915d354625.87456633%26ocode%3DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&click_id=1640d915d354625.87456633&i18n_country=NO&hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4
Cookie: tour=53517; affsubid=145864-2732; reff=http%3A%2F%2Fgo.moartraffic.com%2F; upgrade_tour=53517; guid=13684CE9-133A-4FB6-8B61-15B8F9516BEE; custom_tracking=%5B%22address%22%2C%22ad_type%22%2C%22app_id%22%2C%22app_name%22%2C%22auth_token%22%2C%22a_aid%22%2C%22a_bid%22%2C%22banner%22%2C%22banner_id%22%2C%22banner_size%22%2C%22bn%22%2C%22c%22%2C%22cid%22%2C%22city%22%2C%22clickid%22%2C%22click_id%22%2C%22click_url%22%2C%22cmp_bo%22%2C%22cmp_member_id%22%2C%22consent%22%2C%22dx%22%2C%22email%22%2C%22exotracker%22%2C%22f%22%2C%22fbclid%22%2C%22fbid%22%2C%22first_name%22%2C%22gclid%22%2C%22gdpr%22%2C%22h%22%2C%22hts_id%22%2C%22hx%22%2C%22keyword%22%2C%22landerid%22%2C%22lander_id%22%2C%22last_name%22%2C%22misc_tour_info%22%2C%22niche%22%2C%22np%22%2C%22offer%22%2C%22origin%22%2C%22phone_number%22%2C%22placement%22%2C%22product%22%2C%22product_id%22%2C%22profile_visited%22%2C%22publisher%22%2C%22rcid%22%2C%22referer%22%2C%22reqid%22%2C%22rgc%22%2C%22rgh%22%2C%22rgm%22%2C%22schedule%22%2C%22sdaf%22%2C%22sdfsadf%22%2C%22session_initiated_by%22%2C%22sl%22%2C%22smoochy_user_id%22%2C%22snapchat_username%22%2C%22source%22%2C%22state%22%2C%22street%22%2C%22sv_cheating_mon%22%2C%22template%22%2C%22thumb_id%22%2C%22tracker_id%22%2C%22upgrade_uuid%22%2C%22upg_reason%22%2C%22userage%22%2C%22useremail%22%2C%22userzip%22%2C%22user_id%22%2C%22wellhello_profile_id%22%2C%22wellhello_upgrade_tour%22%2C%22xk%22%2C%22zip%22%5D; prop_bn=38; prop_click_id=1640d915d354625.87456633; prop_hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4; prop_xk=50f150854b632228ddc1a0ad2760b901; affiliate_145864_is_terminated=0; geoip=%7B%22country_code%22%3A%22NO%22%2C%22country_name%22%3A%22Norway%22%2C%22region%22%3A%22Oslo%22%2C%22city%22%3A%22Oslo%22%2C%22latitude%22%3A59.9127311707%2C%22longitude%22%3A10.7460899353%2C%22zipcode%22%3A%220131%22%2C%22isp_name%22%3A%22Blix%20Group%20AS%22%2C%22mobile_brand%22%3A%22%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 4286
date: Sun, 12 Mar 2023 08:46:44 GMT
last-modified: Fri, 03 Mar 2023 12:09:58 GMT
etag: "690a3f68651bbce4a0f121309801495d"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wuE0nl-5DLw9fqfB-I6F-5YZfs90YZucgiApvhk1fB89RUE5SKY6Tw==
X-Firefox-Spdy: h2
cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js
104.18.217.65200 OK 2.3 MB URL HTTP/2 cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js
IP 104.18.217.65:0
File type ASCII text, with very long lines (2530), with no line terminators
Size 2.3 MB (2329291 bytes)
Hash dd613515bf61ec3e4329743438564113
74bda045c42a9002602683932fa15dcf7d10cd14
7bd35015777acb6af4dd57db11a5fd19811b1e6a801a221415e2abee7bde0cd8
GET /scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 12 Mar 2023 08:46:42 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1382400
cf-bgj: minify
etag: W/"6336ac72-9e2"
last-modified: Fri, 30 Sep 2022 08:44:34 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 208929
expires: Tue, 28 Mar 2023 08:46:42 GMT
server: cloudflare
cf-ray: 7a6ac4a9d969b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cea70cd92f3f863b76facf9ef93149fa
05761090c7ff21d014d3f0d93925a0e66c925b99
dfaeabf18b09f39e3a75c6efe37f52fdb6d4056cf0a4c66ba0d8ac74539c96a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-148167200-1&cid=1340009152.1678610804&jid=1843466887&gjid=1795881989&_gid=454535029.1678610804&_u=YEBAAEAAAAAAACAAI~&z=1105633048
173.194.73.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-148167200-1&cid=1340009152.1678610804&jid=1843466887&gjid=1795881989&_gid=454535029.1678610804&_u=YEBAAEAAAAAAACAAI~&z=1105633048
IP 173.194.73.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-148167200-1&cid=1340009152.1678610804&jid=1843466887&gjid=1795881989&_gid=454535029.1678610804&_u=YEBAAEAAAAAAACAAI~&z=1105633048 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 12 Mar 2023 08:46:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cea70cd92f3f863b76facf9ef93149fa
05761090c7ff21d014d3f0d93925a0e66c925b99
dfaeabf18b09f39e3a75c6efe37f52fdb6d4056cf0a4c66ba0d8ac74539c96a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5252b94db30dbb3d1ed4d623a82796ba
8aa9abb5061cba18d1287372ff89188b605baeab
8805ee0008dcd8d53965d9cdf481ad34d739685ea2284e3d1739be1062662ef3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 03da97ae3e10a32174a41aa30868b9eb
70fb7047bdce18e0921b731213d9e5d2fc63a324
b7ee067fe51a57d6a9e82a26b862697f3794351f4214b19798418b617633bded
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1340009152.1678610804&jid=1843466887&_u=YEBAAEAAAAAAACAAI~&z=1375614452
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1340009152.1678610804&jid=1843466887&_u=YEBAAEAAAAAAACAAI~&z=1375614452
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1340009152.1678610804&jid=1843466887&_u=YEBAAEAAAAAAACAAI~&z=1375614452 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 12 Mar 2023 08:46:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1340009152.1678610804&jid=1843466887&_u=YEBAAEAAAAAAACAAI~&z=1375614452
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1340009152.1678610804&jid=1843466887&_u=YEBAAEAAAAAAACAAI~&z=1375614452
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-148167200-1&cid=1340009152.1678610804&jid=1843466887&_u=YEBAAEAAAAAAACAAI~&z=1375614452 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 12 Mar 2023 08:46:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ec6311aff40cad7ab34f00d36611b030
cf544610c8266b570673ea252aafe9339f145707
155dc155e18b34ee37d7c61224e421db376a38ac40e6fbf6c2939d8747a01c9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 03da97ae3e10a32174a41aa30868b9eb
70fb7047bdce18e0921b731213d9e5d2fc63a324
b7ee067fe51a57d6a9e82a26b862697f3794351f4214b19798418b617633bded
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 08:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tours.specia1.com/t/2474/?t=53517&aid=145864&sid=2732&xk=50f150854b632228ddc1a0ad2760b901&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26click_id%3D1640d915d354625.87456633%26ocode%3DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&click_id=1640d915d354625.87456633&i18n_country=NO&hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4
143.204.55.19200 OK 0 B URL HTTP/2 tours.specia1.com/t/2474/?t=53517&aid=145864&sid=2732&xk=50f150854b632228ddc1a0ad2760b901&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26click_id%3D1640d915d354625.87456633%26ocode%3DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&click_id=1640d915d354625.87456633&i18n_country=NO&hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4
IP 143.204.55.19:0
GET /t/2474/?t=53517&aid=145864&sid=2732&xk=50f150854b632228ddc1a0ad2760b901&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26click_id%3D1640d915d354625.87456633%26ocode%3DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&click_id=1640d915d354625.87456633&i18n_country=NO&hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.moartraffic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
date: Sun, 12 Mar 2023 08:46:42 GMT
last-modified: Fri, 03 Mar 2023 12:09:58 GMT
etag: W/"ea7f9df555fe103617d2da16e275e4d4"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fEqFPXliO9jD_LyexxeUAlyMOBS-3sbGK-G20JyugzlIWSq9L2G5Cg==
X-Firefox-Spdy: h2
tours.specia1.com/t/common/js/repoUtilsV2.js
143.204.55.19200 OK 0 B URL HTTP/2 tours.specia1.com/t/common/js/repoUtilsV2.js
IP 143.204.55.19:0
GET /t/common/js/repoUtilsV2.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2474/?t=53517&aid=145864&sid=2732&xk=50f150854b632228ddc1a0ad2760b901&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D53517%26aid%3D145864%26sid%3D2732%26click_id%3D1640d915d354625.87456633%26ocode%3DMjczMi45ODQ4LjQwNzYuNDI4Mi4wLjAuMzk2Ni4xLjAuMC4wLjA%26hts_id%3Dc5ced4e3-c842-4121-9e81-ab80ede58db4&click_id=1640d915d354625.87456633&i18n_country=NO&hts_id=c5ced4e3-c842-4121-9e81-ab80ede58db4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript
last-modified: Fri, 03 Mar 2023 12:10:44 GMT
server: AmazonS3
content-encoding: gzip
date: Sun, 12 Mar 2023 08:45:22 GMT
etag: W/"463ab17c7b265e702f3c4390d78b31b3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KtWdR-pieApiFqPlWZ1u5dkJik7HRiT7vVcM0MtNqd8HiVXVpIqQjQ==
age: 254
X-Firefox-Spdy: h2
cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
104.18.217.65200 OK 0 B URL HTTP/2 cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
IP 104.18.217.65:0
GET /scripts/sak/iz_setcid.html?v=1 HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 12 Mar 2023 08:46:42 GMT
content-type: text/html
last-modified: Tue, 07 Feb 2023 10:27:13 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cache-control: public, max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 166682
expires: Wed, 12 Apr 2023 08:46:42 GMT
server: cloudflare
cf-ray: 7a6ac4aaca74b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2