urlscan.io logo urlscan.io
SecurityTrails logo

tours-78-94.wellhello.com Open in urlscan Pro
34.225.219.245  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://poemsliterature.com/
Effective URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_countr...
Submission: On May 15 via api from PT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 1 countries across 6 domains to perform 44 HTTP transactions. The main IP is 34.225.219.245, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is tours-78-94.wellhello.com.
This is the only time tours-78-94.wellhello.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 104.31.76.107 13335 (CLOUDFLAR...)
1 216.58.206.10 15169 (GOOGLE)
1 104.31.77.107 13335 (CLOUDFLAR...)
1 54.230.93.124 16509 (AMAZON-02)
3 68.169.80.231 23393 (ISPRIME)
1 1 52.72.78.91 14618 (AMAZON-AES)
1 34.225.219.245 14618 (AMAZON-AES)
21 69.16.175.42 20446 (HIGHWINDS3)
3 69.16.175.10 20446 (HIGHWINDS3)
1 172.217.23.174 15169 (GOOGLE)
44 10
2    104.31.76.107 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
poemsliterature.com
1    216.58.206.10 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f10.1e100.net
ajax.googleapis.com
1    104.31.77.107 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
poemsliterature.com
1    54.230.93.124 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-93-124.fra2.r.cloudfront.net
2d4feq3s8d.execute-api.us-west-2.amazonaws.com
3    68.169.80.231 (Weehawken, United States)

ASN23393 (ISPRIME - ISPrime, Inc., US)
go.wellhello.com
1    52.72.78.91 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-72-78-91.compute-1.amazonaws.com
tours-78-94.wellhello.com
1    34.225.219.245 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-225-219-245.compute-1.amazonaws.com
tours-78-94.wellhello.com
21    69.16.175.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: tlb.hwcdn.net
cdn.tours-78-94.wellhello.com
3    69.16.175.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: tlb.hwcdn.net
cdn.tours-78-94.wellhello.com
1    172.217.23.174 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s22-in-f174.1e100.net
www.google-analytics.com
Domain Requested by
24 cdn.tours-78-94.wellhello.com tours-78-94.wellhello.com
3 go.wellhello.com poemsliterature.com
go.wellhello.com
3 poemsliterature.com poemsliterature.com
2 tours-78-94.wellhello.com 1 redirects go.wellhello.com
1 www.google-analytics.com tours-78-94.wellhello.com
1 2d4feq3s8d.execute-api.us-west-2.amazonaws.com ajax.googleapis.com
1 ajax.googleapis.com poemsliterature.com
0 secure.authbill.com Failed tours-78-94.wellhello.com
44 8

This site contains links to these domains. Also see Links.

Domain
wellhello.com
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Frame ID: 77D5321FBCC132648257CF0F776EE8C0
Requests: 44 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://poemsliterature.com/ Page URL
  2. http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya Page URL
  3. https://tours-78-94.wellhello.com/wh_redgirls?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe5... HTTP 301
    http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i
Overall confidence: 100%
Detected patterns
  • env /^NREUM/i

Page Statistics

44
Requests

0 %
HTTPS

0 %
IPv6

6
Domains

8
Subdomains

10
IPs

1
Countries

3350 kB
Transfer

3675 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://poemsliterature.com/ Page URL
  2. http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya Page URL
  3. https://tours-78-94.wellhello.com/wh_redgirls?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE HTTP 301
    http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set /
poemsliterature.com/ 		468 B
704 B 		Document
General
Check archive.org
Download Go to
Full URL
http://poemsliterature.com/
Protocol
HTTP/1.1
Server
104.31.76.107 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a191909819d397967cb4d70acc57bcae7a10c43975cf7f911b979e6c140d8f2

Request headers

Host
poemsliterature.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
77D5321FBCC132648257CF0F776EE8C0

Response headers

Date
Tue, 15 May 2018 09:46:04 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d8f16dbdd05fb83dfe05978aa19ab0ad01526377563; expires=Wed, 15-May-19 09:46:03 GMT; path=/; domain=.poemsliterature.com; HttpOnly
Last-Modified
Tue, 05 Sep 2017 15:58:02 GMT
Server
cloudflare
CF-RAY
41b4acde606c64db-FRA
Content-Encoding
gzip
loading.css
poemsliterature.com/ 		1 KB
752 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://poemsliterature.com/loading.css?6
Requested by
Host: poemsliterature.com
URL: http://poemsliterature.com/
Protocol
HTTP/1.1
Server
104.31.76.107 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a82eb7a258361bd62c572941aa0c1ff0144f6e7fa64c827dcc624cf819797c0

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
poemsliterature.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://poemsliterature.com/
Cookie
__cfduid=d8f16dbdd05fb83dfe05978aa19ab0ad01526377563
Connection
keep-alive
Cache-Control
no-cache
Referer
http://poemsliterature.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:04 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Tue, 05 Sep 2017 15:58:02 GMT
Server
cloudflare
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=14400
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
41b4ace0e11d64db-FRA
Expires
Tue, 15 May 2018 13:46:04 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: poemsliterature.com
URL: http://poemsliterature.com/
Protocol
SPDY
Server
216.58.206.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s20-in-f10.1e100.net
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://poemsliterature.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 12 Feb 2018 14:24:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
7932085
status
200
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
30306
x-xss-protection
1; mode=block
last-modified
Fri, 24 Mar 2017 20:55:54 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Feb 2019 14:24:39 GMT
api.js
poemsliterature.com/ 		1 KB
826 B 		Script
General
Check archive.org
Download Go to
Full URL
http://poemsliterature.com/api.js?23
Requested by
Host: poemsliterature.com
URL: http://poemsliterature.com/
Protocol
HTTP/1.1
Server
104.31.77.107 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d04940e8b537ea4158c7472f4d2448ead4253fca386427d8590b21ab8a88503

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
poemsliterature.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://poemsliterature.com/
Cookie
__cfduid=d8f16dbdd05fb83dfe05978aa19ab0ad01526377563
Connection
keep-alive
Cache-Control
no-cache
Referer
http://poemsliterature.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:04 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Fri, 29 Sep 2017 16:20:06 GMT
Server
cloudflare
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
public, max-age=14400
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
41b4ace0e4ed9762-FRA
Expires
Tue, 15 May 2018 13:46:04 GMT
prod
2d4feq3s8d.execute-api.us-west-2.amazonaws.com/ 		68 B
407 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://2d4feq3s8d.execute-api.us-west-2.amazonaws.com/prod?domain=poemsliterature.com
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol
SPDY
Server
54.230.93.124 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-124.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://poemsliterature.com/
Origin
http://poemsliterature.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Tue, 15 May 2018 09:46:05 GMT
via
1.1 cc8b896855d901b7dcb353fe6d186846.cloudfront.net (CloudFront)
x-amzn-requestid
c8f2c38e-5824-11e8-a2cf-118db9577f93
status
200
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-5afaac5c-57c14231bda0e17f0fbfade0
x-amz-apigw-id
G6_egGYRPHcFjTA=
content-length
68
x-amz-cf-id
iYdmkjl9a2P4abMuS_0yUpMGDcvYiN2BPUZ0DKZbfLeRpqWLroAVHA==
Cookie set go.php
go.wellhello.com/ 		636 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya
Requested by
Host: poemsliterature.com
URL: http://poemsliterature.com/api.js?23
Protocol
HTTP/1.1
Server
68.169.80.231 Weehawken, United States, ASN23393 (ISPRIME - ISPrime, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
f4561d453342169720835cb61211cba01a2ba7b40840f3631624374a15ff9e99

Request headers

Host
go.wellhello.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://poemsliterature.com/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
77D5321FBCC132648257CF0F776EE8C0
Referer
http://poemsliterature.com/

Response headers

Date
Tue, 15 May 2018 09:46:05 GMT
Server
Apache
Set-Cookie
bd_ovtu=1; expires=Wed, 16-May-2018 09:46:05 GMT; Max-Age=86400; path=/; domain=.wellhello.com bdreff=http%3A%2F%2Fpoemsliterature.com%2F; expires=Sun, 11-Nov-2018 09:46:05 GMT; Max-Age=15552000; path=/; domain=.wellhello.com tour=25566; expires=Sun, 11-Nov-2018 09:46:05 GMT; Max-Age=15552000; path=/; domain=.wellhello.com affsubid=113272-alreadygotya; expires=Sun, 11-Nov-2018 09:46:05 GMT; Max-Age=15552000; path=/; domain=.wellhello.com bdvisit=113272; expires=Wed, 16-May-2018 09:46:05 GMT; Max-Age=86400; path=/; domain=.wellhello.com bdcounter=1; expires=Wed, 16-May-2018 09:46:05 GMT; Max-Age=86400; path=/; domain=.wellhello.com xk=d061c03553f39d4896c3bdbe55ad5afc; expires=Sun, 11-Nov-2018 09:46:05 GMT; Max-Age=15552000; path=/; domain=.wellhello.com
Cache-Control
no-store, no-cache, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-Robots-Tag
otherbot: noindex, nofollow googlebot: noindex, nofollow
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
411
Keep-Alive
timeout=3, max=512
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
native.history.js
go.wellhello.com/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://go.wellhello.com/native.history.js
Requested by
Host: go.wellhello.com
URL: http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya
Protocol
HTTP/1.1
Server
68.169.80.231 Weehawken, United States, ASN23393 (ISPRIME - ISPrime, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
bee3b09b6b763bde185e8910f985de8d7a29a53800fbbd835a940d3c596f58f3

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
go.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:06 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-type
application/javascript
Connection
Keep-Alive
Keep-Alive
timeout=3, max=511
Content-Length
6523
go.min.js
go.wellhello.com/ 		2 KB
970 B 		Script
General
Check archive.org
Download Go to
Full URL
http://go.wellhello.com/go.min.js
Requested by
Host: go.wellhello.com
URL: http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya
Protocol
HTTP/1.1
Server
68.169.80.231 Weehawken, United States, ASN23393 (ISPRIME - ISPrime, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
b24db1a37a5a7a846f40b95a9fc62d7e0cbdddecc36fdcf63e9cf1e09ff0317b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
go.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:06 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-type
application/javascript
Connection
Keep-Alive
Keep-Alive
timeout=3, max=512
Content-Length
736
Primary Request /
tours-78-94.wellhello.com/wh_redgirls/
Redirect Chain
  • https://tours-78-94.wellhello.com/wh_redgirls?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
  • http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
32 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Requested by
Host: go.wellhello.com
URL: http://go.wellhello.com/go.min.js
Protocol
HTTP/1.1
Server
34.225.219.245 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-225-219-245.compute-1.amazonaws.com
Software
nginx /
Resource Hash
20fa525ae249d6bc9fa8b0165441e7329e3c2954839329c1e09bf0eb68fdc29c

Request headers

Host
tours-78-94.wellhello.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya&bt=0
Accept-Encoding
gzip, deflate
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
77D5321FBCC132648257CF0F776EE8C0
Referer
http://go.wellhello.com/go.php?t=20743&aid=113272&sid=alreadygotya&bt=0

Response headers

Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 15 May 2018 09:46:07 GMT
Server
nginx
Vary
Accept-Encoding
Content-Length
10632
Connection
keep-alive

Redirect headers

Content-Type
text/html
Date
Tue, 15 May 2018 09:46:06 GMT
Location
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Server
nginx
Content-Length
178
Connection
keep-alive
style.min.css
cdn.tours-78-94.wellhello.com/wh_redgirls/css/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/css/style.min.css
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
3f657b5440f7da2b907eb93f395df468544642714cb2415911ee66caf4f124bc

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Feb 2018 17:32:26 GMT
Server
nginx
ETag
W/"5a8b0a2a-faa"
Vary
X-HW
1526377567.dop002.fr8.t,1526377567.cds007.fr8.c
Content-Type
text/css
Cache-Control
max-age=24296452
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1509
wh-logo.svg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/wh-logo.svg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
bd30d34fd64c21d41cf9c72112a0835710f6b902c7229406d82b5b62c28e3c7d

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:34:47 GMT
Server
nginx
ETag
"5a8b0ab7-1c32"
X-HW
1526377567.dop007.fr8.t,1526377567.cds033.fr8.c
Content-Type
image/svg+xml
Cache-Control
max-age=24296452
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
7218
bang-women.gif
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		780 KB
780 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/bang-women.gif
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
2a98b0fdc041799069f4beaf707a7ddfe35296a76c051cff5cc3ab7ec0cde96f

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:32:26 GMT
Server
nginx
ETag
"5a8b0a2a-c2efc"
X-HW
1526377567.dop012.fr8.t,1526377567.cds003.fr8.c
Content-Type
image/gif
Cache-Control
max-age=24296452
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
798460
bang-men.gif
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		462 KB
463 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/bang-men.gif
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
4431e6ea3d22768e98cbf3ce8986836214da1706d20e19f028317305d75d7488

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:28:55 GMT
Server
nginx
ETag
"5a8b0957-738f6"
X-HW
1526377567.dop010.fr8.t,1526377567.cds035.fr8.c
Content-Type
image/gif
Cache-Control
max-age=24296452
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
473334
man.gif
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		638 KB
639 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/man.gif
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
f114a8d6f9d60456ec6dc0d5037dcbf1e5ba4f71b636231d85c6032728f8dc68

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:28:55 GMT
Server
nginx
ETag
"5a8b0957-9f9c3"
X-HW
1526377567.dop012.fr8.t,1526377567.cds045.fr8.c
Content-Type
image/gif
Cache-Control
max-age=24296452
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
653763
woman.gif
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		610 KB
610 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/woman.gif
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
99a2a42e93a488c8d230081113ba72b78396c55802abd298b8d8e6cc6a92b40c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:28:55 GMT
Server
nginx
ETag
"5a8b0957-9861a"
X-HW
1526377567.dop007.fr8.t,1526377567.cds041.fr8.c
Content-Type
image/gif
Cache-Control
max-age=24296452
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
624154
universal_tour_library.js
cdn.tours-78-94.wellhello.com/utl/ 		292 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.tours-78-94.wellhello.com/utl/universal_tour_library.js
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
248ae89a30e654b55bffcfce72dcb87b48b6691709c8776f6c82f0caee7c9926

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 13 Apr 2018 11:53:51 GMT
Server
nginx
ETag
"5ad09a4f-48fa9"
X-HW
1526377570.dop002.fr8.t,1526377570.cds024.fr8.c
Content-Type
application/javascript
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
94634
mst2.min.js
cdn.tours-78-94.wellhello.com/utl/ 		20 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.tours-78-94.wellhello.com/utl/mst2.min.js
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
e052660fc29700e11cc5af1b75b5df52399358cfeb50eb2218dc5b480ce08dd6

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Feb 2018 17:34:45 GMT
Server
nginx
ETag
"5a8b0ab5-4efc"
X-HW
1526377567.dop007.fr8.t,1526377567.cds008.fr8.c
Content-Type
application/javascript
Cache-Control
max-age=24296254
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
2794
custom.min.js
cdn.tours-78-94.wellhello.com/wh_redgirls/js/ 		1 KB
990 B 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/js/custom.min.js
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
96d36599333e080eb11a34b4cca0d7d3bd30c8e7b7fc5464102d3f315c95fd8a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Feb 2018 17:28:55 GMT
Server
nginx
ETag
"5a8b0957-4fc"
X-HW
1526377567.dop010.fr8.t,1526377567.cds036.fr8.c
Content-Type
application/javascript
Cache-Control
max-age=24296453
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
634
ga.js
cdn.tours-78-94.wellhello.com/common/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.tours-78-94.wellhello.com/common/js/ga.js
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
a3b11fa89d87b97d89a274ec9f7888c8ff7e1b5c1395f099413276e13d551f06

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Feb 2018 17:32:22 GMT
Server
nginx
ETag
"5a8b0a26-954"
X-HW
1526377567.dop009.fr8.t,1526377567.cds024.fr8.c
Content-Type
application/javascript
Cache-Control
max-age=24296215
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
854
1.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		75 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/1.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
e0455d910900a7fb5042ef6e0b86f0956ea9bd73a8ac2afb9f1032350799e3c1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://cdn.tours-78-94.wellhello.com/wh_redgirls/css/style.min.css
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://cdn.tours-78-94.wellhello.com/wh_redgirls/css/style.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:34:47 GMT
Server
nginx
ETag
"5a8b0ab7-12a40"
X-HW
1526377567.dop010.fr8.t,1526377567.cds010.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296453
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
76352
14.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		66 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/14.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
eac19a5c666aa6a7105c245dfbf28f216c9cb3661153c1a9acfc9bc34b8b48b1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:32:26 GMT
Server
nginx
ETag
"5a8b0a2a-10901"
X-HW
1526377567.dop009.fr8.t,1526377567.cds036.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296455
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
67841
13.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/13.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
609a079250faa90c6e0785233aa0d2e3b2174a77b02562b0410ce2946de8bac8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:34:47 GMT
Server
nginx
ETag
"5a8b0ab7-58b4"
X-HW
1526377567.dop007.fr8.t,1526377567.cds049.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296455
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
22708
12.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/12.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
d8ee060d72868ef8a3ef762d3a7520d05025bf10156c75975cdd503eb01f63d3

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:32:26 GMT
Server
nginx
ETag
"5a8b0a2a-7fdf"
X-HW
1526377567.dop007.fr8.t,1526377567.cds007.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296455
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
32735
11.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/11.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
48faa640f7f471e66bece1cfdc49bff16a968b06d2582fd7a96c4e8dad9f8b70

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:32:26 GMT
Server
nginx
ETag
"5a8b0a2a-84ac"
X-HW
1526377567.dop010.fr8.t,1526377567.cds012.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296454
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
33964
10.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/10.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
aef43d91a78e111ab602c24e3c1328b82fe7f222c7eb086ce74971184698ffda

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:32:26 GMT
Server
nginx
ETag
"5a8b0a2a-a38d"
X-HW
1526377567.dop009.fr8.t,1526377567.cds050.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296454
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
41869
9.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/9.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
30429efcef0a05a56d760b7a22393e25e2bd8441887ff467b225d1f0527171af

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:28:55 GMT
Server
nginx
ETag
"5a8b0957-80d8"
X-HW
1526377567.dop007.fr8.t,1526377567.cds035.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296454
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
32984
8.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/8.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
a6b7899bcac379a8da97a6309dc05e14d3d240c1453aecb2bef6f6818084a290

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:34:47 GMT
Server
nginx
ETag
"5a8b0ab7-843b"
X-HW
1526377567.dop007.fr8.t,1526377567.cds014.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296454
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
33851
7.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/7.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
918064756225211317203fdd60c05b2c559ddea542102376196d79e92822eb4a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:32:26 GMT
Server
nginx
ETag
"5a8b0a2a-11f12"
X-HW
1526377567.dop012.fr8.t,1526377567.cds008.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296454
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
73490
6.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		68 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/6.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
60356d20b793f52531a7380baaa5fdf72f82059ed157ddc2f7efa35b2d2d3c49

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:34:47 GMT
Server
nginx
ETag
"5a8b0ab7-11157"
X-HW
1526377567.dop010.fr8.t,1526377567.cds042.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296454
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
69975
5.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/5.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
83822649aed91df1ee063558f63f2f3585bfcdb4613e1926ea8c645c2d97c8b6

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:34:47 GMT
Server
nginx
ETag
"5a8b0ab7-fea7"
X-HW
1526377567.dop009.fr8.t,1526377567.cds032.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296455
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
65191
4.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/4.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
bf7a74cc87883d927d8d1fd54ebcc12cc2e34d477e18a1071bfb598acd20db18

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:28:55 GMT
Server
nginx
ETag
"5a8b0957-8c64"
X-HW
1526377567.dop007.fr8.t,1526377567.cds015.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296454
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
35940
3.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		66 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/3.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
eac19a5c666aa6a7105c245dfbf28f216c9cb3661153c1a9acfc9bc34b8b48b1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:34:47 GMT
Server
nginx
ETag
"5a8b0ab7-10901"
X-HW
1526377567.dop009.fr8.t,1526377567.cds027.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
67841
2.jpg
cdn.tours-78-94.wellhello.com/wh_redgirls/img/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.tours-78-94.wellhello.com/wh_redgirls/img/2.jpg
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
HTTP/1.1
Server
69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
db981c671b6133fbd24618a926aa8e8194b19876864aea274768e7577d234259

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
cdn.tours-78-94.wellhello.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Cookie
bd_ovtu=1; bdreff=http%3A%2F%2Fpoemsliterature.com%2F; tour=25566; affsubid=113272-alreadygotya; bdvisit=113272; bdcounter=1; xk=d061c03553f39d4896c3bdbe55ad5afc
Connection
keep-alive
Cache-Control
no-cache
Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Tue, 15 May 2018 09:46:07 GMT
Last-Modified
Mon, 19 Feb 2018 17:34:47 GMT
Server
nginx
ETag
"5a8b0ab7-a821"
X-HW
1526377567.dop010.fr8.t,1526377567.cds017.fr8.c
Content-Type
image/jpeg
Cache-Control
max-age=24296453
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
43041
analytics.js
www.google-analytics.com/ 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: tours-78-94.wellhello.com
URL: http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
Protocol
SPDY
Server
172.217.23.174 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s22-in-f174.1e100.net
Software
Golfe2 /
Resource Hash
2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=113272&sid=alreadygotya&xk=d061c03553f39d4896c3bdbe55ad5afc&i18n_country=DE
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 12 Apr 2018 18:13:11 GMT
server
Golfe2
age
3003
date
Tue, 15 May 2018 08:56:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
14353
expires
Tue, 15 May 2018 10:56:07 GMT
api.php
secure.authbill.com/tour/ 		0
0
api.php
secure.authbill.com/tour/ 		0
0
api.php
secure.authbill.com/tour/ 		0
0
api.php
secure.authbill.com/tour/ 		0
0
api.php
secure.authbill.com/tour/ 		0
0
api.php
secure.authbill.com/tour/ 		0
0
footer.php
secure.authbill.com/tour/ 		0
0
api.php
secure.authbill.com/tour/ 		0
0
collect
www.google-analytics.com/r/ 		0
0
collect
www.google-analytics.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
secure.authbill.com
URL
https://secure.authbill.com/tour/api.php
Domain
secure.authbill.com
URL
https://secure.authbill.com/tour/api.php
Domain
secure.authbill.com
URL
https://secure.authbill.com/tour/api.php
Domain
secure.authbill.com
URL
https://secure.authbill.com/tour/api.php
Domain
secure.authbill.com
URL
https://secure.authbill.com/tour/api.php
Domain
secure.authbill.com
URL
https://secure.authbill.com/tour/api.php
Domain
secure.authbill.com
URL
https://secure.authbill.com/tour/footer.php?product=wellhello&aid=113272&t=25566&show_ml=&show_sl=&show_pl=&show_tl=
Domain
secure.authbill.com
URL
https://secure.authbill.com/tour/api.php
Domain
www.google-analytics.com
URL
https://www.google-analytics.com/r/collect?v=1&_v=j67&a=2114661597&t=pageview&_s=1&dl=http%3A%2F%2Ftours-78-94.wellhello.com%2Fwh_redgirls%2F%3Ft%3D25566%26aid%3D113272%26sid%3Dalreadygotya%26xk%3Dd061c03553f39d4896c3bdbe55ad5afc%26i18n_country%3DDE&dr=http%3A%2F%2Fgo.wellhello.com%2Fgo.php%3Ft%3D20743%26aid%3D113272%26sid%3Dalreadygotya%26bt%3D0&ul=en-us&de=UTF-8&dt=WellHello!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBACEABB~&jid=1901582387&gjid=117414436&cid=1132552682.1526377570&tid=UA-45065814-1&_gid=587652796.1526377570&_r=1&z=1378956027
Domain
www.google-analytics.com
URL
https://www.google-analytics.com/collect?v=1&_v=j67&a=2114661597&t=event&_s=2&dl=http%3A%2F%2Ftours-78-94.wellhello.com%2Fwh_redgirls%2F%3Ft%3D25566%26aid%3D113272%26sid%3Dalreadygotya%26xk%3Dd061c03553f39d4896c3bdbe55ad5afc%26i18n_country%3DDE&dr=http%3A%2F%2Fgo.wellhello.com%2Fgo.php%3Ft%3D20743%26aid%3D113272%26sid%3Dalreadygotya%26bt%3D0&ul=en-us&de=UTF-8&dt=WellHello!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ci=Tour%3A%2025566&ec=Tour%3A%2025566&ea=Current%20step%3A%2001&el=Total%20steps%3A%2014&_u=YGBACEABB~&jid=&gjid=&cid=1132552682.1526377570&tid=UA-45065814-1&_gid=587652796.1526377570&z=394066705

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| NREUM object| newrelic function| __nr_require

7 Cookies

Domain/Path Name / Value
.wellhello.com/ Name: bdcounter
Value: 1
.wellhello.com/ Name: xk
Value: d061c03553f39d4896c3bdbe55ad5afc
.wellhello.com/ Name: bdvisit
Value: 113272
.wellhello.com/ Name: affsubid
Value: 113272-alreadygotya
.wellhello.com/ Name: tour
Value: 25566
.wellhello.com/ Name: bdreff
Value: http%3A%2F%2Fpoemsliterature.com%2F
.wellhello.com/ Name: bd_ovtu
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2d4feq3s8d.execute-api.us-west-2.amazonaws.com
ajax.googleapis.com
cdn.tours-78-94.wellhello.com
go.wellhello.com
poemsliterature.com
secure.authbill.com
tours-78-94.wellhello.com
www.google-analytics.com
secure.authbill.com
www.google-analytics.com
104.31.76.107
104.31.77.107
172.217.23.174
216.58.206.10
34.225.219.245
52.72.78.91
54.230.93.124
68.169.80.231
69.16.175.10
69.16.175.42
0a82eb7a258361bd62c572941aa0c1ff0144f6e7fa64c827dcc624cf819797c0
20fa525ae249d6bc9fa8b0165441e7329e3c2954839329c1e09bf0eb68fdc29c
2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675
248ae89a30e654b55bffcfce72dcb87b48b6691709c8776f6c82f0caee7c9926
2a98b0fdc041799069f4beaf707a7ddfe35296a76c051cff5cc3ab7ec0cde96f
30429efcef0a05a56d760b7a22393e25e2bd8441887ff467b225d1f0527171af
3f657b5440f7da2b907eb93f395df468544642714cb2415911ee66caf4f124bc
4431e6ea3d22768e98cbf3ce8986836214da1706d20e19f028317305d75d7488
48faa640f7f471e66bece1cfdc49bff16a968b06d2582fd7a96c4e8dad9f8b70
5d04940e8b537ea4158c7472f4d2448ead4253fca386427d8590b21ab8a88503
60356d20b793f52531a7380baaa5fdf72f82059ed157ddc2f7efa35b2d2d3c49
609a079250faa90c6e0785233aa0d2e3b2174a77b02562b0410ce2946de8bac8
6a191909819d397967cb4d70acc57bcae7a10c43975cf7f911b979e6c140d8f2
83822649aed91df1ee063558f63f2f3585bfcdb4613e1926ea8c645c2d97c8b6
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
918064756225211317203fdd60c05b2c559ddea542102376196d79e92822eb4a
96d36599333e080eb11a34b4cca0d7d3bd30c8e7b7fc5464102d3f315c95fd8a
99a2a42e93a488c8d230081113ba72b78396c55802abd298b8d8e6cc6a92b40c
a3b11fa89d87b97d89a274ec9f7888c8ff7e1b5c1395f099413276e13d551f06
a6b7899bcac379a8da97a6309dc05e14d3d240c1453aecb2bef6f6818084a290
aef43d91a78e111ab602c24e3c1328b82fe7f222c7eb086ce74971184698ffda
b24db1a37a5a7a846f40b95a9fc62d7e0cbdddecc36fdcf63e9cf1e09ff0317b
bd30d34fd64c21d41cf9c72112a0835710f6b902c7229406d82b5b62c28e3c7d
bee3b09b6b763bde185e8910f985de8d7a29a53800fbbd835a940d3c596f58f3
bf7a74cc87883d927d8d1fd54ebcc12cc2e34d477e18a1071bfb598acd20db18
d8ee060d72868ef8a3ef762d3a7520d05025bf10156c75975cdd503eb01f63d3
db981c671b6133fbd24618a926aa8e8194b19876864aea274768e7577d234259
e0455d910900a7fb5042ef6e0b86f0956ea9bd73a8ac2afb9f1032350799e3c1
e052660fc29700e11cc5af1b75b5df52399358cfeb50eb2218dc5b480ce08dd6
eac19a5c666aa6a7105c245dfbf28f216c9cb3661153c1a9acfc9bc34b8b48b1
f114a8d6f9d60456ec6dc0d5037dcbf1e5ba4f71b636231d85c6032728f8dc68
f4561d453342169720835cb61211cba01a2ba7b40840f3631624374a15ff9e99