Submitted URL: http://sexy.googleoffer.xyz/
Effective URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.m...
Submission: On March 06 via api from US — Scanned from CA

Summary

This website contacted 12 IPs in 2 countries across 15 domains to perform 51 HTTP transactions. The main IP is 13.33.60.120, located in United States and belongs to AMAZON-02, US. The main domain is tours.specia1.com. The Cisco Umbrella rank of the primary domain is 641938.
TLS certificate: Issued by Amazon on January 19th 2022. Valid for: a year.
This is the only time tours.specia1.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
28 specia1.com
tours.specia1.com — Cisco Umbrella Rank: 641938
621 KB
7 authbill.com
secure.authbill.com — Cisco Umbrella Rank: 168288
10 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
20 KB
3 izooto.com
cdn.izooto.com — Cisco Umbrella Rank: 14439
48 KB
2 gstatic.com
fonts.gstatic.com
32 KB
2 utl-1.com
utl-1.com — Cisco Umbrella Rank: 223839
322 KB
1 google.ca
www.google.ca — Cisco Umbrella Rank: 8822
501 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
501 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 68
443 B
1 comewithyou.com
tours.comewithyou.com
1 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
1 KB
1 cl0udh0st1ng.com
cl0udh0st1ng.com — Cisco Umbrella Rank: 325535
2 KB
1 moartraffic.com
go.moartraffic.com — Cisco Umbrella Rank: 294230
2 KB
1 or23trk.com
www.or23trk.com
412 B
1 googleoffer.xyz
sexy.googleoffer.xyz
318 B
51 15
Domain Requested by
28 tours.specia1.com tours.specia1.com
utl-1.com
7 secure.authbill.com utl-1.com
3 www.google-analytics.com tours.specia1.com
www.google-analytics.com
3 cdn.izooto.com tours.specia1.com
cdn.izooto.com
2 fonts.gstatic.com fonts.googleapis.com
2 utl-1.com tours.specia1.com
1 www.google.ca
1 www.google.com
1 stats.g.doubleclick.net www.google-analytics.com
1 tours.comewithyou.com utl-1.com
1 fonts.googleapis.com tours.specia1.com
1 cl0udh0st1ng.com tours.specia1.com
1 go.moartraffic.com 1 redirects
1 www.or23trk.com 1 redirects
1 sexy.googleoffer.xyz 1 redirects
51 15

This site contains links to these domains. Also see Links.

Domain
harlotthespy.awesome-apps.io
comewithyou.com
Subject Issuer Validity Valid
specia1.com
Amazon
2022-01-19 -
2023-02-17
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-06-11 -
2022-06-10
a year crt.sh
upload.video.google.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
utl-1.com
Amazon
2021-06-24 -
2022-07-23
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
secure.authbill.com
R3
2022-02-23 -
2022-05-24
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
tours.comewithyou.com
Amazon
2021-09-08 -
2022-10-07
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
www.google.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
*.google.ca
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh

This page contains 3 frames:

Primary Page: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Frame ID: B73C7632EFD3C3834CB3FB551A946943
Requests: 49 HTTP requests in this frame

Frame: https://cdn.izooto.com/scripts/sak/iz_setcid.html
Frame ID: 09D1BC7803D6C11B1C2EF675BDE116B2
Requests: 1 HTTP requests in this frame

Frame: https://tours.comewithyou.com/common/html/check_external_autologin.html?receiver=https%3A%2F%2Ftours.specia1.com
Frame ID: 219DFC08216A232AF102B5307B0C63CD
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Come With You

Page URL History Show full URLs

  1. http://sexy.googleoffer.xyz/ HTTP 301
    https://www.or23trk.com/M9947Z/25CRTKG/?sub1=JRS HTTP 302
    http://go.moartraffic.com/go.php?t=49740&aid=143752&sid=403&clickid=435729090df14999b9d0b64c4535e291 HTTP 302
    https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • cdn\.izooto\.\w+

Page Statistics

51
Requests

100 %
HTTPS

53 %
IPv6

15
Domains

15
Subdomains

12
IPs

2
Countries

1059 kB
Transfer

1293 kB
Size

25
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sexy.googleoffer.xyz/ HTTP 301
    https://www.or23trk.com/M9947Z/25CRTKG/?sub1=JRS HTTP 302
    http://go.moartraffic.com/go.php?t=49740&aid=143752&sid=403&clickid=435729090df14999b9d0b64c4535e291 HTTP 302
    https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

51 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
tours.specia1.com/t/878/
Redirect Chain
  • http://sexy.googleoffer.xyz/
  • https://www.or23trk.com/M9947Z/25CRTKG/?sub1=JRS
  • http://go.moartraffic.com/go.php?t=49740&aid=143752&sid=403&clickid=435729090df14999b9d0b64c4535e291
  • https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D...
15 KB
3 KB
Document
General
Full URL
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
665ddbe45c8a5838c0ec4cb926f604a042391a366e51691e737b680ed404bb76

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
en-CA,en;q=0.9

Response headers

content-type
text/html
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
content-encoding
gzip
date
Sun, 06 Mar 2022 15:45:46 GMT
etag
W/"2fe31bb97a292e5ee706356f7974f895"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
x-amz-cf-id
DXpnDrpEtGGxlXrMFAqHWD-LjWQIPkjZWT0CKG61vhj-ZwiAjR4ueQ==
age
209

Redirect headers

date
Sun, 06 Mar 2022 15:45:43 GMT
server
Apache
cache-control
no-store, no-cache, must-revalidate
expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
CP="NOI ADM DEV COM NAV OUR STP"
x-robots-tag
otherbot: noindex, nofollow googlebot: noindex, nofollow
location
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
vary
Accept-Encoding
content-encoding
gzip
content-length
20
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
bo.js
cl0udh0st1ng.com/
4 KB
2 KB
Script
General
Full URL
https://cl0udh0st1ng.com/bo.js
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5b2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
852d19ed390414ca431837cc185a237cc5c5a393e193182efd17420a5bb4b651

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
8a3f8906323289292ab7806ae8c1aeac59017c87
date
Sun, 06 Mar 2022 15:45:46 GMT
via
1.1 varnish
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
289
x-cache
MISS
x-cache-hits
0
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-yul12829-YUL
last-modified
Tue, 04 Jun 2019 22:59:12 GMT
server
cloudflare
x-github-request-id
87C8:5D51:4C148F:95D964:61A2A02B
x-timer
S1638047788.788257,VS0,VE2742
etag
W/"5cf6f7c0-e8c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTvAqjlpWL45Y2KtCKDmwzKVLANTKEQJ6ZCxH5r40laapm0Neo5cnhw0eZ11xzu1tNhsg%2FfDqhtyU98sBmomljtda1WkIDSHXPbhS3KFX2w8sS27%2FJaqu5qaduP%2BbLiC2SarO3MTWotnGpcjZH7N"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6e7c386c5b19714a-YUL
x-proxy-cache
HIT
expires
Sun, 06 Mar 2022 15:30:42 GMT
css
fonts.googleapis.com/
8 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,700
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200a Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
669ab617e9ecf5f68622b3d3a66c9ad09af9e7d43e773905ffb366fe3454cc94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 06 Mar 2022 15:39:21 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 06 Mar 2022 15:45:46 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 06 Mar 2022 15:45:46 GMT
style.css
tours.specia1.com/t/878/css/
27 KB
6 KB
Stylesheet
General
Full URL
https://tours.specia1.com/t/878/css/style.css
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a94fe02eebeb47fccfdd374ceee1469ba82b57e89933fe02b24c9ec4f992afcc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:46 GMT
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
age
277
etag
W/"edd54e6b07555c0c38b74574b9091cf2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
x-amz-cf-id
EAAdA9uL4zhNDJL8CD9ToP7B_XQsFxz1BCIRM3mGnzZrcjAqC1gblg==
repoUtilsV2.js
tours.specia1.com/t/common/js/
6 KB
2 KB
Script
General
Full URL
https://tours.specia1.com/t/common/js/repoUtilsV2.js
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
27bfd892978a1454aeace298e543a317aefe9750e74faac177d85db1fe0968c8

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:43:25 GMT
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:17:24 GMT
server
AmazonS3
age
152
etag
W/"463ab17c7b265e702f3c4390d78b31b3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
x-amz-cf-id
ehLcwXXKTyvK726O2qgfFwlr2H2tkRE6Szf03GsY0eVC9RkP7XCGGQ==
logo.svg
tours.specia1.com/t/878/img/svg/
5 KB
3 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/svg/logo.svg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4b5326a109cb8d5df9dfb694b23b3ea3202cc9de5ee1fed82f5a13e6ad0e4ab4

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
age
278
etag
W/"e97e8f60b5d4167ce1b58b55c5199a6c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
x-amz-cf-id
uBP6oLuUmnmHqFWG9UrveBEbMBO9AvK7DEdfjgVbS8D1OffrCTLWdg==
logo-intro.svg
tours.specia1.com/t/878/img/svg/
5 KB
3 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/svg/logo-intro.svg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bf149dc17b7f195c10278a0302a6483686f8a8925dfa91c2e44f38e7a02188e6

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
age
278
etag
W/"1553af9131d60bf11581a58c79dc3422"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
x-amz-cf-id
UqlWITK7b4aGH-gzZRs6GYk--f18QcOO4bMphk9X7g9LJGrX5zRgrQ==
tick.svg
tours.specia1.com/t/878/img/svg/
814 B
1 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/svg/tick.svg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d4141992d1a6154f72ff71c62a2feae93b39481bb1a915028bd05cf1c3d00bc4

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:47 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
age
278
etag
"cd4abbc7503973315993237cac067cee"
x-cache
Hit from cloudfront
content-type
image/svg+xml
x-amz-cf-pop
EWR52-C1
content-length
814
x-amz-cf-id
3MszPTC7ewcXwV5JtaGs2WKmSS_KoedlV4xDKIbC_3EBlsLq9Lda7w==
yes.svg
tours.specia1.com/t/878/img/svg/
2 KB
1 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/svg/yes.svg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bfb8b05d0444b2da883838fbd477577c922c39b721e8709c017a929e628a65ce

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
age
278
etag
W/"b059dfb7d10a3f6a100803110617b2db"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
x-amz-cf-id
UjsZwFycaK1n2r2RZArzbzIMgMuoxqiXqYty75xwkNOWDhK9hgqHRw==
no.svg
tours.specia1.com/t/878/img/svg/
3 KB
1 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/svg/no.svg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bb891b88f42e9c62e079ca6e948957227fad1ab78a45ef750f6e83196951cda2

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
age
278
etag
W/"830341de56af885fa669e1ff65630c45"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
x-amz-cf-id
fA3jLY7uLtSMxZ5BfzlTe6osR94d1DvWx0Uu9pUZMeOKCJvgLIJTyQ==
cross.svg
tours.specia1.com/t/878/img/svg/
875 B
1 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/svg/cross.svg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9959ca0263a238d52b33ae8488b5dfdb7465fe80d2ee252992a544e1901550f1

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:47 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
age
278
etag
"7ac3ccbcb21a09f8616092db366f350d"
x-cache
Hit from cloudfront
content-type
image/svg+xml
x-amz-cf-pop
EWR52-C1
content-length
875
x-amz-cf-id
o5MF4so3LSrwTsiGruOtGJIYeZKc5BZdhc73BW-Edr244NK6z8oB_w==
utl.min.js
utl-1.com/1.6.34/
304 KB
304 KB
Script
General
Full URL
https://utl-1.com/1.6.34/utl.min.js
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.125.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-125-127.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05c1b4196dfb5374e1584b5d08093f9b9e307b4d3983968d2181460e0a5db26c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 08:22:02 GMT
via
1.1 fd5bb5b63be18c34495bdbea44226476.cloudfront.net (CloudFront)
last-modified
Wed, 12 May 2021 14:02:14 GMT
server
AmazonS3
age
372226
etag
"1f4616fd4e851a2ae2f388afcfa91ea7"
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
EWR52-C3
accept-ranges
bytes
content-length
310980
x-amz-cf-id
DiUTgm6MFOCfbTOARBHGS4abbMdaaw0TxjkirZsSSxY7Ndr6Y7or6g==
mst2.min.js
utl-1.com/1.6.34/
17 KB
18 KB
Script
General
Full URL
https://utl-1.com/1.6.34/mst2.min.js
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.125.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-125-127.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d09fdacc2355a8504948c8bcdb6529e90bd1850b331e504fca32a84a00d5bc78

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 07:57:55 GMT
via
1.1 fd5bb5b63be18c34495bdbea44226476.cloudfront.net (CloudFront)
last-modified
Wed, 12 May 2021 14:02:13 GMT
server
AmazonS3
age
373673
etag
"e138625e5e126bf89e600a2b87c0bce9"
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
EWR52-C3
accept-ranges
bytes
content-length
17723
x-amz-cf-id
vbe-ApTQVAQ76xPx4aQPM_fHRFPuKTvURtX8i__jH81AZKXF81I1WA==
footer_override.min.js
tours.specia1.com/t/common/js/
7 KB
2 KB
Script
General
Full URL
https://tours.specia1.com/t/common/js/footer_override.min.js
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ac8e6cc346751aae8bfdb95f197d6979f954f7e1f97d4b65f0f3ac44ff966f65

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:43:41 GMT
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:17:24 GMT
server
AmazonS3
age
153
etag
W/"4131c4cfd23f1a2f2ce0a53afde26ac7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
x-amz-cf-id
SQY3qfvYRas57CU3R7addkdBLlcBB-h56EL5bRDMvvkUNHQDxUOyVg==
custom.js
tours.specia1.com/t/878/js/
10 KB
3 KB
Script
General
Full URL
https://tours.specia1.com/t/878/js/custom.js
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
424de45e470ad36dbd06c78927a7165179faba26ce7bea5c862382fae144ca06

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:46 GMT
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
age
277
etag
W/"70ed8488f346782f8439cd2cc21643c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
x-amz-cf-id
T2t0X6wEcCE8HLu6GgbUrRawcqWx-ERaS56gKRfXnXe2GVRXhJgF-g==
6d0d9819e611e28a165c1c894e7998790112eec4.js
cdn.izooto.com/scripts/
2 KB
1 KB
Script
General
Full URL
https://cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/common/js/repoUtilsV2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ccec67173d52026ca7ff6a4280fe70f4c64084f8510bc6aa977c500ecfb3fdf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
1387550
x-xss-protection
1; mode=block
last-modified
Mon, 18 Oct 2021 09:19:46 GMT
server
cloudflare
etag
W/"616d3c32-749"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 06 Apr 2022 15:45:47 GMT
cache-control
public, max-age=2678400
cf-ray
6e7c386ccaf47133-YUL
cf-bgj
minify
bg.jpg
tours.specia1.com/t/878/img/1x/
32 KB
32 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/bg.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e93a99bb468ba6ac200d8688b167149bb44d8d1807226d1548358173ec9a6184

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"33d6b8eede4aac26ac2427302e1520f2"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
32261
x-amz-cf-id
bILtuxVydZknjmNVqmZmPN3BNqwdXh_u0p2zj4VDKdqs3VjQAusUTg==
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://tours.specia1.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 01 Mar 2022 14:35:30 GMT
x-content-type-options
nosniff
age
436217
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 01 Mar 2023 14:35:30 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://tours.specia1.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 08:30:30 GMT
x-content-type-options
nosniff
age
285317
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 03 Mar 2023 08:30:30 GMT
1.jpg
tours.specia1.com/t/878/img/1x/
54 KB
54 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/1.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
58287cbb2965cf9188b8b02dec8cb304cbe6bc8021c7bf32eaba003cb90390fc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"67787585189395c675836337e3a00a88"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
55230
x-amz-cf-id
ZLeHW5-1NuSA0OgYWuPWfQC8E68Hp1RKA5PgeqCncqqjZ6qGxLWKxQ==
1a.jpg
tours.specia1.com/t/878/img/1x/
36 KB
36 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/1a.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
54ff66024584823f17812e2f5b4e0862a98e649e3bdf43db498acd617b0fe92b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"014c83720eeb2bb16e5884fdfb4540a7"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
36517
x-amz-cf-id
4v7s0hIpU1B0XMxwJTAnPhnIa1JvH6F2NlwCmpLDfquO_GOvP9gnQg==
1b.jpg
tours.specia1.com/t/878/img/1x/
43 KB
44 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/1b.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
68c0351f39773bd2105a5c796a746e4ad29e4bb8f19324678e74a4fd09c09997

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"910c76fd879f0ec98dd514d779bb735a"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
44515
x-amz-cf-id
-YnOBXhdmiAQKjQA6dS9A38CjH5W0eKlcx9f3JcRfNIyrfllev8ORg==
2.jpg
tours.specia1.com/t/878/img/1x/
38 KB
38 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/2.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
07ed9e4bad14c91869f4b6dc6aafd14cc70a140a0df69a9ef867e556553eca8e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"396a2b1d5bb0d0360c2b8e792c7799a9"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
38860
x-amz-cf-id
VeW3yRp4RZc2bSq56xKyxuiHS9BVLLLqwBLbYfz7bRsGcW6-0zxrgw==
2a.jpg
tours.specia1.com/t/878/img/1x/
31 KB
32 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/2a.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5ac5659cbf51217ca2ccf2a9c3cc238c309a529618d1c64ec85dfbd9cefc40b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"9140465adce4486dbd0b03c86cbbebe0"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
32183
x-amz-cf-id
k6mgre13X-SJ239bCsFrX_NvnBIMMPJ87GeC6G7r2Ksjr1rVeGosfA==
2b.jpg
tours.specia1.com/t/878/img/1x/
34 KB
35 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/2b.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a51854199f28d58e0fe187be667cb541b46df0fea9666d616fbe8603c37c55a7

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"2c6b4f6eb91f80da1f7839b9d40d9960"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
35001
x-amz-cf-id
N261VaK0KOsnjpQDFzr2ijLfcQSFOO12JwwN97vANHjQ6ZU_mzGo3A==
3.jpg
tours.specia1.com/t/878/img/1x/
41 KB
41 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/3.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
57d5fa896cae7991160d31f1b41ed96dd5ee97fa09adc00b0376dfb63359fb86

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"5538e773af5c8b7df55d250c1980b38f"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
41708
x-amz-cf-id
nYz9nGsbHhXjySn9FYYKlGB2kp7-8phplNbkxFtG5ctDnJi9GFrxxA==
3a.jpg
tours.specia1.com/t/878/img/1x/
33 KB
33 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/3a.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a20e4c930b2af06356846b52065eca514c30ff7500066b48d2b36b576bc13886

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"8fbbf9a8d2403001f9e2f2cb7af0e973"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
33747
x-amz-cf-id
UW70oNzH6NP_Vh4tVQcMmf5NOSjGYUdWNUs7Y_0K1WXtA205UD2zww==
3b.jpg
tours.specia1.com/t/878/img/1x/
35 KB
36 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/3b.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c640381575733fa44632e56d532362addb53dc6ada7b3f859ac3a5b9cf576b15

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"ff766a1058a4b74860c9d45365f31301"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
36107
x-amz-cf-id
kJrJBvpi5dsDkCu23fbRCCdgPDmjH5ODvju2NoxKaUFoL4hhVPX5Kw==
4.jpg
tours.specia1.com/t/878/img/1x/
33 KB
33 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/4.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2a26292f1d646ede9dabb2de8a67d89b70003eedbd0f962ab817278829eaf19a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"b27137a4619979ec0214ce6224bf699d"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
33491
x-amz-cf-id
Pr4yiYHkrVVi53x9e6-GqBoXCQy1eO1HBbfSr65LfotirhpYCuvW9w==
4a.jpg
tours.specia1.com/t/878/img/1x/
29 KB
29 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/4a.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
aa504da9c70f1138137ae42d070e458b10b7ceb9841ce6f47e3c8bb7396dc8d7

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"44a4ee8357e3c9a1e8f0f34520a900c7"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
29806
x-amz-cf-id
YjWtjmDQfQARvCUJnNmSEWIdWy5IjKhvaR2-ubCt9Mz8-lm4XwHBSQ==
4b.jpg
tours.specia1.com/t/878/img/1x/
37 KB
37 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/4b.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7140bc7112a5413a9eb0936691575b6abd8774a3a746a1734af9ebcd031730aa

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"046ceabfd2ee2179c67107d018b2f904"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
38001
x-amz-cf-id
kb4AQNnqQY0Nz9mKsbZlnSjRCa1TI-CgkNh7BlREtOCgXFWI5WQ_Xw==
5.jpg
tours.specia1.com/t/878/img/1x/
38 KB
39 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/5.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c96a438305f7df9aeabafc0db22db74174ec9123adc12e07d8ff1fdf358bf5b8

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"3b88fb2bda6ca50caa3e239b80803519"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
39230
x-amz-cf-id
AJSqxSkinQ1a3KxWzqghs1mWN0nh8kzzh8eOKVRnUTyRG4rLRiE23w==
5a.jpg
tours.specia1.com/t/878/img/1x/
39 KB
39 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/5a.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5a30fbb2b45f14f77d0dfcc55251212c6d3b9be7f6ae36611036f746e23c214

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"956a36af75c470ed35550011e90d3fe4"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
39939
x-amz-cf-id
bNMPPnY_pKv8eQ4EveB9heimDfVYkXLMYJuLFdP61_bjQAH-9O8lHQ==
5b.jpg
tours.specia1.com/t/878/img/1x/
35 KB
35 KB
Image
General
Full URL
https://tours.specia1.com/t/878/img/1x/5b.jpg
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
db58539c9503e2be5582d90ac89d13334af66b03d0f99248d2ced34024498955

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/t/878/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:48 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:17:11 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
etag
"4678866b47494680ea97469ce4416cb3"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
content-length
35911
x-amz-cf-id
aFaXdpfdNsSJobeO3CQFRUIYwqRxdImMGW6q0VXk1_spYHj0Bn0bww==
izooto.js
cdn.izooto.com/scripts/sdk/
185 KB
46 KB
Script
General
Full URL
https://cdn.izooto.com/scripts/sdk/izooto.js
Requested by
Host: cdn.izooto.com
URL: https://cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
180fbfaedfdb61493a4d703090076262d00b421d6c66e22f55408b6db5dae359
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
362685
x-xss-protection
1; mode=block
last-modified
Wed, 02 Mar 2022 11:00:01 GMT
server
cloudflare
etag
W/"621f4e31-2e4a5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 06 Apr 2022 15:45:47 GMT
cache-control
public, max-age=2678400
cf-ray
6e7c386d1b387133-YUL
cf-bgj
minify
iz_setcid.html
cdn.izooto.com/scripts/sak/ Frame 09D1
2 KB
884 B
Document
General
Full URL
https://cdn.izooto.com/scripts/sak/iz_setcid.html
Requested by
Host: cdn.izooto.com
URL: https://cdn.izooto.com/scripts/sdk/izooto.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92e62ed4b1792fbdb64faf2ec5507d26356b9e1bce54486fc130a2b1b68b7e89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/

Response headers

date
Sun, 06 Mar 2022 15:45:47 GMT
content-type
text/html
last-modified
Tue, 11 Feb 2020 13:01:43 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-xss-protection
1; mode=block
cache-control
public, max-age=2678400
access-control-allow-origin
*
cf-cache-status
HIT
age
1387542
expires
Wed, 06 Apr 2022 15:45:47 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6e7c386d9be17133-YUL
content-encoding
br
ga.js
tours.specia1.com/assets/specia1/
392 B
700 B
XHR
General
Full URL
https://tours.specia1.com/assets/specia1/ga.js?_=1646581547100
Requested by
Host: utl-1.com
URL: https://utl-1.com/1.6.34/utl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-120.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6003f930e7a6ff14bd5520a7324f5a4ffcecbd182aaff2e8ace7ec65d885aa45

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
X-Requested-With
XMLHttpRequest
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:43:25 GMT
via
1.1 1e0c086b1361f8d4ae58a5db76efda36.cloudfront.net (CloudFront)
last-modified
Thu, 03 Mar 2022 16:16:01 GMT
server
AmazonS3
age
144
etag
"eac15786f9b8937b5689ddf3faf0351d"
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
EWR52-C1
content-length
392
x-amz-cf-id
ye7iy14PfcggwwfTyIXStxrUw5WsIAVAxam4Vf31LBV2sRbQOG4l2w==
api.php
secure.authbill.com/tour/
36 B
636 B
XHR
General
Full URL
https://secure.authbill.com/tour/api.php
Requested by
Host: utl-1.com
URL: https://utl-1.com/1.6.34/utl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
68.169.87.223 , United States, ASN30602 (ISPRIME, US),
Reverse DNS
Software
Apache /
Resource Hash
df731148e85ef5e24bff49631a764e824fd6a81c09da2121e1740616ca3346eb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://tours.specia1.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers
X-Requested-With, content-type
content-length
56
expires
Thu, 19 Nov 1981 08:52:00 GMT
api.php
secure.authbill.com/tour/
794 B
961 B
XHR
General
Full URL
https://secure.authbill.com/tour/api.php
Requested by
Host: utl-1.com
URL: https://utl-1.com/1.6.34/utl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
68.169.87.223 , United States, ASN30602 (ISPRIME, US),
Reverse DNS
Software
Apache /
Resource Hash
dfdf153bda0f3c13ee22afd4a3823b46f10334cb33fa982ca2e3b8a11a3d0146
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://tours.specia1.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers
X-Requested-With, content-type
content-length
380
expires
Thu, 19 Nov 1981 08:52:00 GMT
api.php
secure.authbill.com/tour/
20 KB
5 KB
XHR
General
Full URL
https://secure.authbill.com/tour/api.php
Requested by
Host: utl-1.com
URL: https://utl-1.com/1.6.34/utl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
68.169.87.223 , United States, ASN30602 (ISPRIME, US),
Reverse DNS
Software
Apache /
Resource Hash
78f9153b97d7ffc7cb808144a600ace9cbe92a0208cbf348d55280c40db65d70
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://tours.specia1.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers
X-Requested-With, content-type
content-length
4820
expires
Thu, 19 Nov 1981 08:52:00 GMT
api.php
secure.authbill.com/tour/
1 B
601 B
XHR
General
Full URL
https://secure.authbill.com/tour/api.php
Requested by
Host: utl-1.com
URL: https://utl-1.com/1.6.34/utl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
68.169.87.223 , United States, ASN30602 (ISPRIME, US),
Reverse DNS
Software
Apache /
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://tours.specia1.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers
X-Requested-With, content-type
content-length
21
expires
Thu, 19 Nov 1981 08:52:00 GMT
api.php
secure.authbill.com/tour/
201 B
752 B
XHR
General
Full URL
https://secure.authbill.com/tour/api.php
Requested by
Host: utl-1.com
URL: https://utl-1.com/1.6.34/utl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
68.169.87.223 , United States, ASN30602 (ISPRIME, US),
Reverse DNS
Software
Apache /
Resource Hash
8200dcc4219f23ea8ebf4ef77aa9f6f09eeb6f063c8923c42814850c002b1456
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://tours.specia1.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers
X-Requested-With, content-type
content-length
171
expires
Thu, 19 Nov 1981 08:52:00 GMT
api.php
secure.authbill.com/tour/
201 B
752 B
XHR
General
Full URL
https://secure.authbill.com/tour/api.php
Requested by
Host: utl-1.com
URL: https://utl-1.com/1.6.34/utl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
68.169.87.223 , United States, ASN30602 (ISPRIME, US),
Reverse DNS
Software
Apache /
Resource Hash
8200dcc4219f23ea8ebf4ef77aa9f6f09eeb6f063c8923c42814850c002b1456
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://tours.specia1.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers
X-Requested-With, content-type
content-length
171
expires
Thu, 19 Nov 1981 08:52:00 GMT
api.php
secure.authbill.com/tour/
0
708 B
XHR
General
Full URL
https://secure.authbill.com/tour/api.php
Requested by
Host: utl-1.com
URL: https://utl-1.com/1.6.34/utl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
68.169.87.223 , United States, ASN30602 (ISPRIME, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://tours.specia1.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:45:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers
X-Requested-With, content-type
content-length
20
expires
Thu, 19 Nov 1981 08:52:00 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
3711
date
Sun, 06 Mar 2022 14:43:56 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 06 Mar 2022 16:43:56 GMT
check_external_autologin.html
tours.comewithyou.com/common/html/ Frame 219D
756 B
1 KB
Document
General
Full URL
https://tours.comewithyou.com/common/html/check_external_autologin.html?receiver=https%3A%2F%2Ftours.specia1.com
Requested by
Host: utl-1.com
URL: https://utl-1.com/1.6.34/utl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.150.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-150-5.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
60b8d95283abc2a33e22a3caf92b3a4e1722cf4ba8581f5fbb4ec303f08abd08

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/

Response headers

content-type
text/html
content-length
756
last-modified
Thu, 24 Feb 2022 17:11:05 GMT
server
AmazonS3
date
Sun, 06 Mar 2022 15:45:47 GMT
etag
"dd50762f19926d6c4bbd2b10d5d78216"
x-cache
Hit from cloudfront
via
1.1 31b4da0406d8b733add8a3131335a500.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C2
x-amz-cf-id
2lKXmbQK4yML9LpL2cR4H0p6KRfpe6NatgZiFUUUpZCEmk07cepxsQ==
age
76
collect
www.google-analytics.com/j/
4 B
148 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1887713039&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F878%2F%3Ft%3D49740%26aid%3D143752%26sid%3D403%26xk%3De0e1e0a53a3a0eb8bc12540c42682d47%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49740%2526aid%253D143752%2526sid%253D403%2526clickid%253D435729090df14999b9d0b64c4535e291%2526hts_id%253Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d%26clickid%3D435729090df14999b9d0b64c4535e291%26i18n_country%3DCA%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&ul=en-us&de=UTF-8&dt=Come%20With%20You&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ci=Tour%3A%2049740&ec=Tour%3A%2049740&ea=Current%20step%3A%2001&el=Total%20steps%3A%208&_u=YEBAAEABAAAAAC~&jid=1932626680&gjid=152224277&cid=116007265.1646581547&tid=UA-148167200-1&_gid=1906829352.1646581547&_r=1&_slc=1&z=1828032754
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://tours.specia1.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:45:47 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://tours.specia1.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
194 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1887713039&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F878%2F%3Ft%3D49740%26aid%3D143752%26sid%3D403%26xk%3De0e1e0a53a3a0eb8bc12540c42682d47%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49740%2526aid%253D143752%2526sid%253D403%2526clickid%253D435729090df14999b9d0b64c4535e291%2526hts_id%253Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d%26clickid%3D435729090df14999b9d0b64c4535e291%26i18n_country%3DCA%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&ul=en-us&de=UTF-8&dt=Come%20With%20You&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ci=Tour%3A%2049740&_u=YEBAAEABAAAAAC~&jid=&gjid=&cid=116007265.1646581547&tid=UA-148167200-1&_gid=1906829352.1646581547&z=1928367191
Requested by
Host: tours.specia1.com
URL: https://tours.specia1.com/t/878/?t=49740&aid=143752&sid=403&xk=e0e1e0a53a3a0eb8bc12540c42682d47&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49740%26aid%3D143752%26sid%3D403%26clickid%3D435729090df14999b9d0b64c4535e291%26hts_id%3Db74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d&clickid=435729090df14999b9d0b64c4535e291&i18n_country=CA&hts_id=b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Mar 2022 21:06:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
67163
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
443 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-148167200-1&cid=116007265.1646581547&jid=1932626680&gjid=152224277&_gid=1906829352.1646581547&_u=YEBAAEAAAAAAAC~&z=308644560
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4023:1407::9a Columbus, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://tours.specia1.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sun, 06 Mar 2022 15:45:47 GMT
content-type
text/plain
access-control-allow-origin
https://tours.specia1.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
501 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-148167200-1&cid=116007265.1646581547&jid=1932626680&_u=YEBAAEAAAAAAAC~&z=1365339028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2004 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:45:47 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/
42 B
501 B
Image
General
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-148167200-1&cid=116007265.1646581547&jid=1932626680&_u=YEBAAEAAAAAAAC~&z=1365339028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tours.specia1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:45:47 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored object| a function| b function| checkAltId object| _izq object| container undefined| _izAlt object| _iz object| izConfig object| utl function| isTestUser object| QueryString function| $ function| jQuery object| angular object| timeouts boolean| did_show_results object| defaultColors function| createElements function| randomPhysics function| updateFetti function| animate function| confetti function| init function| animateStep function| showResults function| resetResults function| handleErrors function| handleSuccess function| loaderResults function| hideKeyboard function| _izooto function| ga object| _loq string| GoogleAnalyticsObject object| google_tag_data object| gaplugins object| gaGlobal object| gaData

25 Cookies

Domain/Path Name / Value
www.or23trk.com/ Name: uniqueClick_25CRTKG
Value: 47ee4d25-76db-4c26-868f-8a4567969356:1646581543
www.or23trk.com/ Name: transaction_id
Value: 435729090df14999b9d0b64c4535e291
.moartraffic.com/ Name: bd_ovtu
Value: 1
.moartraffic.com/ Name: bdreff
Value: NONE
.moartraffic.com/ Name: tour
Value: 49740
.moartraffic.com/ Name: affsubid
Value: 143752-403
.moartraffic.com/ Name: bdvisit
Value: 143752
.moartraffic.com/ Name: bdcounter
Value: 1
.moartraffic.com/ Name: xk
Value: e0e1e0a53a3a0eb8bc12540c42682d47
.specia1.com/ Name: tour
Value: 49740
.specia1.com/ Name: affsubid
Value: 143752-403
.specia1.com/ Name: reff
Value:
.specia1.com/ Name: upgrade_tour
Value: 0
.izooto.com/ Name: IZCID
Value: 79b29af8-ccb0-4e57-b24b-955ad60e2188
.specia1.com/ Name: guid
Value: 51430B20-AC82-44FA-B151-EEFAE99266C8
.specia1.com/ Name: affiliate_143752_is_terminated
Value: 0
.specia1.com/ Name: custom_tracking
Value: %5B%22address%22%2C%22ad_type%22%2C%22app_id%22%2C%22app_name%22%2C%22auth_token%22%2C%22a_aid%22%2C%22a_bid%22%2C%22banner%22%2C%22banner_id%22%2C%22banner_size%22%2C%22bn%22%2C%22c%22%2C%22cid%22%2C%22city%22%2C%22clickid%22%2C%22click_id%22%2C%22click_url%22%2C%22cmp_bo%22%2C%22cmp_member_id%22%2C%22dx%22%2C%22email%22%2C%22exotracker%22%2C%22f%22%2C%22fbclid%22%2C%22fbid%22%2C%22first_name%22%2C%22gclid%22%2C%22gdpr%22%2C%22h%22%2C%22hts_id%22%2C%22hx%22%2C%22keyword%22%2C%22landerid%22%2C%22lander_id%22%2C%22last_name%22%2C%22misc_tour_info%22%2C%22niche%22%2C%22np%22%2C%22offer%22%2C%22origin%22%2C%22phone_number%22%2C%22placement%22%2C%22product%22%2C%22product_id%22%2C%22profile_visited%22%2C%22publisher%22%2C%22rcid%22%2C%22referer%22%2C%22reqid%22%2C%22rgc%22%2C%22rgh%22%2C%22rgm%22%2C%22schedule%22%2C%22sdaf%22%2C%22sdfsadf%22%2C%22session_initiated_by%22%2C%22sl%22%2C%22smoochy_user_id%22%2C%22snapchat_username%22%2C%22source%22%2C%22state%22%2C%22street%22%2C%22sv_cheating_mon%22%2C%22template%22%2C%22thumb_id%22%2C%22tracker_id%22%2C%22upgrade_uuid%22%2C%22upg_reason%22%2C%22userage%22%2C%22useremail%22%2C%22userzip%22%2C%22user_id%22%2C%22wellhello_profile_id%22%2C%22wellhello_upgrade_tour%22%2C%22xk%22%2C%22zip%22%5D
.specia1.com/ Name: prop_bn
Value: 38
.specia1.com/ Name: prop_clickid
Value: 435729090df14999b9d0b64c4535e291
.specia1.com/ Name: prop_hts_id
Value: b74445e7-0fd7-4cc7-a1cf-c70f03ab9d9d
.specia1.com/ Name: prop_xk
Value: e0e1e0a53a3a0eb8bc12540c42682d47
.tours.specia1.com/ Name: geoip
Value: %7B%22country_code%22%3A%22CA%22%2C%22country_name%22%3A%22Canada%22%2C%22region%22%3A%22Quebec%22%2C%22city%22%3A%22Montreal%22%2C%22latitude%22%3A45.5088386536%2C%22longitude%22%3A-73.5878067017%2C%22zipcode%22%3A%22H1A%200A1%22%2C%22isp_name%22%3A%22OVH%20Hosting%20Inc.%22%2C%22mobile_brand%22%3A%22%22%7D
.specia1.com/ Name: _ga
Value: GA1.2.116007265.1646581547
.specia1.com/ Name: _gid
Value: GA1.2.1906829352.1646581547
.specia1.com/ Name: _gat
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.izooto.com
cl0udh0st1ng.com
fonts.googleapis.com
fonts.gstatic.com
go.moartraffic.com
secure.authbill.com
sexy.googleoffer.xyz
stats.g.doubleclick.net
tours.comewithyou.com
tours.specia1.com
utl-1.com
www.google-analytics.com
www.google.ca
www.google.com
www.or23trk.com
13.33.60.120
143.204.150.5
192.99.35.126
2606:4700:3030::6815:5b2d
2606:4700::6812:d941
2607:f8b0:4006:80e::2003
2607:f8b0:4006:816::2003
2607:f8b0:4006:81d::2004
2607:f8b0:4006:820::200e
2607:f8b0:4006:824::200a
2607:f8b0:4023:1407::9a
34.120.151.224
64.188.52.46
68.169.87.223
99.84.125.127
05c1b4196dfb5374e1584b5d08093f9b9e307b4d3983968d2181460e0a5db26c
07ed9e4bad14c91869f4b6dc6aafd14cc70a140a0df69a9ef867e556553eca8e
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
180fbfaedfdb61493a4d703090076262d00b421d6c66e22f55408b6db5dae359
27bfd892978a1454aeace298e543a317aefe9750e74faac177d85db1fe0968c8
2a26292f1d646ede9dabb2de8a67d89b70003eedbd0f962ab817278829eaf19a
424de45e470ad36dbd06c78927a7165179faba26ce7bea5c862382fae144ca06
4b5326a109cb8d5df9dfb694b23b3ea3202cc9de5ee1fed82f5a13e6ad0e4ab4
54ff66024584823f17812e2f5b4e0862a98e649e3bdf43db498acd617b0fe92b
57d5fa896cae7991160d31f1b41ed96dd5ee97fa09adc00b0376dfb63359fb86
58287cbb2965cf9188b8b02dec8cb304cbe6bc8021c7bf32eaba003cb90390fc
5ccec67173d52026ca7ff6a4280fe70f4c64084f8510bc6aa977c500ecfb3fdf
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
6003f930e7a6ff14bd5520a7324f5a4ffcecbd182aaff2e8ace7ec65d885aa45
60b8d95283abc2a33e22a3caf92b3a4e1722cf4ba8581f5fbb4ec303f08abd08
665ddbe45c8a5838c0ec4cb926f604a042391a366e51691e737b680ed404bb76
669ab617e9ecf5f68622b3d3a66c9ad09af9e7d43e773905ffb366fe3454cc94
68c0351f39773bd2105a5c796a746e4ad29e4bb8f19324678e74a4fd09c09997
7140bc7112a5413a9eb0936691575b6abd8774a3a746a1734af9ebcd031730aa
78f9153b97d7ffc7cb808144a600ace9cbe92a0208cbf348d55280c40db65d70
8200dcc4219f23ea8ebf4ef77aa9f6f09eeb6f063c8923c42814850c002b1456
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
852d19ed390414ca431837cc185a237cc5c5a393e193182efd17420a5bb4b651
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
92e62ed4b1792fbdb64faf2ec5507d26356b9e1bce54486fc130a2b1b68b7e89
9959ca0263a238d52b33ae8488b5dfdb7465fe80d2ee252992a544e1901550f1
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a20e4c930b2af06356846b52065eca514c30ff7500066b48d2b36b576bc13886
a51854199f28d58e0fe187be667cb541b46df0fea9666d616fbe8603c37c55a7
a94fe02eebeb47fccfdd374ceee1469ba82b57e89933fe02b24c9ec4f992afcc
aa504da9c70f1138137ae42d070e458b10b7ceb9841ce6f47e3c8bb7396dc8d7
ac8e6cc346751aae8bfdb95f197d6979f954f7e1f97d4b65f0f3ac44ff966f65
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bb891b88f42e9c62e079ca6e948957227fad1ab78a45ef750f6e83196951cda2
bf149dc17b7f195c10278a0302a6483686f8a8925dfa91c2e44f38e7a02188e6
bfb8b05d0444b2da883838fbd477577c922c39b721e8709c017a929e628a65ce
c5a30fbb2b45f14f77d0dfcc55251212c6d3b9be7f6ae36611036f746e23c214
c5ac5659cbf51217ca2ccf2a9c3cc238c309a529618d1c64ec85dfbd9cefc40b
c640381575733fa44632e56d532362addb53dc6ada7b3f859ac3a5b9cf576b15
c96a438305f7df9aeabafc0db22db74174ec9123adc12e07d8ff1fdf358bf5b8
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d09fdacc2355a8504948c8bcdb6529e90bd1850b331e504fca32a84a00d5bc78
d4141992d1a6154f72ff71c62a2feae93b39481bb1a915028bd05cf1c3d00bc4
db58539c9503e2be5582d90ac89d13334af66b03d0f99248d2ced34024498955
df731148e85ef5e24bff49631a764e824fd6a81c09da2121e1740616ca3346eb
dfdf153bda0f3c13ee22afd4a3823b46f10334cb33fa982ca2e3b8a11a3d0146
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e93a99bb468ba6ac200d8688b167149bb44d8d1807226d1548358173ec9a6184
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629