tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
143.204.55.34301 Moved Permanently 167 B URL HTTP/1.1 tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
IP 143.204.55.34:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Thu, 24 Nov 2022 16:10:04 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
X-Cache: Redirect from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: njDzhxFPeBheDELPB447kJp95OuVxzgChZC2ICJrbmk0Y02lesELEA==
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4088
Expires: Thu, 24 Nov 2022 17:18:12 GMT
Date: Thu, 24 Nov 2022 16:10:04 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6060
Cache-Control: max-age=158527
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:04 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 12:12:11 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6491
Expires: Thu, 24 Nov 2022 17:58:15 GMT
Date: Thu, 24 Nov 2022 16:10:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 15:17:18 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3166
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: mLYa3lJQwASlsYfHoX/iZokeevDLfph6GBFV1ee28Eqdcqwg2oaeYzJBX3emBfnSvIY1lLbNtWg=
x-amz-request-id: 6EXS5TTHRZV155NS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 15:40:27 GMT
age: 1777
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 16:10:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 70e19c5614e609fd89d14b9926e82c2e
55619cfc7a35a2aa78c15b5ee9039f76f56bbf48
2fe6488e0931a49c6fda14064e1de78e5086b6e1f1f7bb9fcfbff11eaf477e29
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=104544
Date: Thu, 24 Nov 2022 16:10:05 GMT
Etag: "637e8cbd-1d7"
Expires: Fri, 25 Nov 2022 21:12:29 GMT
Last-Modified: Wed, 23 Nov 2022 21:12:29 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: E_5SoHQwjmXRMgjpvVuqAvb7rdDhByr-uyxWYpaQZ7rGeu5oykLXeQ==
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5474
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:05 GMT
Last-Modified: Thu, 24 Nov 2022 14:38:51 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 16:08:53 GMT
cache-control: public,max-age=3600
age: 72
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b9d16c6d0ee7344dbd2c6d79cb3b978f
c199bb0ce6685bb8f9a7e40753e9c2dc2d62c300
823cf2bded0bb574dda936a4434221c5db48d93ba8992070b3a2233c27130327
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5008
Cache-Control: max-age=135488
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:05 GMT
Etag: "637ef20d-117"
Expires: Sat, 26 Nov 2022 05:48:13 GMT
Last-Modified: Thu, 24 Nov 2022 04:24:45 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
tours.specia1.com/t/2418/images/address.png
143.204.55.92200 OK 1.4 kB URL HTTP/2 tours.specia1.com/t/2418/images/address.png
IP 143.204.55.92:0
File type PNG image data, 33 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash bd9476d9f407e290f817f77a0bf37674
3862e9f828f2241182269654dcc00d6e8c7f3927
2d56035b1871d7689d1a95dd4b9d38ab9ebf0bc2e0a0b59f474fe2f39816c690
GET /t/2418/images/address.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 1384
last-modified: Thu, 24 Nov 2022 13:52:29 GMT
server: AmazonS3
date: Thu, 24 Nov 2022 16:10:06 GMT
etag: "bd9476d9f407e290f817f77a0bf37674"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Vk34hiWnjzpf24SUBfEIkdT7mHBxFfiqb17mPVwqEttDwWB0p6rp0A==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash aba38adfd4ce679fc78995418863edaa
732cf3f9dad0dac06e381cbb417182a28b6af3a6
b0f35400b9e287424686b6327c975267014c5e92db22b090af07fab0487df3e9
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=103952
Date: Thu, 24 Nov 2022 16:10:05 GMT
Etag: "637e70c5-1d7"
Expires: Fri, 25 Nov 2022 21:02:37 GMT
Last-Modified: Wed, 23 Nov 2022 19:13:09 GMT
Server: ECS (dcb/7FA4)
X-Cache: Miss from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Cn8tY_mvVZmIjBX5oRpJbiFw1FhDMIjxaoH_BRhQwRaBrxX9Ez4WQQ==
Age: 6568
tours.specia1.com/t/2418/images/logo_black_2.png
143.204.55.92200 OK 10 kB URL HTTP/2 tours.specia1.com/t/2418/images/logo_black_2.png
IP 143.204.55.92:0
File type PNG image data, 501 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash ffb66174418fa434555a80759d6532f9
eaeda463262a30b33008f0c5b9206768b2030f30
0d6ddbad5957f2f83b0cd020c13d0cabee057778f042c2a68600075c426fe1cc
GET /t/2418/images/logo_black_2.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 10055
last-modified: Thu, 24 Nov 2022 13:52:29 GMT
server: AmazonS3
date: Thu, 24 Nov 2022 16:10:06 GMT
etag: "ffb66174418fa434555a80759d6532f9"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bVDwwJ03QzPST0gzIeOZ88_jZIO1TgDczQB_32sa_zi_MJqCWK_zzw==
X-Firefox-Spdy: h2
tours.specia1.com/t/2418/images/logo_white_2.png
143.204.55.92200 OK 9.1 kB URL HTTP/2 tours.specia1.com/t/2418/images/logo_white_2.png
IP 143.204.55.92:0
File type PNG image data, 501 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 6fe25a4f0710d67fc21726fdfb5e73d0
eb70dff6051828ec62ad2d2e5c863d36be3ee4a8
3d95583dbaecdc3ee7f88d48a9cc6832fb628ed75580e76f9aa10a5d03e4ad6a
GET /t/2418/images/logo_white_2.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 9132
last-modified: Thu, 24 Nov 2022 13:52:29 GMT
server: AmazonS3
date: Thu, 24 Nov 2022 16:10:06 GMT
etag: "6fe25a4f0710d67fc21726fdfb5e73d0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: c2u0t5x8QrOSEDbnoS92-5ywN6B7pro8kKeo2tS6H1kLz-iips3Gmg==
X-Firefox-Spdy: h2
cdn.tours-78-94.wellhello.com/snapcheat/img/svg/arrow.svg
54.230.111.97200 OK 867 B URL HTTP/2 cdn.tours-78-94.wellhello.com/snapcheat/img/svg/arrow.svg
IP 54.230.111.97:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d1482bd31dde1707b316f22bbe818ff4
98b63cc34e21b7d3092b70c00dc5a579ce0825ba
6efee9ca3dd0b249814e53fab132821a3c1b5370fdb02c704947399485ec43b9
Analyzer Verdict Alert fortinet Phishing
GET /snapcheat/img/svg/arrow.svg HTTP/1.1
Host: cdn.tours-78-94.wellhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 867
date: Mon, 29 Aug 2022 01:29:26 GMT
server: nginx
last-modified: Fri, 26 Aug 2022 17:05:55 GMT
etag: "6308fd73-363"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CVIJZvUQM6p762PJWDcAmaT92dR6M5-WON-1XWA3yQFNHBY9A4p8uw==
age: 7569639
X-Firefox-Spdy: h2
cdn.tours-78-94.wellhello.com/instantcheat/imgs/arrow.svg
54.230.111.97200 OK 867 B URL HTTP/2 cdn.tours-78-94.wellhello.com/instantcheat/imgs/arrow.svg
IP 54.230.111.97:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d1482bd31dde1707b316f22bbe818ff4
98b63cc34e21b7d3092b70c00dc5a579ce0825ba
6efee9ca3dd0b249814e53fab132821a3c1b5370fdb02c704947399485ec43b9
Analyzer Verdict Alert fortinet Phishing
GET /instantcheat/imgs/arrow.svg HTTP/1.1
Host: cdn.tours-78-94.wellhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 867
date: Thu, 01 Sep 2022 02:07:19 GMT
server: nginx
last-modified: Fri, 26 Aug 2022 17:05:54 GMT
etag: "6308fd72-363"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mRCF19576qqNH-QYo6u-js0885kqKY5yssePC058tRyC8-K5cAbVAA==
age: 7308166
X-Firefox-Spdy: h2
use.typekit.net/mrt4etr.css
23.36.76.122200 OK 730 B URL HTTP/2 use.typekit.net/mrt4etr.css
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (516)
Hash 48d569c2132e78b226cef321f1b56ad0
9ed81741274a95adda0e52e13a8dd02ccf93ba1a
b6d7366398fc003517f8d67147ed22c7711a7248524f0771498481dd247f5701
GET /mrt4etr.css HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 730
date: Thu, 24 Nov 2022 16:10:05 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash aba38adfd4ce679fc78995418863edaa
732cf3f9dad0dac06e381cbb417182a28b6af3a6
b0f35400b9e287424686b6327c975267014c5e92db22b090af07fab0487df3e9
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=98815
Date: Thu, 24 Nov 2022 16:10:05 GMT
Etag: "637e70c5-1d7"
Expires: Fri, 25 Nov 2022 19:37:00 GMT
Last-Modified: Wed, 23 Nov 2022 19:13:09 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Ua64uaE9CSc5QZ84FQyJGhcTxVujQoV_JRjCWgKIxFiSjw0ZZo6DuQ==
Age: 1431
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 6ab78f1d848d6484e52b7496dbb0511f
2ff06952b0ff2da30994fa1dd434706403d12180
1f62c6fcc303641a486415ca2fe8576e0df93a3061209ce7ac2f5db48b4eed24
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=89797
Date: Thu, 24 Nov 2022 16:10:05 GMT
Etag: "637e3f97-1d7"
Expires: Fri, 25 Nov 2022 17:06:42 GMT
Last-Modified: Wed, 23 Nov 2022 15:43:19 GMT
Server: ECS (dcb/7ECA)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1b1mkCCtWu2eFq0M0cB8Tht54z-NXz60NZHlFmLF8AGbsinq8Znezg==
Age: 5003
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 6ab78f1d848d6484e52b7496dbb0511f
2ff06952b0ff2da30994fa1dd434706403d12180
1f62c6fcc303641a486415ca2fe8576e0df93a3061209ce7ac2f5db48b4eed24
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=86224
Date: Thu, 24 Nov 2022 16:10:05 GMT
Etag: "637e3f97-1d7"
Expires: Fri, 25 Nov 2022 16:07:09 GMT
Last-Modified: Wed, 23 Nov 2022 15:43:19 GMT
Server: ECS (bsa/EB1F)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aSeLnHV0-HO8kn6nLCfhIjacDI-HeVra-orixHyiPrpups9DFvbHNw==
Age: 1430
push.services.mozilla.com/
52.89.20.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.20.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mb3PYe/1g9rSnLRBIZPidg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WuNZ2L/0iy8mjX5jTKL8jlY6D7M=
utl-1.com/1.6.42/mst2.min.js
143.204.55.43200 OK 18 kB URL HTTP/2 utl-1.com/1.6.42/mst2.min.js
IP 143.204.55.43:0
File type ASCII text, with very long lines (17794), with no line terminators
Hash 3a2e1fe5f9de68d28807b0b5675235f4
1ec71f3bf36850118f94eacb5c7949f449b3a0b7
252d3a0ef9c3754cdf38a02570d1a84fa4d94d53ac2eaeeada2e141f9c11a2e2
GET /1.6.42/mst2.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 17794
date: Tue, 20 Sep 2022 14:24:04 GMT
last-modified: Fri, 16 Sep 2022 14:37:04 GMT
etag: "3a2e1fe5f9de68d28807b0b5675235f4"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: h8-meddk7-qTjFuukU4WIP8MBePD1ZYLNWJj7Th5qeoSQRDjvhcU0w==
age: 5622362
X-Firefox-Spdy: h2
utl-1.com/1.6.42/utl.min.js
143.204.55.43200 OK 312 kB URL HTTP/2 utl-1.com/1.6.42/utl.min.js
IP 143.204.55.43:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 312 kB (312299 bytes)
Hash 1ebaf1813111fc553ecbb1e5b1ee667b
e14cd8c0503102bf8519ac281839b5a307528604
c6dca79a9e9adc2437fbb52fa10254a664aaa35a06ba9c3ee0f03851c87498e5
GET /1.6.42/utl.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 312299
date: Tue, 20 Sep 2022 10:48:16 GMT
last-modified: Fri, 16 Sep 2022 14:37:04 GMT
etag: "1ebaf1813111fc553ecbb1e5b1ee667b"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: o3x5zy96Wv7yT2G_r2MQqmaHAdVJ8HFDfohyJXxPZBhzjPV3mmR25w==
age: 5635310
X-Firefox-Spdy: h2
tours.specia1.com/t/common/js/opticks.js
143.204.55.92200 OK 887 B URL HTTP/2 tours.specia1.com/t/common/js/opticks.js
IP 143.204.55.92:0
Hash e4ca96f3d5ca991d0ed4ae0f8698eb0b
18e4f4eefebd20eba1b704debe18d48bdf0212da
e34ebb4288cb36d1170cebd3800cb0745dbc4beed9a8391073f97b3b67950871
Analyzer Verdict Alert fortinet Phishing
GET /t/common/js/opticks.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 887
last-modified: Thu, 24 Nov 2022 13:53:25 GMT
server: AmazonS3
date: Thu, 24 Nov 2022 16:10:06 GMT
etag: "e4ca96f3d5ca991d0ed4ae0f8698eb0b"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: r24ipnL8hOFMR_cr8xXKKDfh9FYQ6M2fl-d4HFa6HX4xXpAXiaeurw==
X-Firefox-Spdy: h2
p.typekit.net/p.css?s=1&k=mrt4etr&ht=tk&f=24539.24540.24547.24548&a=8479565&app=typekit&e=css
23.36.76.122200 OK 5 B URL HTTP/2 p.typekit.net/p.css?s=1&k=mrt4etr&ht=tk&f=24539.24540.24547.24548&a=8479565&app=typekit&e=css
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
Hash 83d24d4b43cc7eef2b61e66c95f3d158
f0cafc285ee23bb6c28c5166f305493c4331c84d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
GET /p.css?s=1&k=mrt4etr&ht=tk&f=24539.24540.24547.24548&a=8479565&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css
cross-origin-resource-policy: cross-origin
etag: "613bee4d-5"
last-modified: Fri, 10 Sep 2021 23:46:21 GMT
server: nginx
content-length: 5
unused62: 8096267
date: Thu, 24 Nov 2022 16:10:06 GMT
X-Firefox-Spdy: h2
use.typekit.net/af/4cc789/00000000000000003b9b46ed/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
23.36.76.122200 OK 47 kB URL HTTP/2 use.typekit.net/af/4cc789/00000000000000003b9b46ed/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 47364, version 1.0\012- data
Hash 17d1dd61c2ca9a1f49ed95d672e98137
f6aad362b6d2ca35f2074439ecc85fd028fa91e0
b3db5b321134954282781d3367d7914e8a8cf5285dc35427820ecd889df5ff5a
GET /af/4cc789/00000000000000003b9b46ed/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 47364
etag: "f9c1c4c847938c564b6f041956a850b045edf78a"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 24 Nov 2022 16:10:06 GMT
X-Firefox-Spdy: h2
use.typekit.net/af/02ad94/00000000000000003b9b46f3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
23.36.76.122200 OK 48 kB URL HTTP/2 use.typekit.net/af/02ad94/00000000000000003b9b46f3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 48496, version 1.0\012- data
Hash 95fbd058cd64c46fafd4d7b223761e51
467d1a7ae11b5d3776c646768f3bcd0986c6500a
547b25285152529ca4f1cf1866154c61f5d92fd3d090d7f976d741f6551e321a
GET /af/02ad94/00000000000000003b9b46f3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 48496
etag: "4589238bed773a5851c5884d8dd0501591bd1cb5"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 24 Nov 2022 16:10:06 GMT
X-Firefox-Spdy: h2
tours.specia1.com/assets/specia1/ga.js?_=1669306205894
143.204.55.92200 OK 392 B URL HTTP/2 tours.specia1.com/assets/specia1/ga.js?_=1669306205894
IP 143.204.55.92:0
Hash eac15786f9b8937b5689ddf3faf0351d
c3bc0f68e5b6ec584c0034c1264ce966d354f341
6003f930e7a6ff14bd5520a7324f5a4ffcecbd182aaff2e8ace7ec65d885aa45
GET /assets/specia1/ga.js?_=1669306205894 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Cookie: tour=52863; affsubid=144866-43274%2C43274; reff=; upgrade_tour=52863
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 392
last-modified: Thu, 24 Nov 2022 13:51:28 GMT
server: AmazonS3
date: Thu, 24 Nov 2022 16:10:06 GMT
etag: "eac15786f9b8937b5689ddf3faf0351d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qeu_D0_1G-m0a5-Q-cnOJixG_kkVXT0NZg1GEJ1w--uHj04iTLOugQ==
age: 39
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 34fc31113c3350160321a169f669b24b
3ac1f2a8d8b31746caad3f8ab7cda39fc4168014
dba4d0785a27640fe7efb4e70ab452afa33385c8e870622c30b9db0ad8c3ffb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBA4D0785A27640FE7EFB4E70AB452AFA33385C8E870622C30B9DB0AD8C3FFB9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16604
Expires: Thu, 24 Nov 2022 20:46:50 GMT
Date: Thu, 24 Nov 2022 16:10:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9dd7f661c1551243cbd4a716c62583c2
21b03678d009cb5353e134bef3a782a4dda1ad69
a5e10064943cda84f830a92e2ac6139f701d11580f6b8def88c8c6649fd27a73
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5E10064943CDA84F830A92E2AC6139F701D11580F6B8DEF88C8C6649FD27A73"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17982
Expires: Thu, 24 Nov 2022 21:09:48 GMT
Date: Thu, 24 Nov 2022 16:10:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9dd7f661c1551243cbd4a716c62583c2
21b03678d009cb5353e134bef3a782a4dda1ad69
a5e10064943cda84f830a92e2ac6139f701d11580f6b8def88c8c6649fd27a73
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5E10064943CDA84F830A92E2AC6139F701D11580F6B8DEF88C8C6649FD27A73"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17982
Expires: Thu, 24 Nov 2022 21:09:48 GMT
Date: Thu, 24 Nov 2022 16:10:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9dd7f661c1551243cbd4a716c62583c2
21b03678d009cb5353e134bef3a782a4dda1ad69
a5e10064943cda84f830a92e2ac6139f701d11580f6b8def88c8c6649fd27a73
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5E10064943CDA84F830A92E2AC6139F701D11580F6B8DEF88C8C6649FD27A73"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17982
Expires: Thu, 24 Nov 2022 21:09:48 GMT
Date: Thu, 24 Nov 2022 16:10:06 GMT
Connection: keep-alive
tours.specia1.com/t/2418/custom.js
143.204.55.92200 OK 2.7 kB URL HTTP/2 tours.specia1.com/t/2418/custom.js
IP 143.204.55.92:0
Hash eaa3b91b0b9c7697d371f45cf95c57d1
44932608d6b5cff00bf34a2bc49ede6d64ee2a29
3d463c1a2dc43a3c85d4710fa81fce6ebdb5763b8bcb9bcf5d095a9050641114
Analyzer Verdict Alert fortinet Phishing
GET /t/2418/custom.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 13:52:29 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 24 Nov 2022 16:10:06 GMT
etag: W/"e752751becbb4e2ac94f79d17c16d883"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -No_TVIt9jOsJ-22ULTvSapCqNpc2bz3eR9yUa_yUF9w3Q3cjg2cqw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9dd7f661c1551243cbd4a716c62583c2
21b03678d009cb5353e134bef3a782a4dda1ad69
a5e10064943cda84f830a92e2ac6139f701d11580f6b8def88c8c6649fd27a73
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5E10064943CDA84F830A92E2AC6139F701D11580F6B8DEF88C8C6649FD27A73"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17982
Expires: Thu, 24 Nov 2022 21:09:48 GMT
Date: Thu, 24 Nov 2022 16:10:06 GMT
Connection: keep-alive
secure.authbill.com/tour/api.php
68.169.87.223200 OK 56 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type ASCII text, with no line terminators
Hash b5b237804b5e40b6e3b55610cd959136
ffa90976b40d138bead0ed12beb53b1038b6b0d4
1cdc13ce52106a511958ce416fe2078d07e90afca65a38b35f39771d26a05985
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:06 GMT
server: Apache
set-cookie: PHPSESSID=74D2~9f5294f84b1077580dbc579b6ed0d4bf; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 56
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 385 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with very long lines (804), with no line terminators
Hash 673c190a4e2e73a6d3038928b8598f4c
6318b3faf1ccacf7f381d3c423d6a9882950c24c
39c4489106d62ae1d75f7c483c1a1a15311010cfe8445440c74d7582c6bba28c
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:06 GMT
server: Apache
set-cookie: PHPSESSID=120F~47b7267272076df5f0c2ae014ff40f02; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 385
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 4.8 kB URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with very long lines (20405), with no line terminators
Hash 2c52104cbb6259e25de3f430d981f6a0
0794c091b4c15a50e328317de1050efb6151795b
6aba8684a9eb0aab82c8aa6aa3c73e86b5fb8d34f9d991ad9b6c847ae8b44b36
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:06 GMT
server: Apache
set-cookie: PHPSESSID=D420~d76f4c76738b2e6a1e1b1a07c99df4ee; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 4820
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 21 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type very short file (no magic)
Hash 7ac8c27439ed6e2a30373651a2898777
1249bc89db36deb369d6388319453f015bd83e04
e240a7a561e7c84b32d4695ddc4c0d6c38a8e0c3f2581711c1971680f033437e
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:06 GMT
server: Apache
set-cookie: PHPSESSID=74D2~a07b7bd1c1b7fe14f484a93688280069; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 21
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 159 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:06 GMT
server: Apache
set-cookie: PHPSESSID=4DD2~89f90453ce2d82e80819bffbb58d2ae9; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
runsafeads.com/h/4898409d9693b180bc?url=https%3A%2F%2Ftours.specia1.com%2Ft%2F2418%2F%3Ft%3D52863%26aid%3D144866%26sid%3D43274%26opt%3D%26xk%3Dd0412082aa5f84320cfe773fc469f9e7%26bn%3D38%26gu%3Dgo.moartraffic.com%2Fgo.php%3Ft%3D52863%26aid%3D144866%26sid%3D43274%26click_id%3D530b2c4167ae41be916d9df66be40a531e169%26hts_id%3D432df9f0-ffbd-4335-8f0c-24752739dde3%26click_id%3D530b2c4167ae41be916d9df66be40a531e169%26i18n_country%3DUS%26hts_id%3D432df9f0-ffbd-4335-8f0c-24752739dde3&response-opticks-version=v3&_t0=1669306206216&_t1=1669306206424&_t2=1669306206424&_optTXYNrxirQX2j=ee075e28&_m=1uc&t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&i18n_country=US
62.212.87.244200 OK 930 B URL HTTP/1.1 runsafeads.com/h/4898409d9693b180bc?url=https%3A%2F%2Ftours.specia1.com%2Ft%2F2418%2F%3Ft%3D52863%26aid%3D144866%26sid%3D43274%26opt%3D%26xk%3Dd0412082aa5f84320cfe773fc469f9e7%26bn%3D38%26gu%3Dgo.moartraffic.com%2Fgo.php%3Ft%3D52863%26aid%3D144866%26sid%3D43274%26click_id%3D530b2c4167ae41be916d9df66be40a531e169%26hts_id%3D432df9f0-ffbd-4335-8f0c-24752739dde3%26click_id%3D530b2c4167ae41be916d9df66be40a531e169%26i18n_country%3DUS%26hts_id%3D432df9f0-ffbd-4335-8f0c-24752739dde3&response-opticks-version=v3&_t0=1669306206216&_t1=1669306206424&_t2=1669306206424&_optTXYNrxirQX2j=ee075e28&_m=1uc&t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&i18n_country=US
IP 62.212.87.244:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (930), with no line terminators
Hash 37e5f1a38504e657f68812e6cb54f07e
d03f757c7f2097a0fb4af15c190b13621c339ec8
71f1b1d1f92f6d54d6b51d8942dba5a151797d7d2653108dd8b5ab66525e356c
POST /h/4898409d9693b180bc?url=https%3A%2F%2Ftours.specia1.com%2Ft%2F2418%2F%3Ft%3D52863%26aid%3D144866%26sid%3D43274%26opt%3D%26xk%3Dd0412082aa5f84320cfe773fc469f9e7%26bn%3D38%26gu%3Dgo.moartraffic.com%2Fgo.php%3Ft%3D52863%26aid%3D144866%26sid%3D43274%26click_id%3D530b2c4167ae41be916d9df66be40a531e169%26hts_id%3D432df9f0-ffbd-4335-8f0c-24752739dde3%26click_id%3D530b2c4167ae41be916d9df66be40a531e169%26i18n_country%3DUS%26hts_id%3D432df9f0-ffbd-4335-8f0c-24752739dde3&response-opticks-version=v3&_t0=1669306206216&_t1=1669306206424&_t2=1669306206424&_optTXYNrxirQX2j=ee075e28&_m=1uc&t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&i18n_country=US HTTP/1.1
Host: runsafeads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2405
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 16:10:06 GMT
Cache-Control: private, max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: application/json
Vary: Accept-Encoding, User-Agent
Content-Length: 930
secure.authbill.com/tour/api.php
68.169.87.223200 OK 159 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:06 GMT
server: Apache
set-cookie: PHPSESSID=237E~d029d5b929b7662e04a5136636c18d86; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 20 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 590
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:06 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
set-cookie: PHPSESSID=237E~c479e77c0f0d433ab4999fdce4a1309f; path=/; secure; HttpOnly
bd_ovtu=11; expires=Fri, 25-Nov-2022 16:10:06 GMT; Max-Age=86400; path=/; domain=.authbill.com
vary: Accept-Encoding
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dd0dd96ca622aa07354fabdd0da767bf
a29eaa02a81dabed2c12be20a89d65a5a0417524
6a670e9031ec8c94bdc91c47a2d6a4ca2bd95fe032fec28888a8e6d7dc163cb4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 24 Nov 2022 14:41:08 GMT
expires: Thu, 24 Nov 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 5339
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dd0dd96ca622aa07354fabdd0da767bf
a29eaa02a81dabed2c12be20a89d65a5a0417524
6a670e9031ec8c94bdc91c47a2d6a4ca2bd95fe032fec28888a8e6d7dc163cb4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tours.specia1.com/t/2418/images/faviconqkkie.png
143.204.55.92200 OK 4.3 kB URL HTTP/2 tours.specia1.com/t/2418/images/faviconqkkie.png
IP 143.204.55.92:0
File type MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Hash 690a3f68651bbce4a0f121309801495d
0778b2771e982e6f49f842a354485fb0ee67d246
c0e52a46bb28c882584126b718cbb256bddaca6978cb484a7370358356a57236
GET /t/2418/images/faviconqkkie.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Cookie: tour=52863; affsubid=144866-43274%2C43274; reff=; upgrade_tour=52863; guid=A3044D3E-FDB7-4DF4-A2BD-F57FF1F8B30B; custom_tracking=%5B%22address%22%2C%22ad_type%22%2C%22app_id%22%2C%22app_name%22%2C%22auth_token%22%2C%22a_aid%22%2C%22a_bid%22%2C%22banner%22%2C%22banner_id%22%2C%22banner_size%22%2C%22bn%22%2C%22c%22%2C%22cid%22%2C%22city%22%2C%22clickid%22%2C%22click_id%22%2C%22click_url%22%2C%22cmp_bo%22%2C%22cmp_member_id%22%2C%22consent%22%2C%22dx%22%2C%22email%22%2C%22exotracker%22%2C%22f%22%2C%22fbclid%22%2C%22fbid%22%2C%22first_name%22%2C%22gclid%22%2C%22gdpr%22%2C%22h%22%2C%22hts_id%22%2C%22hx%22%2C%22keyword%22%2C%22landerid%22%2C%22lander_id%22%2C%22last_name%22%2C%22misc_tour_info%22%2C%22niche%22%2C%22np%22%2C%22offer%22%2C%22origin%22%2C%22phone_number%22%2C%22placement%22%2C%22product%22%2C%22product_id%22%2C%22profile_visited%22%2C%22publisher%22%2C%22rcid%22%2C%22referer%22%2C%22reqid%22%2C%22rgc%22%2C%22rgh%22%2C%22rgm%22%2C%22schedule%22%2C%22sdaf%22%2C%22sdfsadf%22%2C%22session_initiated_by%22%2C%22sl%22%2C%22smoochy_user_id%22%2C%22snapchat_username%22%2C%22source%22%2C%22state%22%2C%22street%22%2C%22sv_cheating_mon%22%2C%22template%22%2C%22thumb_id%22%2C%22tracker_id%22%2C%22upgrade_uuid%22%2C%22upg_reason%22%2C%22userage%22%2C%22useremail%22%2C%22userzip%22%2C%22user_id%22%2C%22wellhello_profile_id%22%2C%22wellhello_upgrade_tour%22%2C%22xk%22%2C%22zip%22%5D; prop_bn=38; prop_click_id=%5B%22530b2c4167ae41be916d9df66be40a531e169%22%2C%22530b2c4167ae41be916d9df66be40a531e169%22%5D; prop_hts_id=%5B%22432df9f0-ffbd-4335-8f0c-24752739dde3%22%2C%22432df9f0-ffbd-4335-8f0c-24752739dde3%22%5D; prop_xk=d0412082aa5f84320cfe773fc469f9e7; affiliate_144866_is_terminated=0; geoip=%7B%22country_code%22%3A%22NO%22%2C%22country_name%22%3A%22Norway%22%2C%22region%22%3A%22Oslo%22%2C%22city%22%3A%22Oslo%22%2C%22latitude%22%3A59.9127311707%2C%22longitude%22%3A10.7460899353%2C%22zipcode%22%3A%220131%22%2C%22isp_name%22%3A%22Blix%20Group%20AS%22%2C%22mobile_brand%22%3A%22%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 4286
last-modified: Thu, 24 Nov 2022 13:52:29 GMT
server: AmazonS3
date: Thu, 24 Nov 2022 16:10:08 GMT
etag: "690a3f68651bbce4a0f121309801495d"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8l_YS9hLQbzvr9JBmVPX35b43QFh19yKKTo_1fzovLw1A7C1AZISHA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bfb917b323571f7ee4abfa05c38501e8
c0df4228900a60ec15e7ac8fe8f2b31d304c6852
950dde731d7d185619950a60eee56fdb984cdd7b8fb0ae3823d80ee04280dc2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "950DDE731D7D185619950A60EEE56FDB984CDD7B8FB0AE3823D80EE04280DC2D"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=844
Expires: Thu, 24 Nov 2022 16:24:11 GMT
Date: Thu, 24 Nov 2022 16:10:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9800
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 16:10:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9800
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 16:10:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9800
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 16:10:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9800
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 16:10:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9800
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 16:10:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:06 GMT
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
age: 66181
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64d79191f005c9876b952c5f948aa0f7
1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a
00fb36c3d322e8302c5ce202d6d4119d637510cd6f3b63e1347781ec3bb9d7fc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13882
x-amzn-requestid: 9022b0b3-31d5-4149-a969-02514f11b95a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvzNHjMoAMFWMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9347-0e8354a02bef623644714e31;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ve4q5FDkwMGhPK6ZVVVCZtoBTaGaz43r_PwINzwS5Nx5tcZeQkVIfw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:49:47 GMT
age: 66020
etag: "1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0856fdb55f19f03a1bec38b3d6e0ac77
89accd230fba95fe0049678070817b36ead015fa
17c6e6f9bb8f4261fff2dc2a43ed994986418761624b8afead768e89927594f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5070
x-amzn-requestid: d86d95ad-9b78-4047-82e7-04e83a97e330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwViF1GIAMF_PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9423-10809ba1634776171cf79cb8;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:03 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8rbsN9OVJmneT9ov-Q7V4RB8DP5UWhhn-7cnukHiBpl06zmMM0zJTg==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:57:20 GMT
age: 65567
etag: "89accd230fba95fe0049678070817b36ead015fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:14:07 GMT
age: 32160
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9d93b2a6875d446c3467eb49767eef5
303c571b13b05fcf27ee1159d8fdf6369aaef0a2
2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:15:22 GMT
age: 32085
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4157f2c5c3c77ce699324ecb08f47c7
a7d9135f9d01ba13c3cdaf8b038c70212f159297
2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GW5UTfY7-TwPWTno9z1e21a2cA9fmU7GfHFYWdL-zQvMLxeq-S9Trg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:03:54 GMT
age: 65173
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
runsafeads.com/p
62.212.87.244200 OK 0 B IP 62.212.87.244:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /p HTTP/1.1
Host: runsafeads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1102
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
content-length: 0
go.moartraffic.com/go.php?t=52863&aid=144752&sid=43274&opt=
64.188.52.46200 OK 499 B URL HTTP/1.1 go.moartraffic.com/go.php?t=52863&aid=144752&sid=43274&opt=
IP 64.188.52.46:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (331)
Hash b75d16351e1eed2d2118bafee69c588c
56d82a4cb2a8a86b767206e80c700012925ae3f5
d8ee3714c67ce734aedbad1a8228be34c8a172ae6231a055be82f9366e2c0a40
GET /go.php?t=52863&aid=144752&sid=43274&opt= HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:07 GMT
server: Apache
set-cookie: bd_ovtu=1; expires=Fri, 25-Nov-2022 16:10:08 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdreff=https%3A%2F%2Ftours.specia1.com%2F; expires=Tue, 23-May-2023 16:10:08 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
tour=52863; expires=Tue, 23-May-2023 16:10:08 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
affsubid=144752-43274; expires=Tue, 23-May-2023 16:10:08 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
bdvisit=144752; expires=Fri, 25-Nov-2022 16:10:08 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdcounter=1; expires=Fri, 25-Nov-2022 16:10:08 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
xk=40010091ba0e2d202cce671fc660f9e7; expires=Tue, 23-May-2023 16:10:08 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-robots-tag: otherbot: noindex, nofollow, googlebot: noindex, nofollow
vary: Accept-Encoding
content-encoding: gzip
content-length: 499
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
runsafeads.com/p
62.212.87.244200 OK 0 B IP 62.212.87.244:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /p HTTP/1.1
Host: runsafeads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 130
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
content-length: 0
go.moartraffic.com/native.history.js
64.188.52.46200 OK 6.5 kB URL HTTP/1.1 go.moartraffic.com/native.history.js
IP 64.188.52.46:0
File type ASCII text, with very long lines (22102), with no line terminators
Hash 8353bbacfdb868f80448dcdb30c2e2d2
7232562be4f0f7a1aaa403c9d6c5d2ed17345cfd
fd7be3058aae52c67b43703962b3b6039b0ac2709a82a68a150aebae3e19ae38
GET /native.history.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=52863&aid=144752&sid=43274&opt=
Cookie: bd_ovtu=1; bdreff=https%3A%2F%2Ftours.specia1.com%2F; tour=52863; affsubid=144752-43274; bdvisit=144752; bdcounter=1; xk=40010091ba0e2d202cce671fc660f9e7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:08 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 6519
x-content-type-options: nosniff
go.moartraffic.com/go.min.js
64.188.52.46200 OK 221 B URL HTTP/1.1 go.moartraffic.com/go.min.js
IP 64.188.52.46:0
File type ASCII text, with very long lines (305)
Hash 77d3c60f4f2cc6ab7f7c0f9187dfd6fe
7a8ce851238850aeadfb637638c52891aeb53c42
98de9958ac1d81fdeea1f165dfe95f2da4d7e592f452d7c8ca699a1c914e3f2e
GET /go.min.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=52863&aid=144752&sid=43274&opt=
Cookie: bd_ovtu=1; bdreff=https%3A%2F%2Ftours.specia1.com%2F; tour=52863; affsubid=144752-43274; bdvisit=144752; bdcounter=1; xk=40010091ba0e2d202cce671fc660f9e7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:08 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 221
x-content-type-options: nosniff
go.moartraffic.com/favicon.ico
64.188.52.46200 OK 198 B URL HTTP/1.1 go.moartraffic.com/favicon.ico
IP 64.188.52.46:0
File type MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Hash c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b
GET /favicon.ico HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=52863&aid=144752&sid=43274&opt=
Cookie: bd_ovtu=1; bdreff=https%3A%2F%2Ftours.specia1.com%2F; tour=52863; affsubid=144752-43274; bdvisit=144752; bdcounter=1; xk=40010091ba0e2d202cce671fc660f9e7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:08 GMT
server: Apache
last-modified: Thu, 24 Nov 2022 13:32:18 GMT
etag: "c6-5ee376f194ecc"
accept-ranges: bytes
content-length: 198
content-type: image/vnd.microsoft.icon
x-content-type-options: nosniff
utl-1.com/1.6.42/utl.min.js
143.204.55.43304 Not Modified 0 B URL HTTP/2 utl-1.com/1.6.42/utl.min.js
IP 143.204.55.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1.6.42/utl.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Fri, 16 Sep 2022 14:37:04 GMT
If-None-Match: "1ebaf1813111fc553ecbb1e5b1ee667b"
TE: trailers
HTTP/2 304 Not Modified
date: Tue, 20 Sep 2022 10:48:16 GMT
last-modified: Fri, 16 Sep 2022 14:37:04 GMT
etag: "1ebaf1813111fc553ecbb1e5b1ee667b"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vBgDmkxDTr9OyHolCYl161lg-PmIitadnFCTbdCtaQWLe8QdYdGBJA==
age: 5635313
X-Firefox-Spdy: h2
tours.specia1.com/t/2418/?t=52863&aid=144752&sid=43274&opt=&xk=40010091ba0e2d202cce671fc660f9e7&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52863%26aid%3D144752%26sid%3D43274%26opt%3D%26hts_id%3D62f42358-a664-4ee0-846f-28f8e55a2dcb&i18n_country=NO&hts_id=62f42358-a664-4ee0-846f-28f8e55a2dcb
143.204.55.92200 OK 3.8 kB URL HTTP/2 tours.specia1.com/t/2418/?t=52863&aid=144752&sid=43274&opt=&xk=40010091ba0e2d202cce671fc660f9e7&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52863%26aid%3D144752%26sid%3D43274%26opt%3D%26hts_id%3D62f42358-a664-4ee0-846f-28f8e55a2dcb&i18n_country=NO&hts_id=62f42358-a664-4ee0-846f-28f8e55a2dcb
IP 143.204.55.92:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 3312e5a126b781ccae8cf4e4969676b6
972858045a79ec0d167847de6da1f14580c9c875
ceeb2e8458dbce5f5b877d165babc05f3f0602ca6e834dc5e4009318d0e0440e
GET /t/2418/?t=52863&aid=144752&sid=43274&opt=&xk=40010091ba0e2d202cce671fc660f9e7&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52863%26aid%3D144752%26sid%3D43274%26opt%3D%26hts_id%3D62f42358-a664-4ee0-846f-28f8e55a2dcb&i18n_country=NO&hts_id=62f42358-a664-4ee0-846f-28f8e55a2dcb HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/
Cookie: tour=52863; affsubid=144866-43274%2C43274; reff=; upgrade_tour=52863; guid=A3044D3E-FDB7-4DF4-A2BD-F57FF1F8B30B; custom_tracking=%5B%22address%22%2C%22ad_type%22%2C%22app_id%22%2C%22app_name%22%2C%22auth_token%22%2C%22a_aid%22%2C%22a_bid%22%2C%22banner%22%2C%22banner_id%22%2C%22banner_size%22%2C%22bn%22%2C%22c%22%2C%22cid%22%2C%22city%22%2C%22clickid%22%2C%22click_id%22%2C%22click_url%22%2C%22cmp_bo%22%2C%22cmp_member_id%22%2C%22consent%22%2C%22dx%22%2C%22email%22%2C%22exotracker%22%2C%22f%22%2C%22fbclid%22%2C%22fbid%22%2C%22first_name%22%2C%22gclid%22%2C%22gdpr%22%2C%22h%22%2C%22hts_id%22%2C%22hx%22%2C%22keyword%22%2C%22landerid%22%2C%22lander_id%22%2C%22last_name%22%2C%22misc_tour_info%22%2C%22niche%22%2C%22np%22%2C%22offer%22%2C%22origin%22%2C%22phone_number%22%2C%22placement%22%2C%22product%22%2C%22product_id%22%2C%22profile_visited%22%2C%22publisher%22%2C%22rcid%22%2C%22referer%22%2C%22reqid%22%2C%22rgc%22%2C%22rgh%22%2C%22rgm%22%2C%22schedule%22%2C%22sdaf%22%2C%22sdfsadf%22%2C%22session_initiated_by%22%2C%22sl%22%2C%22smoochy_user_id%22%2C%22snapchat_username%22%2C%22source%22%2C%22state%22%2C%22street%22%2C%22sv_cheating_mon%22%2C%22template%22%2C%22thumb_id%22%2C%22tracker_id%22%2C%22upgrade_uuid%22%2C%22upg_reason%22%2C%22userage%22%2C%22useremail%22%2C%22userzip%22%2C%22user_id%22%2C%22wellhello_profile_id%22%2C%22wellhello_upgrade_tour%22%2C%22xk%22%2C%22zip%22%5D; prop_bn=38; prop_click_id=%5B%22530b2c4167ae41be916d9df66be40a531e169%22%2C%22530b2c4167ae41be916d9df66be40a531e169%22%5D; prop_hts_id=%5B%22432df9f0-ffbd-4335-8f0c-24752739dde3%22%2C%22432df9f0-ffbd-4335-8f0c-24752739dde3%22%5D; prop_xk=d0412082aa5f84320cfe773fc469f9e7; affiliate_144866_is_terminated=0; geoip=%7B%22country_code%22%3A%22NO%22%2C%22country_name%22%3A%22Norway%22%2C%22region%22%3A%22Oslo%22%2C%22city%22%3A%22Oslo%22%2C%22latitude%22%3A59.9127311707%2C%22longitude%22%3A10.7460899353%2C%22zipcode%22%3A%220131%22%2C%22isp_name%22%3A%22Blix%20Group%20AS%22%2C%22mobile_brand%22%3A%22%22%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Thu, 24 Nov 2022 13:52:29 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 24 Nov 2022 16:10:06 GMT
etag: W/"05da9ea660f8e4ae353b36a09e3a70e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 07-D7JFrQcQzdnkua2n8r3s1XDz3xBpM73NHuwwSrKvc281IjDgLAA==
age: 3
X-Firefox-Spdy: h2
cdn.tours-78-94.wellhello.com/snapcheat/img/svg/arrow.svg
54.230.111.97304 Not Modified 0 B URL HTTP/2 cdn.tours-78-94.wellhello.com/snapcheat/img/svg/arrow.svg
IP 54.230.111.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /snapcheat/img/svg/arrow.svg HTTP/1.1
Host: cdn.tours-78-94.wellhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Fri, 26 Aug 2022 17:05:55 GMT
If-None-Match: "6308fd73-363"
TE: trailers
HTTP/2 304 Not Modified
date: Thu, 24 Nov 2022 16:10:08 GMT
server: nginx
etag: "6308fd73-363"
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -cgccmUB5bcvJYQ-ZY9fHMl1SBZdmkHGK8kZ3083RKZE684y1TOZsQ==
age: 7569642
X-Firefox-Spdy: h2
cdn.tours-78-94.wellhello.com/instantcheat/imgs/arrow.svg
54.230.111.97304 Not Modified 0 B URL HTTP/2 cdn.tours-78-94.wellhello.com/instantcheat/imgs/arrow.svg
IP 54.230.111.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /instantcheat/imgs/arrow.svg HTTP/1.1
Host: cdn.tours-78-94.wellhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Fri, 26 Aug 2022 17:05:54 GMT
If-None-Match: "6308fd72-363"
TE: trailers
HTTP/2 304 Not Modified
date: Thu, 24 Nov 2022 16:10:08 GMT
server: nginx
etag: "6308fd72-363"
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CMc--ZBM6DSN9qugG5RuGucOkZNLejHKBR76ma7rnwgfMy6UDx0rDA==
age: 7308169
X-Firefox-Spdy: h2
tours.specia1.com/assets/specia1/ga.js?_=1669306208604
143.204.55.92200 OK 392 B URL HTTP/2 tours.specia1.com/assets/specia1/ga.js?_=1669306208604
IP 143.204.55.92:0
Hash eac15786f9b8937b5689ddf3faf0351d
c3bc0f68e5b6ec584c0034c1264ce966d354f341
6003f930e7a6ff14bd5520a7324f5a4ffcecbd182aaff2e8ace7ec65d885aa45
GET /assets/specia1/ga.js?_=1669306208604 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144752&sid=43274&opt=&xk=40010091ba0e2d202cce671fc660f9e7&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D52863%26aid%3D144752%26sid%3D43274%26opt%3D%26hts_id%3D62f42358-a664-4ee0-846f-28f8e55a2dcb&i18n_country=NO&hts_id=62f42358-a664-4ee0-846f-28f8e55a2dcb
Cookie: tour=52863; affsubid=144752-43274; reff=https%3A%2F%2Fgo.moartraffic.com%2F; upgrade_tour=52863; guid=A3044D3E-FDB7-4DF4-A2BD-F57FF1F8B30B; custom_tracking=%5B%22address%22%2C%22ad_type%22%2C%22app_id%22%2C%22app_name%22%2C%22auth_token%22%2C%22a_aid%22%2C%22a_bid%22%2C%22banner%22%2C%22banner_id%22%2C%22banner_size%22%2C%22bn%22%2C%22c%22%2C%22cid%22%2C%22city%22%2C%22clickid%22%2C%22click_id%22%2C%22click_url%22%2C%22cmp_bo%22%2C%22cmp_member_id%22%2C%22consent%22%2C%22dx%22%2C%22email%22%2C%22exotracker%22%2C%22f%22%2C%22fbclid%22%2C%22fbid%22%2C%22first_name%22%2C%22gclid%22%2C%22gdpr%22%2C%22h%22%2C%22hts_id%22%2C%22hx%22%2C%22keyword%22%2C%22landerid%22%2C%22lander_id%22%2C%22last_name%22%2C%22misc_tour_info%22%2C%22niche%22%2C%22np%22%2C%22offer%22%2C%22origin%22%2C%22phone_number%22%2C%22placement%22%2C%22product%22%2C%22product_id%22%2C%22profile_visited%22%2C%22publisher%22%2C%22rcid%22%2C%22referer%22%2C%22reqid%22%2C%22rgc%22%2C%22rgh%22%2C%22rgm%22%2C%22schedule%22%2C%22sdaf%22%2C%22sdfsadf%22%2C%22session_initiated_by%22%2C%22sl%22%2C%22smoochy_user_id%22%2C%22snapchat_username%22%2C%22source%22%2C%22state%22%2C%22street%22%2C%22sv_cheating_mon%22%2C%22template%22%2C%22thumb_id%22%2C%22tracker_id%22%2C%22upgrade_uuid%22%2C%22upg_reason%22%2C%22userage%22%2C%22useremail%22%2C%22userzip%22%2C%22user_id%22%2C%22wellhello_profile_id%22%2C%22wellhello_upgrade_tour%22%2C%22xk%22%2C%22zip%22%5D; prop_bn=38; prop_click_id=%5B%22530b2c4167ae41be916d9df66be40a531e169%22%2C%22530b2c4167ae41be916d9df66be40a531e169%22%5D; prop_hts_id=62f42358-a664-4ee0-846f-28f8e55a2dcb; prop_xk=40010091ba0e2d202cce671fc660f9e7; affiliate_144866_is_terminated=0; geoip=%7B%22country_code%22%3A%22NO%22%2C%22country_name%22%3A%22Norway%22%2C%22region%22%3A%22Oslo%22%2C%22city%22%3A%22Oslo%22%2C%22latitude%22%3A59.9127311707%2C%22longitude%22%3A10.7460899353%2C%22zipcode%22%3A%220131%22%2C%22isp_name%22%3A%22Blix%20Group%20AS%22%2C%22mobile_brand%22%3A%22%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 392
last-modified: Thu, 24 Nov 2022 13:51:28 GMT
server: AmazonS3
date: Thu, 24 Nov 2022 16:10:06 GMT
etag: "eac15786f9b8937b5689ddf3faf0351d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EADiawgtRkKl4lROJDQCKER_5FAYcsW028TZyqdUAug3-QuyUKLd1A==
age: 42
X-Firefox-Spdy: h2
cdnimg.izooto.com/icons/7/bell-icon.png
104.18.216.65200 OK 4.6 kB URL HTTP/2 cdnimg.izooto.com/icons/7/bell-icon.png
IP 104.18.216.65:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 72ce28122e6dbb5468b44b452c15f72f
874c89f43308256aadf10ac462dda8f707fd5cb3
b84c83d41cbea8ebbf8cb8228c635ea4d175deb0fb8f5d629cb57957b0fd4de2
GET /icons/7/bell-icon.png HTTP/1.1
Host: cdnimg.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Cookie: IZCID=726171fe-7704-4b93-ac69-01ce43f5f598
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 16:10:09 GMT
content-type: image/png
content-length: 4646
cache-control: public, max-age=16070400
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5865
etag: "5eec69f2-16e9"
last-modified: Fri, 19 Jun 2020 07:32:02 GMT
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2248977
expires: Mon, 29 May 2023 16:10:09 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f369bf0cb1fac0-OSL
X-Firefox-Spdy: h2
secure.authbill.com/tour/api.php
68.169.87.223200 OK 21 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type very short file (no magic)
Hash 7ac8c27439ed6e2a30373651a2898777
1249bc89db36deb369d6388319453f015bd83e04
e240a7a561e7c84b32d4695ddc4c0d6c38a8e0c3f2581711c1971680f033437e
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:09 GMT
server: Apache
set-cookie: PHPSESSID=D420~516e9489a1f12e0c1c22d324db45bf78; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 21
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 20 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 759
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 24 Nov 2022 16:10:09 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
set-cookie: PHPSESSID=237E~2e77a8850cd15332bae35d6e340c7411; path=/; secure; HttpOnly
bd_ovtu=11; expires=Fri, 25-Nov-2022 16:10:09 GMT; Max-Age=86400; path=/; domain=.authbill.com
vary: Accept-Encoding
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f86429279e19a89ba7fae87ba2406b4e
abfa5369a7feb4dfebf13f5eb902c3e860976238
76d03c181e150e7e3a61bfa8489231999fb562f6cb0b382c456b9a37da1106a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1719160206.1669306209&jid=897289300&gjid=381223925&_gid=323734837.1669306209&_u=YEBAAEAAAAAAACAAI~&z=1016562730
142.251.1.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1719160206.1669306209&jid=897289300&gjid=381223925&_gid=323734837.1669306209&_u=YEBAAEAAAAAAACAAI~&z=1016562730
IP 142.251.1.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1719160206.1669306209&jid=897289300&gjid=381223925&_gid=323734837.1669306209&_u=YEBAAEAAAAAAACAAI~&z=1016562730 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 24 Nov 2022 16:10:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f7801fe8b983652ae788bc952856c2ed
f3898da21792b146a9f856e87ed3520d76277fb8
faa1bc8a9887e2dc694ff645546ea16cb96ac4bd1b0c460aef95f2cced100d6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f86429279e19a89ba7fae87ba2406b4e
abfa5369a7feb4dfebf13f5eb902c3e860976238
76d03c181e150e7e3a61bfa8489231999fb562f6cb0b382c456b9a37da1106a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b6a795cdfedb5c954b3000dbb2dc7f90
b17bb97d224d89bc8227cddf5a8386e100751cda
78c411d16c1be2d8da51fc409cb45ec2aca8d32b77ab4d1a1a1fe5d1a33552e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1719160206.1669306209&jid=897289300&_u=YEBAAEAAAAAAACAAI~&z=1097957248
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1719160206.1669306209&jid=897289300&_u=YEBAAEAAAAAAACAAI~&z=1097957248
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1719160206.1669306209&jid=897289300&_u=YEBAAEAAAAAAACAAI~&z=1097957248 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 16:10:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1719160206.1669306209&jid=897289300&_u=YEBAAEAAAAAAACAAI~&z=1097957248
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1719160206.1669306209&jid=897289300&_u=YEBAAEAAAAAAACAAI~&z=1097957248
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1719160206.1669306209&jid=897289300&_u=YEBAAEAAAAAAACAAI~&z=1097957248 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 16:10:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6fe23ae41ec0cbb3d702b1c64028cd13
e0e4d852454a5eae80a797aaa6f0991834dcc19a
47a12f27ec1ec271d17295d822c69d1b49c6a24107f3f7ce06a320688fae7f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b6a795cdfedb5c954b3000dbb2dc7f90
b17bb97d224d89bc8227cddf5a8386e100751cda
78c411d16c1be2d8da51fc409cb45ec2aca8d32b77ab4d1a1a1fe5d1a33552e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 16:10:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tours.specia1.com/t/2418/css/style.css
143.204.55.92200 OK 0 B URL HTTP/2 tours.specia1.com/t/2418/css/style.css
IP 143.204.55.92:0
GET /t/2418/css/style.css HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 24 Nov 2022 13:52:29 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 24 Nov 2022 16:10:06 GMT
etag: W/"c3a87cedac417f3b530e66e627bf2dc4"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2DmPq7HB_35qYzCEQtdsWJGn-NEcCXbOPdGYlNia1leV3YhN78UVow==
X-Firefox-Spdy: h2
cdn.izooto.com/scripts/sdk/izooto.js
104.18.216.65200 OK 0 B URL HTTP/2 cdn.izooto.com/scripts/sdk/izooto.js
IP 104.18.216.65:0
GET /scripts/sdk/izooto.js HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 16:10:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-bgj: minify
etag: W/"637f7e4e-3b618"
last-modified: Thu, 24 Nov 2022 14:23:10 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6351
expires: Sun, 25 Dec 2022 16:10:06 GMT
server: cloudflare
cf-ray: 76f369abfd01fac0-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
104.18.216.65200 OK 0 B URL HTTP/2 cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
IP 104.18.216.65:0
GET /scripts/sak/iz_setcid.html?v=1 HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 16:10:06 GMT
content-type: text/html
last-modified: Tue, 05 Apr 2022 12:00:20 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cache-control: public, max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 1913228
expires: Sun, 25 Dec 2022 16:10:06 GMT
server: cloudflare
cf-ray: 76f369ad4dfafac0-OSL
content-encoding: br
X-Firefox-Spdy: h2
tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
143.204.55.92200 OK 0 B URL HTTP/2 tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
IP 143.204.55.92:0
GET /t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html
last-modified: Thu, 24 Nov 2022 13:52:29 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 24 Nov 2022 16:10:06 GMT
etag: W/"05da9ea660f8e4ae353b36a09e3a70e9"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: x3lDFcLBJ2H3J8rtXhm6WnyNw8R8dnpJ58xKxXrCalTyHpuxQBrfbg==
X-Firefox-Spdy: h2
tours.specia1.com/t/common/js/footer_override.min.js
143.204.55.92200 OK 0 B URL HTTP/2 tours.specia1.com/t/common/js/footer_override.min.js
IP 143.204.55.92:0
Analyzer Verdict Alert fortinet Phishing
GET /t/common/js/footer_override.min.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 13:53:25 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 24 Nov 2022 16:10:05 GMT
etag: W/"bce527ef9e6ea886fffc7cee9fc69826"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eK5nyi6WGn51kQ92LNTAay5yuv8qxbA_mAVhMN5STRzn-Yk_5xc4ew==
age: 283
X-Firefox-Spdy: h2
tours.specia1.com/t/2418/tiktok-3-loop.mp4
143.204.55.92206 Partial Content 0 B URL HTTP/2 tours.specia1.com/t/2418/tiktok-3-loop.mp4
IP 143.204.55.92:0
Analyzer Verdict Alert fortinet Phishing
GET /t/2418/tiktok-3-loop.mp4 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
content-length: 1593436
last-modified: Thu, 24 Nov 2022 13:52:29 GMT
server: AmazonS3
date: Thu, 24 Nov 2022 16:10:07 GMT
etag: "6d8932a536de28cf2545560f00a370b1"
vary: Accept-Encoding
content-range: bytes 0-1593435/1593436
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9Wg5lVV5xb8i_cAd70CuwmTdgIhsEBG_JhbYkpuEkU7omLuJROLZEA==
X-Firefox-Spdy: h2
runsafeads.com/j/4898409d9693b180bc
62.212.87.244200 OK 0 B URL HTTP/1.1 runsafeads.com/j/4898409d9693b180bc
IP 62.212.87.244:0
ASN #60781 LeaseWeb Netherlands B.V.
GET /j/4898409d9693b180bc HTTP/1.1
Host: runsafeads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: close
Date: Thu, 24 Nov 2022 16:10:06 GMT
ETag: 5f38051b637f975eeffe02d35acd6934--gzip
Cache-Control: private, max-age=0, no-cache, must-revalidate
Pragma: no-cache
Accept-CH: Width, Viewport-Width, Viewport-Height, Device-Memory, Content-DPR, DPR, Save-Data, Downlink, ECT, RTT, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
Content-Type: text/javascript;charset=utf-8
Vary: Accept-Encoding, User-Agent
Content-Encoding: gzip
tours.specia1.com/t/2418/qkkie_chicktok-1.mp4
143.204.55.92206 Partial Content 0 B URL HTTP/2 tours.specia1.com/t/2418/qkkie_chicktok-1.mp4
IP 143.204.55.92:0
Analyzer Verdict Alert fortinet Phishing
GET /t/2418/qkkie_chicktok-1.mp4 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://tours.specia1.com/t/2418/?t=52863&aid=144866&sid=43274&opt=&xk=d0412082aa5f84320cfe773fc469f9e7&bn=38&gu=go.moartraffic.com/go.php?t=52863&aid=144866&sid=43274&click_id=530b2c4167ae41be916d9df66be40a531e169&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3&click_id=530b2c4167ae41be916d9df66be40a531e169&i18n_country=US&hts_id=432df9f0-ffbd-4335-8f0c-24752739dde3
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
content-length: 1417974
last-modified: Thu, 24 Nov 2022 13:52:29 GMT
server: AmazonS3
date: Thu, 24 Nov 2022 16:10:07 GMT
etag: "cf340b48752036c064fea34dd809e582"
vary: Accept-Encoding
content-range: bytes 0-1417973/1417974
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bKVDeHc34e6_ytE9m5pD8SWlG2TbeK-kcwG5oA5Xzdg9y9ruBVGd1A==
X-Firefox-Spdy: h2
cdn.izooto.com/optin/1.js?v=3
104.18.216.65200 OK 0 B URL HTTP/2 cdn.izooto.com/optin/1.js?v=3
IP 104.18.216.65:0
GET /optin/1.js?v=3 HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Cookie: IZCID=726171fe-7704-4b93-ac69-01ce43f5f598
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 16:10:09 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-bgj: minify
cf-polished: origSize=8282
etag: W/"63208990-205a"
last-modified: Tue, 13 Sep 2022 13:45:52 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 872381
expires: Sun, 25 Dec 2022 16:10:09 GMT
server: cloudflare
cf-ray: 76f369becc8cfac0-OSL
content-encoding: br
X-Firefox-Spdy: h2