tours.specia1.com Open in urlscan Pro
54.192.95.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tegr.am/+ZFRnItoS3MdjM2Vh
Effective URL:
https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=h...
Submission: On August 06 via manual (August 6th 2022, 4:12:06 pm UTC) from KE — Scanned from NL

Summary HTTP 48 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 16 IPs in 4 countries across 18 domains to perform 48 HTTP transactions. The main IP is 54.192.95.4, located in United States and belongs to AMAZON-02, US. The main domain is tours.specia1.com. The Cisco Umbrella rank of the primary domain is 518206.
TLS certificate: Issued by Amazon on January 19th 2022. Valid for: a year.

This is the only time tours.specia1.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6 8	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3037::ac43:c5e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::2014	15169 (GOOGLE) (GOOGLE)
2 3	23.36.163.225 23.36.163.225	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:dc:... 2a02:26f0:dc::217:61b2	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	3.218.135.42 3.218.135.42	14618 (AMAZON-AES) (AMAZON-AES)
1 1	64.188.52.46 64.188.52.46	30602 (ISPRIME) (ISPRIME)
17	54.192.95.4 54.192.95.4	16509 (AMAZON-02) (AMAZON-02)
1	2a06:98c1:312... 2a06:98c1:3120::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
2	18.66.122.75 18.66.122.75	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6812:d941	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	68.169.87.223 68.169.87.223	30602 (ISPRIME) (ISPRIME)
3	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
48	16

8 2a06:98c1:3120::3 (United States) 6 redirects

ASN13335 (CLOUDFLARENET, US)

tegr.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3037::ac43:c5e1 (United States)

ASN13335 (CLOUDFLARENET, US)

t.link.dating	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

geotargetly-1a441.appspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.36.163.225 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-225.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img6.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:dc::217:61b2 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

events.api.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.218.135.42 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-218-135-42.compute-1.amazonaws.com

t.crdefault1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.188.52.46 (United States) 1 redirects

ASN30602 (ISPRIME, US)

go.moartraffic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 54.192.95.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-95-4.mad51.r.cloudfront.net

tours.specia1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::c (United States)

ASN13335 (CLOUDFLARENET, US)

cl0udh0st1ng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.122.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-75.fra60.r.cloudfront.net

utl-1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:d941 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.izooto.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 68.169.87.223 (United States)

ASN30602 (ISPRIME, US)

secure.authbill.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	specia1.com tours.specia1.com — Cisco Umbrella Rank: 518206	55 KB
8	tegr.am 6 redirects tegr.am	5 KB
7	authbill.com secure.authbill.com — Cisco Umbrella Rank: 173525	10 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	20 KB
3	izooto.com cdn.izooto.com — Cisco Umbrella Rank: 13497	55 KB
3	link.dating t.link.dating	8 KB
3	wsimg.com img1.wsimg.com — Cisco Umbrella Rank: 8529 Failed img6.wsimg.com — Cisco Umbrella Rank: 10509	12 KB
2	utl-1.com utl-1.com — Cisco Umbrella Rank: 242286	323 KB
2	secureserver.net events.api.secureserver.net — Cisco Umbrella Rank: 12055	578 B
1	google.nl www.google.nl — Cisco Umbrella Rank: 8761	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 10	501 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 118	443 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	799 B
1	cl0udh0st1ng.com cl0udh0st1ng.com — Cisco Umbrella Rank: 332449	2 KB
1	moartraffic.com 1 redirects go.moartraffic.com — Cisco Umbrella Rank: 261675	2 KB
1	crdefault1.com 1 redirects t.crdefault1.com	1 KB
1	appspot.com geotargetly-1a441.appspot.com — Cisco Umbrella Rank: 143927	553 B
0	getflirty.com Failed tours.getflirty.com Failed
48	18

	Domain	Requested by
17	tours.specia1.com	tours.specia1.com utl-1.com
8	tegr.am	6 redirects tegr.am
7	secure.authbill.com	utl-1.com
3	www.google-analytics.com	tegr.am www.google-analytics.com
3	cdn.izooto.com	tours.specia1.com cdn.izooto.com
3	t.link.dating	tegr.am t.link.dating
2	utl-1.com	tours.specia1.com
2	events.api.secureserver.net	img1.wsimg.com
2	img1.wsimg.com	tegr.am
1	www.google.nl
1	www.google.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	fonts.googleapis.com	tours.specia1.com
1	cl0udh0st1ng.com	tours.specia1.com
1	go.moartraffic.com	1 redirects
1	t.crdefault1.com	1 redirects
1	img6.wsimg.com	t.link.dating
1	geotargetly-1a441.appspot.com	t.link.dating
0	tours.getflirty.com Failed	utl-1.com
48	19

This site contains links to these domains. Also see Links.

Domain
harlotthespy.awesome-apps.io
getflirty.com
www.getflirty.com

Subject Issuer	Validity	Valid
*.tegr.am E1	`2022-08-03` - `2022-11-01`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-10-29` - `2022-10-28`	a year	crt.sh
*.appspot.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.api.secureserver.net Starfield Secure Certificate Authority - G2	`2021-09-14` - `2022-10-16`	a year	crt.sh
specia1.com Amazon	`2022-01-19` - `2023-02-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
utl-1.com Amazon	`2022-05-25` - `2023-06-23`	a year	crt.sh
secure.authbill.com R3	`2022-06-23` - `2022-09-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.nl GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Frame ID: B3AA5D14E683B7888468456FBBDDC67B
Requests: 46 HTTP requests in this frame

Frame: https://cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
Frame ID: 71A4FB830CD5FDF4A298EAE4ED28E22F
Requests: 1 HTTP requests in this frame

Frame: https://tours.getflirty.com/common/html/check_external_autologin.html?receiver=https%3A%2F%2Ftours.specia1.com
Frame ID: EAC965DCE7115829FFA37437A7EA6FE8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

GetFlirty

Page URL History Show full URLs

https://tegr.am/+ZFRnItoS3MdjM2Vh HTTP 301
https://tegr.am/+ZFRnItoS3MdjM2Vh/ HTTP 302
http://tegr.am/i/join HTTP 301
https://tegr.am/i/join HTTP 301
https://tegr.am/i/join/ HTTP 302
https://tegr.am/i/redir HTTP 301
https://tegr.am/i/redir/ Page URL
https://t.link.dating/ Page URL
https://t.crdefault1.com/79008/8062/27687?source=base-popunder HTTP 303
https://go.moartraffic.com/go.php?t=49746&aid=106472&sid=79008_base-popunder&clickid=1020eee6d4332d024a... HTTP 302
https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c62952... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Izooto (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.izooto\.\w+

Page Statistics

48
Requests

94 %
HTTPS

65 %
IPv6

18
Domains

19
Subdomains

16
IPs

4
Countries

489 kB
Transfer

770 kB
Size

29
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://harlotthespy.awesome-apps.io/go?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e&re=https%3A%2F%2Fspecia1.com%2F%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26xk%3D60e1703541e9d4b88c6295224d647972%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49746%2526aid%253D106472%2526sid%253D79008_base-popunder%2526clickid%253D1020eee6d4332d024a5530628f1496%2526hts_id%253D33245fe7-1c09-4506-9185-03c522c22c3e%26clickid%3D1020eee6d4332d024a5530628f1496%26i18n_country%3DDE%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e

Search URL Search Domain Scan URL

URL: https://getflirty.com/terms
Title: Terms

Search URL Search Domain Scan URL

URL: https://getflirty.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.getflirty.com/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.getflirty.com/terms
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://www.getflirty.com/dmca
Title: DMCA

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tegr.am/+ZFRnItoS3MdjM2Vh HTTP 301
https://tegr.am/+ZFRnItoS3MdjM2Vh/ HTTP 302
http://tegr.am/i/join HTTP 301
https://tegr.am/i/join HTTP 301
https://tegr.am/i/join/ HTTP 302
https://tegr.am/i/redir HTTP 301
https://tegr.am/i/redir/ Page URL
https://t.link.dating/ Page URL
https://t.crdefault1.com/79008/8062/27687?source=base-popunder HTTP 303
https://go.moartraffic.com/go.php?t=49746&aid=106472&sid=79008_base-popunder&clickid=1020eee6d4332d024a5530628f1496 HTTP 302
https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://tegr.am/+ZFRnItoS3MdjM2Vh HTTP 301
https://tegr.am/+ZFRnItoS3MdjM2Vh/ HTTP 302
http://tegr.am/i/join HTTP 301
https://tegr.am/i/join HTTP 301
https://tegr.am/i/join/ HTTP 302
https://tegr.am/i/redir HTTP 301
https://tegr.am/i/redir/

Request Chain 7

https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js HTTP 302
https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js

48 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

/
tegr.am/i/redir/
Redirect Chain

https://tegr.am/+ZFRnItoS3MdjM2Vh
https://tegr.am/+ZFRnItoS3MdjM2Vh/
http://tegr.am/i/join
https://tegr.am/i/join
https://tegr.am/i/join/
https://tegr.am/i/redir
https://tegr.am/i/redir/

854 B
954 B

175ms
175ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tegr.am/i/redir/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.30
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 73690d3bbffd914a-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 06 Aug 2022 16:12:01 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R9%2Bvf6BKyS%2FV2HYLmXXbtyFZFKHail7NUZc9t1pOircn308rFI420zHOMldL0YXnhaFGPdosBCBHGkR81952gpwt2DCbNS4IRBruBvYva%2FEorzOuk98T9df7BfX9RBqG8aLZEA78"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.30

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 73690d3a9e91914a-FRA
content-type: text/html; charset=iso-8859-1
date: Sat, 06 Aug 2022 16:12:01 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://tegr.am/i/redir/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rgZY4uhhNjhFnBN1LCJyGgdQSXLGuXVpWYXNjrM%2BMAGp40Wory3N1Py66hRnSeABtT%2Bz8mCei17mOp3ayHaLyNQifBN0P7GR5%2BBmahXi0KawNw4O7Q%2FVF%2B1YPGooXYJf53osadvd"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3 200 r.js
tegr.am/ 135 B
646 B 27ms
27ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tegr.am/r.js
Requested by: Host: tegr.am
URL: https://tegr.am/i/redir/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:01 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 30 Jul 2022 05:49:47 GMT
server: cloudflare
age: 5249
etag: W/"f61157-87-5e4ff559f381b-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YFHC%2FHaXkqSh%2FG6uoXWJaRNcOJARnTbtF0tWHGFEKHsXw%2BMQfRGTkmszKcHPsJpagyPgTlT75Q5XD6aPNQezI8vGFUBK5e899%2FNNIazAx5wLVePLe%2Fp6MabrdMVhK6uAHFg%2FiSMF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73690d3d7ad0914a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ 0
0

GET
H2 200 / Show response
t.link.dating/ 1 KB
1 KB 777ms
597ms Document
text/html 2606:4700:3037::ac43:c5e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://t.link.dating/
Requested by: Host: tegr.am
URL: https://tegr.am/r.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:c5e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.30
Resource Hash: fdbe1fbe29608da20528d14648f6b4cd9c13676ec910d08b0543dee74dad14f4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 73690d3ec8ebbb77-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 06 Aug 2022 16:12:02 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DYCbdeqJ56xbFdIuRxSkUWtiB25My7JdrRu8ykQy8qZZ90c%2Fhedjpiaq9yxMPdtussvhkI78PjwwZGFMhTDb5m2Nr%2FCCj%2FkkUZ0YuGbMcBVQyxGSoZFhK3oMq4yEfkNCzlp21tzZ%2FEfqEMGg"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.30

GET
H3 200 dFElXjskILg5K-ILnw_w-rWQgsk.js Show response
t.link.dating/cdn-cgi/apps/head/ 5 KB
2 KB 61ms
28ms Script
application/javascript 2606:4700:3037::ac43:c5e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://t.link.dating/cdn-cgi/apps/head/dFElXjskILg5K-ILnw_w-rWQgsk.js
Requested by: Host: t.link.dating
URL: https://t.link.dating/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:c5e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6116935d332a3da475184595651c2b0ff2126dc6a8be6b2eb70017bd1d8be17

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4370991
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 00JS0GT429AVJ27A
x-amz-id-2: 5VnXmWE5hXkp9tR7K/jsYb8XGMiaFWcJvGV0b+FGdiJcoWIbfnZvDoezIZdLf25jHjfX1PpDdtw=
last-modified: Wed, 03 Nov 2021 08:56:18 GMT
server: cloudflare
etag: W/"2243ba2977e56a5fe365aae30acda413"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1C8W7fY7PfHhKXCM1Jgdkxne4PNVeX5ZLQYTdLTTgYwhK7AyYtxi9Lj1IBdH1i7lb2Ra66Bv6vd86cBo9hjJwWqoLCIzIO4Qa1ThphK%2F%2BCiT3I2FlkPwtePjTshQiCAoWAmI55bdftdz8nb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: oyiz1Oy.DwbqMkJUCKElO9cGNwD7v.ZJ
cf-ray: 73690d42cfa69253-FRA

GET
H3 200 rocket-loader.min.js Show response
t.link.dating/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 56ms
23ms Script
application/javascript 2606:4700:3037::ac43:c5e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://t.link.dating/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: t.link.dating
URL: https://t.link.dating/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:c5e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Aug 2022 16:27:01 GMT
server: cloudflare
etag: W/"62e95055-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N9pnqeAvRstwCpzPzKo1RPPrIepaZFtYNzW9UDUXWc0fbGWgQeiZGPXrcdBEsdNHV7peyNpRPXHAMHtMAyHs0a0A0hUqFOJQ2i9TGq4WNZx3W8fMtQIsCElv%2Bp8YiszoYmFQcecbVTEi%2B5Ly"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73690d42cfa89253-FRA
vary: Accept-Encoding
expires: Mon, 08 Aug 2022 16:12:02 GMT

GET
H2 200 georedirect Show response
geotargetly-1a441.appspot.com/ 352 B
553 B 562ms
473ms Script
application/javascript 2a00:1450:4001:82f::2014
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://geotargetly-1a441.appspot.com/georedirect?id=-MnZzr3RF8TCPdK3bKIS&refurl=&winurl=https%3A%2F%2Ft.link.dating%2F
Requested by: Host: t.link.dating
URL: https://t.link.dating/cdn-cgi/apps/head/dFElXjskILg5K-ILnw_w-rWQgsk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: / Express
Resource Hash: f9d5867bf9fcc3fac578b1d4339ac954ffb6164db38dfc2ed577995ad3f5266f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:02 GMT
content-encoding: gzip
etag: W/"160-MiZd69e6WvZyx46T5bEL7ZpVJBg"
x-powered-by: Express
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 google
x-cloud-trace-context: 8e53954bfbb87770bb83b51f62216a17/5636929008887075896;o=0
cache-control: private, no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

tccl.min.js Show response
img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/
Redirect Chain

https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
https://img1.wsimg.com/traffic-assets/js/tccl.min.js
https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js

44 KB
11 KB

21ms
21ms

Script
application/javascript

23.36.163.225
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
Requested by: Host: t.link.dating
URL: https://t.link.dating/
Protocol: H2
Server: 23.36.163.225 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-225.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6cb0efedc1729d965016a35584cb00b03aa46e1a5e170f4b3ce092c7c3e99ec7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 135
x-amz-version-id: Z0H0F1CdjRUI_nRMydHHi17Rv0HOw5tB
content-encoding: br
etag: "362d20193a8fed115f99b16a157b7fc4"
x-amz-request-id: N5JSXGJTVEFZM8E9
x-edgeconnect-midmile-rtt: 15
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 11155
x-amz-id-2: 73c+ZpWNgBh9xtilh6Nj22iH/BmUfkHwAgj9PgWHmvdTmSCUhi96da6Ell5SKHaif06RANK80zY=
last-modified: Mon, 11 Apr 2022 14:15:53 GMT
date: Sat, 06 Aug 2022 16:12:02 GMT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

location: https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
date: Sat, 06 Aug 2022 16:12:02 GMT
cache-control: max-age=1800
access-control-allow-origin: *
timing-allow-origin: *
content-length: 0
expires: Sat, 06 Aug 2022 16:42:02 GMT

GET
H2 200 event
events.api.secureserver.net/t/1/tl/ 43 B
289 B 218ms
131ms XHR
image/gif 2a02:26f0:dc::217:61b2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://events.api.secureserver.net/t/1/tl/event?cts=1659802322958&dh=t.link.dating&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F104.0.5112.79%20Safari%2F537.36&vci=225609299&cv=2.0.0&z=367153437&vg=73e3a2b5-0cb1-5b6b-bed3-f4ec257e0073&vtg=73e3a2b5-0cb1-5b6b-bed3-f4ec257e0073&dp=%2F&ap=cpbh-mt&trfd=%7B%22ap%22%3A%22cpbh-mt%22%2C%22server%22%3A%22p3plmcpnl487214%22%2C%22id%22%3A%228499747%22%7D&hit_id=c8a7018c-eb1d-5c1b-9914-6d72d7ab5392&ht=pageview

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:dc::217:61b2 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
date: Sat, 06 Aug 2022 16:12:03 GMT
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://t.link.dating
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

GET
H2

200

Primary Request / Show response
tours.specia1.com/t/939/
Redirect Chain

https://t.crdefault1.com/79008/8062/27687?source=base-popunder
https://go.moartraffic.com/go.php?t=49746&aid=106472&sid=79008_base-popunder&clickid=1020eee6d4332d024a5530628f1496
https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D...

22 KB
4 KB

197ms
70ms

Document
text/html

54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bf91b07f172cdfee38b2c1d85c292b325f696da47abf5624d4ac822f25336b31

Request headers

Referer: https://t.link.dating/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 178
content-encoding: gzip
content-type: text/html
date: Sat, 06 Aug 2022 16:12:04 GMT
etag: W/"eb7a34eefa44e077708b2f76cb3818dc"
last-modified: Fri, 05 Aug 2022 08:51:10 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
x-amz-cf-id: a5eSU26Rg94B2izfUUX_yqBEE6ULOhsOzYiFwVAveZJoP3vuyxKi1w==
x-amz-cf-pop: MAD51-C3
x-cache: Hit from cloudfront

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
date: Sat, 06 Aug 2022 16:12:03 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
p3p: CP="NOI ADM DEV COM NAV OUR STP"
server: Apache
vary: Accept-Encoding
x-content-type-options: nosniff
x-robots-tag: otherbot: noindex, nofollow googlebot: noindex, nofollow

GET
H2 200 event
events.api.secureserver.net/t/1/tl/ 43 B
289 B 220ms
135ms XHR
image/gif 2a02:26f0:dc::217:61b2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://events.api.secureserver.net/t/1/tl/event?cts=1659802322960&dh=t.link.dating&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F104.0.5112.79%20Safari%2F537.36&vci=225609299&cv=2.0.0&z=1747862602&vg=73e3a2b5-0cb1-5b6b-bed3-f4ec257e0073&vtg=73e3a2b5-0cb1-5b6b-bed3-f4ec257e0073&dp=%2F&ap=cpbh-mt&trfd=%7B%22ap%22%3A%22cpbh-mt%22%2C%22server%22%3A%22p3plmcpnl487214%22%2C%22id%22%3A%228499747%22%7D&hit_id=9ea515ca-499c-5523-bba5-b76bd1a7dc33&ht=perf&tce=1659802321721&tcs=1659802321579&tdc=1659802322949&tdclee=1659802322389&tdcles=1659802322389&tdi=1659802322386&tdl=1659802322321&tdle=1659802321579&tdls=1659802321542&tfs=1659802321541&tns=1659802321540&trqs=1659802321722&tre=1659802322319&trps=1659802322319&tles=1659802322949&tlee=1659802322950&nt=navigate&nav_type=hard

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:dc::217:61b2 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
date: Sat, 06 Aug 2022 16:12:03 GMT
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://t.link.dating
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

GET
H2 200 bo.js Show response
cl0udh0st1ng.com/ 4 KB
2 KB 109ms
46ms Script
application/javascript 2a06:98c1:3120::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cl0udh0st1ng.com/bo.js
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 852d19ed390414ca431837cc185a237cc5c5a393e193182efd17420a5bb4b651

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-fastly-request-id: 91d7182d339e5aab3d7f3140cd82c6def29fa3e1
date: Sat, 06 Aug 2022 16:12:04 GMT
via: 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 573
x-cache: HIT
x-cache-hits: 1
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19149-FRA
last-modified: Tue, 04 Jun 2019 22:59:12 GMT
server: cloudflare
x-github-request-id: 4FF8:CDDB:561D6A:59E3D1:620DFD83
x-timer: S1645131663.427410,VS0,VE1
etag: W/"5cf6f7c0-e8c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erv9E7ECEL6youwV3tfpUcuhSAMLlgcBz3z6bXmjCVG4bM9kmnfuUMgM%2FODI3zcryho9bF%2B6P3DFe2EHLbNU4F2DRlhVi7hS7sjjJDd6zSkdq8%2FWbq%2F35ZsKXn2bpyg4NtKNUxn6ubSA862r5G8t"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
x-proxy-cache: MISS
cf-ray: 73690d50d975699b-FRA
x-origin-cache: HIT
expires: Fri, 05 Aug 2022 08:41:02 GMT

GET
H2 200 style.css
tours.specia1.com/t/939/css/ 18 KB
5 KB 69ms
69ms Stylesheet
text/css 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tours.specia1.com/t/939/css/style.css
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b22f5a119c3a380c9891eb731e119e81c162e49e9cf693de71e1ad77480c3d5e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:04 GMT
content-encoding: gzip
last-modified: Fri, 05 Aug 2022 08:51:09 GMT
server: AmazonS3
age: 147
etag: W/"35c07e50fef946712ea0d222c214795e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
x-amz-cf-pop: MAD51-C3
x-amz-cf-id: mg19cJXkoMbmEpDBnucNqnA3qdASB8tH1LrcLnhIT-p92BkGahNu-A==

GET
H2 200 css
fonts.googleapis.com/ 372 B
799 B 100ms
40ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Rochester

Requested by

Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

68c4af29f63d459e33a64a4fbbaec9cfce57a3a2f65748445ad00daaebd96c1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 06 Aug 2022 16:12:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 06 Aug 2022 16:12:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 06 Aug 2022 16:12:04 GMT

GET
H2 200 repoUtilsV2.js Show response
tours.specia1.com/t/common/js/ 6 KB
3 KB 48ms
47ms Script
application/javascript 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tours.specia1.com/t/common/js/repoUtilsV2.js
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 27bfd892978a1454aeace298e543a317aefe9750e74faac177d85db1fe0968c8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:09:18 GMT
content-encoding: gzip
last-modified: Fri, 05 Aug 2022 08:51:19 GMT
server: AmazonS3
age: 168
etag: W/"463ab17c7b265e702f3c4390d78b31b3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
x-amz-cf-pop: MAD51-C3
x-amz-cf-id: yVu3Je9WcmHzXR3acL-iiOm5ToB_xnNP_utThxTdHvOBuRiz2mbJkA==

GET
H2 200 logo_GetFlirty.svg
tours.specia1.com/t/939/img/ 2 KB
2 KB 85ms
82ms Image
image/svg+xml 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/logo_GetFlirty.svg
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ddedb34a5e7a1f5ff7c32a681db6da851247cc1e96e9e5ed9a9542baba16a433

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:09:38 GMT
content-encoding: gzip
last-modified: Fri, 05 Aug 2022 08:51:10 GMT
server: AmazonS3
age: 147
etag: W/"ad0e7f5545d56929c03980a9fa368522"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
x-amz-cf-pop: MAD51-C3
x-amz-cf-id: kkvvnnRbI4MbqKctOVU8Zf4aTLA0XVfht6YdUGKKeVTAonN4Ah3AZg==

GET
H2 200 intro.jpg
tours.specia1.com/t/939/img/ 16 KB
16 KB 84ms
81ms Image
image/jpeg 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/intro.jpg
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 52f9bd02fb60fdc760cde43610634316e644643dadb500a0d23de2077baa78d9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:04 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:09 GMT
server: AmazonS3
age: 147
etag: "b585eac69fffa1fd7970b383e6bddcb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-cf-pop: MAD51-C3
content-length: 16283
x-amz-cf-id: r4XJjbDR1erWvI0_iuaZs5YBvJztdiIBc8clfc11U8COxgUQSEvm5Q==

GET
H2 200 arrow.svg
tours.specia1.com/t/939/img/ 228 B
559 B 71ms
68ms Image
image/svg+xml 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/arrow.svg
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fe8fc656bd4bd41a636c489d1978ee2394d49068675184eeb43f1e0b0b945674

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:09:39 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:09 GMT
server: AmazonS3
age: 146
etag: "b9fa204329eb7174e9f771e34c7f3c53"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: MAD51-C3
content-length: 228
x-amz-cf-id: mm58RyFEA762R3m3B4oMMV-nXYEb6txXgxUlgAbBj4qSYGx1Oo4PPQ==

GET
H2 200 chat-off.svg
tours.specia1.com/t/939/img/ 533 B
863 B 159ms
156ms Image
image/svg+xml 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/chat-off.svg
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2236170593ba1fc8095c6e61ed3fe443cd8d5247018d91211c00e7f2ab87b6d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:04 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:09 GMT
server: AmazonS3
age: 146
etag: "a69b89d9307f487ed58a41903f39bc0b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: MAD51-C3
content-length: 533
x-amz-cf-id: 8y4RpmiPG0YdHWnhX0d5yqsZ2-KW1zVmlRAmke92G8ek1KBfM4oVdg==

GET
H2 200 map-pin-shadow.svg
tours.specia1.com/t/939/img/ 295 B
625 B 72ms
69ms Image
image/svg+xml 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/map-pin-shadow.svg
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1406e8ad5a6f490d35e424539bb837841bf4dff4c885426b282ee750e0ccc45e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:04 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:10 GMT
server: AmazonS3
age: 146
etag: "39084aa4edef89de7e0620722650e213"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: MAD51-C3
content-length: 295
x-amz-cf-id: GkSt2Dho9PhV8EzCJvKHDWw7aPBdJ2Eez3sxnXTsDmlFDlgDorZtdQ==

GET
H2 200 gf_favicon.png
tours.specia1.com/t/939/img/ 727 B
1 KB 74ms
72ms Image
image/png 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/gf_favicon.png
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cee30a5e031f3895fb1de39c8ac7fc81098cf0344ec1181ec795d0009afe9051

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:04 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:09 GMT
server: AmazonS3
age: 146
etag: "70ae7487b024158bd6ee8ecf55412d03"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: MAD51-C3
content-length: 727
x-amz-cf-id: xeazHMTt1Wod9wjNsyg8N61Q2xfC2Ez4NY3_Bvhqsb_vKlih_BV2lg==

GET
H2 200 no-off.svg
tours.specia1.com/t/939/img/ 712 B
1 KB 71ms
68ms Image
image/svg+xml 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/no-off.svg
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ac014bf5225347be767bd63c85977fb9fd99fe6ba5cb045a0ee7368dd0fdb35f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:09:39 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:10 GMT
server: AmazonS3
age: 146
etag: "9e940a031b4f0ad4721344ae81026a63"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: MAD51-C3
content-length: 712
x-amz-cf-id: Wlq3oPUVPFZ5uRN3LL7GdWthO4BmXZIAZB0lkHHseZ8MxqLUp9PGTg==

GET
H2 200 yes-off.svg
tours.specia1.com/t/939/img/ 704 B
1 KB 73ms
70ms Image
image/svg+xml 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/yes-off.svg
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 59027987947a695716751edf6b21fe1ac1bf21dcb6b360443e075d166328a2c0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:09:39 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:10 GMT
server: AmazonS3
age: 146
etag: "a4eb7ee2185fc85fa10c0e0a591e800b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: MAD51-C3
content-length: 704
x-amz-cf-id: c8a8MHWxg9S_mJW32SDMr1HIxObcthKRd7XHwmfMcJ-AWhe-vZ6cFg==

GET
H2 200 no.svg
tours.specia1.com/t/939/img/ 862 B
1 KB 71ms
69ms Image
image/svg+xml 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/no.svg
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 95b1c99567d61185d7884b4ea9b285f849bfb46318b285cd2b25826fad57b1af

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:09:39 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:10 GMT
server: AmazonS3
age: 146
etag: "65eeb52762bc89d879f3d7180fc2d976"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: MAD51-C3
content-length: 862
x-amz-cf-id: 9dnhilbPKh72UNYa9rCzKYz7pWPaLIimpKzfWPYMe4MvyLukCtdjPw==

GET
H2 200 yes.svg
tours.specia1.com/t/939/img/ 893 B
1 KB 108ms
106ms Image
image/svg+xml 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/yes.svg
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5dda8e5ceb3f5f0cc9b274f97eff322d63d9917a39ca42f3a24412e3518c5b2a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:09:39 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:10 GMT
server: AmazonS3
age: 146
etag: "655cbe97d7ed34e8462504d7dae81b90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: MAD51-C3
content-length: 893
x-amz-cf-id: 7LTfM8c0MGbfSzXIXsAIvoJhW6CRl25awC3qFP8t0XKY5N2-3NE8Tw==

GET
H2 200 chat.svg
tours.specia1.com/t/939/img/ 533 B
863 B 105ms
103ms Image
image/svg+xml 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/chat.svg
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: adaa303330a1370d61dc665a931abefae43be83e80b58c5477c51d246ee58b9e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:04 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:09 GMT
server: AmazonS3
age: 146
etag: "2ca57f1f2de2549720696a42a551b662"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: MAD51-C3
content-length: 533
x-amz-cf-id: g5F7fBWcaOmTht0UuHUkkT08-nX0uKMGedTTuSw7mZNBixGlfN7gjA==

GET
H2 200 girls.png
tours.specia1.com/t/939/img/ 14 KB
15 KB 116ms
114ms Image
image/png 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tours.specia1.com/t/939/img/girls.png
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbf3ddcc142e33e097c583a0eb5933e3e8a9ac0fc5c56054cb64ddf11762d078

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:04 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:51:09 GMT
server: AmazonS3
age: 146
etag: "adeeb4e0a822bb522625c1953bab8490"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: MAD51-C3
content-length: 14564
x-amz-cf-id: c0bTzvq2r4Q9QM-8jL4K3NZjuqkZXY_So42kFOpZ1650DeqXStZfsw==

GET
H2 200 utl.min.js Show response
utl-1.com/1.6.38/ 304 KB
305 KB 131ms
23ms Script
application/javascript 18.66.122.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://utl-1.com/1.6.38/utl.min.js
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-75.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a95f875f338c46afba8d8175e28e73917fe6080019c8ffc19fb3322161dc6872

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 12:53:17 GMT
via: 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)
last-modified: Thu, 02 Dec 2021 13:26:25 GMT
server: AmazonS3
age: 18587928
etag: "dedd14a7c951d3cc8f16918c53ca760f"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 311771
x-amz-cf-id: Dp3KLytkHntep2PdevurMtWi2vnArPTG2J64UGyvrXYryHUNnPxkYA==

GET
H2 200 mst2.min.js Show response
utl-1.com/1.6.38/ 17 KB
18 KB 126ms
26ms Script
application/javascript 18.66.122.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://utl-1.com/1.6.38/mst2.min.js
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-75.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 252d3a0ef9c3754cdf38a02570d1a84fa4d94d53ac2eaeeada2e141f9c11a2e2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 06 Feb 2022 00:45:48 GMT
via: 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)
last-modified: Thu, 02 Dec 2021 13:26:25 GMT
server: AmazonS3
age: 15693977
etag: "3a2e1fe5f9de68d28807b0b5675235f4"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
content-length: 17794
x-amz-cf-id: BnFMtHm5aJOplzlM6S5gbxHgLx8Y_Sdk4bQ_reHlFzAMGfOxH8Je6Q==

GET
H2 200 custom.js Show response
tours.specia1.com/t/939/js/ 7 KB
2 KB 71ms
68ms Script
application/javascript 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tours.specia1.com/t/939/js/custom.js
Requested by: Host: tours.specia1.com
URL: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9288c54cdbb109eb3e546c61874fd5ee3b6ff71482c33370017c079f0c6cb8d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:04 GMT
content-encoding: gzip
last-modified: Fri, 05 Aug 2022 08:51:10 GMT
server: AmazonS3
age: 147
etag: W/"3752b56112bb1ef7eea13a0696ed50d2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
x-amz-cf-pop: MAD51-C3
x-amz-cf-id: 3fHG8jnHgrX_2rY4FZPe5cHf2YcdHwHF55HxqhxQ78KCZkTUk8LCfA==

GET
H2 200 6d0d9819e611e28a165c1c894e7998790112eec4.js Show response
cdn.izooto.com/scripts/ 2 KB
1 KB 94ms
37ms Script
application/javascript 2606:4700::6812:d941
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js

Requested by

Host: tours.specia1.com
URL: https://tours.specia1.com/t/common/js/repoUtilsV2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61e8a955df8bd6092e9231983ddca6a47083621f2db3d125cb3e8d2d33c35b5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 2346836
x-xss-protection: 1; mode=block
last-modified: Thu, 09 Jun 2022 12:17:34 GMT
server: cloudflare
etag: W/"62a1e4de-9e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-type: application/javascript
access-control-allow-origin: *
expires: Tue, 06 Sep 2022 16:12:04 GMT
cache-control: public, max-age=2678400
cf-ray: 73690d517c9e9975-FRA
cf-bgj: minify

GET
H2 200 izooto.js Show response
cdn.izooto.com/scripts/sdk/ 212 KB
52 KB 33ms
32ms Script
application/javascript 2606:4700::6812:d941
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/sdk/izooto.js

Requested by

Host: cdn.izooto.com
URL: https://cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a95686fcd03022a04ed08d0090fd338a193048773e8309e5e6eded6fe06db15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:12:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 180539
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 14:01:48 GMT
server: cloudflare
etag: W/"62ebd14c-34f10"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-type: application/javascript
access-control-allow-origin: *
expires: Tue, 06 Sep 2022 16:12:04 GMT
cache-control: public, max-age=2678400
cf-ray: 73690d51bce39975-FRA
cf-bgj: minify

GET
H2 200 iz_setcid.html Show response
cdn.izooto.com/scripts/sak/ Frame 71A4 4 KB
1 KB 30ms
29ms Document
text/html 2606:4700::6812:d941
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/sak/iz_setcid.html?v=1

Requested by

Host: cdn.izooto.com
URL: https://cdn.izooto.com/scripts/sdk/izooto.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cebfa75512f12a4d2f05cacae40f83ddc3e1efaf90aba3d5c9eabe0625a94858

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer: https://tours.specia1.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
age: 2008244
cache-control: public, max-age=2678400
cf-cache-status: HIT
cf-ray: 73690d521d419975-FRA
content-encoding: br
content-type: text/html
date: Sat, 06 Aug 2022 16:12:04 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Tue, 06 Sep 2022 16:12:04 GMT
last-modified: Tue, 05 Apr 2022 12:00:20 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H2 200 ga.js Show response
tours.specia1.com/assets/specia1/ 392 B
728 B 43ms
43ms XHR
application/javascript 54.192.95.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tours.specia1.com/assets/specia1/ga.js?_=1659802324844
Requested by: Host: utl-1.com
URL: https://utl-1.com/1.6.38/utl.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.95.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-95-4.mad51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6003f930e7a6ff14bd5520a7324f5a4ffcecbd182aaff2e8ace7ec65d885aa45

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://tours.specia1.com/t/939/?t=49746&aid=106472&sid=79008_base-popunder&xk=60e1703541e9d4b88c6295224d647972&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26clickid%3D1020eee6d4332d024a5530628f1496%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&clickid=1020eee6d4332d024a5530628f1496&i18n_country=DE&hts_id=33245fe7-1c09-4506-9185-03c522c22c3e
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 16:09:21 GMT
via: 1.1 154ecb715e497053770673a9ecb0c104.cloudfront.net (CloudFront)
last-modified: Fri, 05 Aug 2022 08:49:37 GMT
server: AmazonS3
age: 210
etag: "eac15786f9b8937b5689ddf3faf0351d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: MAD51-C3
content-length: 392
x-amz-cf-id: zr9T70CU3mBOUjxiX_oBeRq9aeZYyVfqBut2JWWE3WXxpDb5kSBn0w==

POST
H/1.1 200
OK api.php Show response
secure.authbill.com/tour/ 36 B
636 B 433ms
121ms XHR
text/html 68.169.87.223
ISPRIME

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.authbill.com/tour/api.php

Requested by

Host: utl-1.com
URL: https://utl-1.com/1.6.38/utl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.169.87.223 , United States, ASN30602 (ISPRIME, US),

Reverse DNS

Software

Apache /

Resource Hash

c5b0f28baa6db5a15a55ed0b6e7e1d3baa3e5391b88409760b7b6a87a9a311c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://tours.specia1.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 16:12:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers: X-Requested-With, content-type
content-length: 56
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H/1.1 200
OK api.php Show response
secure.authbill.com/tour/ 794 B
961 B 433ms
122ms XHR
text/html 68.169.87.223
ISPRIME

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.authbill.com/tour/api.php

Requested by

Host: utl-1.com
URL: https://utl-1.com/1.6.38/utl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.169.87.223 , United States, ASN30602 (ISPRIME, US),

Reverse DNS

Software

Apache /

Resource Hash

dfdf153bda0f3c13ee22afd4a3823b46f10334cb33fa982ca2e3b8a11a3d0146

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://tours.specia1.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 16:12:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers: X-Requested-With, content-type
content-length: 380
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H/1.1 200
OK api.php Show response
secure.authbill.com/tour/ 20 KB
5 KB 438ms
127ms XHR
text/html 68.169.87.223
ISPRIME

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.authbill.com/tour/api.php

Requested by

Host: utl-1.com
URL: https://utl-1.com/1.6.38/utl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.169.87.223 , United States, ASN30602 (ISPRIME, US),

Reverse DNS

Software

Apache /

Resource Hash

78f9153b97d7ffc7cb808144a600ace9cbe92a0208cbf348d55280c40db65d70

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://tours.specia1.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 16:12:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers: X-Requested-With, content-type
content-length: 4820
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H/1.1 200
OK api.php Show response
secure.authbill.com/tour/ 1 B
601 B 447ms
130ms XHR
text/html 68.169.87.223
ISPRIME

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.authbill.com/tour/api.php

Requested by

Host: utl-1.com
URL: https://utl-1.com/1.6.38/utl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.169.87.223 , United States, ASN30602 (ISPRIME, US),

Reverse DNS

Software

Apache /

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://tours.specia1.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 16:12:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers: X-Requested-With, content-type
content-length: 21
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H/1.1 200
OK api.php Show response
secure.authbill.com/tour/ 208 B
756 B 467ms
151ms XHR
text/html 68.169.87.223
ISPRIME

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.authbill.com/tour/api.php

Requested by

Host: utl-1.com
URL: https://utl-1.com/1.6.38/utl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.169.87.223 , United States, ASN30602 (ISPRIME, US),

Reverse DNS

Software

Apache /

Resource Hash

2d9cafa7aa05d980cfaeb2fc21b7adcb16823ae303b97d7cb0d86cd43e54a0f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://tours.specia1.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 16:12:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers: X-Requested-With, content-type
content-length: 175
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H/1.1 200
OK api.php Show response
secure.authbill.com/tour/ 208 B
756 B 472ms
153ms XHR
text/html 68.169.87.223
ISPRIME

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.authbill.com/tour/api.php

Requested by

Host: utl-1.com
URL: https://utl-1.com/1.6.38/utl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.169.87.223 , United States, ASN30602 (ISPRIME, US),

Reverse DNS

Software

Apache /

Resource Hash

2d9cafa7aa05d980cfaeb2fc21b7adcb16823ae303b97d7cb0d86cd43e54a0f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://tours.specia1.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 16:12:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers: X-Requested-With, content-type
content-length: 175
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H/1.1 200
OK api.php Show response
secure.authbill.com/tour/ 0
708 B 620ms
182ms XHR
text/html 68.169.87.223
ISPRIME

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.authbill.com/tour/api.php

Requested by

Host: utl-1.com
URL: https://utl-1.com/1.6.38/utl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

68.169.87.223 , United States, ASN30602 (ISPRIME, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://tours.specia1.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 16:12:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-headers: X-Requested-With, content-type
content-length: 20
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET check_external_autologin.html
tours.getflirty.com/common/html/ Frame EAC9 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 66ms
19ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: tegr.am
URL: https://tegr.am/i/redir/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4204
date: Sat, 06 Aug 2022 15:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 06 Aug 2022 17:02:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 67ms
27ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=431475492&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F939%2F%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26xk%3D60e1703541e9d4b88c6295224d647972%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49746%2526aid%253D106472%2526sid%253D79008_base-popunder%2526clickid%253D1020eee6d4332d024a5530628f1496%2526hts_id%253D33245fe7-1c09-4506-9185-03c522c22c3e%26clickid%3D1020eee6d4332d024a5530628f1496%26i18n_country%3DDE%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ci=Tour%3A%2049746&ec=Tour%3A%2049746&ea=Current%20step%3A%2001&el=Total%20steps%3A%2016&_u=YEBAAEABAAAAAC~&jid=1604363798&gjid=1174930432&cid=1179083518.1659802325&tid=UA-148167200-1&_gid=1308297094.1659802325&_r=1&_slc=1&z=1427904322

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tours.specia1.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 16:12:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tours.specia1.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 62ms
22ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=431475492&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F939%2F%3Ft%3D49746%26aid%3D106472%26sid%3D79008_base-popunder%26xk%3D60e1703541e9d4b88c6295224d647972%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49746%2526aid%253D106472%2526sid%253D79008_base-popunder%2526clickid%253D1020eee6d4332d024a5530628f1496%2526hts_id%253D33245fe7-1c09-4506-9185-03c522c22c3e%26clickid%3D1020eee6d4332d024a5530628f1496%26i18n_country%3DDE%26hts_id%3D33245fe7-1c09-4506-9185-03c522c22c3e&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ci=Tour%3A%2049746&_u=YEBAAEABAAAAAC~&jid=&gjid=&cid=1179083518.1659802325&tid=UA-148167200-1&_gid=1308297094.1659802325&z=1181416980

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 03:40:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 45105
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 74ms
27ms XHR
text/plain 2a00:1450:400c:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-148167200-1&cid=1179083518.1659802325&jid=1604363798&gjid=1174930432&_gid=1308297094.1659802325&_u=YEBAAEAAAAAAAC~&z=797953644

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tours.specia1.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 06 Aug 2022 16:12:05 GMT
content-type: text/plain
access-control-allow-origin: https://tours.specia1.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 96ms
47ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-148167200-1&cid=1179083518.1659802325&jid=1604363798&_u=YEBAAEAAAAAAAC~&z=403309795

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 16:12:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.nl/ads/ 42 B
501 B 93ms
43ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-148167200-1&cid=1179083518.1659802325&jid=1604363798&_u=YEBAAEAAAAAAAC~&z=403309795

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tours.specia1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 16:12:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: img1.wsimg.com
URL: https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js

Domain: tours.getflirty.com
URL: https://tours.getflirty.com/common/html/check_external_autologin.html?receiver=https%3A%2F%2Ftours.specia1.com

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
tegr.am/i/join	1970-01-20 06:29:46	Name: been_here Value: 1
.link.dating/	1970-01-20 13:48:58	Name: _tccl_visitor Value: 73e3a2b5-0cb1-5b6b-bed3-f4ec257e0073
.link.dating/	1970-01-20 05:03:24	Name: _tccl_visit Value: 73e3a2b5-0cb1-5b6b-bed3-f4ec257e0073
t.crdefault1.com/	1970-01-20 05:04:48	Name: aff_ran_url_8062 Value: 27687
t.crdefault1.com/	1970-01-20 14:39:22	Name: enc_aff_session_8062 Value: ENC035509da29826debc95cabe65f5e20cd5d753948d4682c97f14331830ede6acc6578bb32a1291b5410d005eaec41312a1e8b8176b1dc20750815fcc0bbed64af356e4ba72ee6aa42438d2dd8fed0e22cfb544db2ba6d0e5572f7eecb57d2a79e25a98f683a1b4f05d5a010c5d84fdc37b152abec1e9ac4cc661cdbe09f0b220f160d1e26b2
t.crdefault1.com/	1970-01-20 14:39:22	Name: ho_mob Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDQiLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IFg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgTGlrZSBHZWNrbykgQ2hyb21lLzEwNC4wLjUxMTIuNzkgU2FmYXJpLzUzNy4zNiIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D
.moartraffic.com/	1970-01-20 05:04:48	Name: bd_ovtu Value: 1
.moartraffic.com/	1970-01-20 09:22:34	Name: bdreff Value: NONE
.moartraffic.com/	1970-01-20 09:22:34	Name: tour Value: 49746
.moartraffic.com/	1970-01-20 09:22:34	Name: affsubid Value: 106472-79008_base-popunder
.moartraffic.com/	1970-01-20 05:04:48	Name: bdvisit Value: 106472
.moartraffic.com/	1970-01-20 05:04:48	Name: bdcounter Value: 1
.moartraffic.com/	1970-01-20 09:22:34	Name: xk Value: 60e1703541e9d4b88c6295224d647972
.izooto.com/	1970-01-20 14:39:22	Name: IZCID Value: 106a0840-559a-46b0-9c99-21760b2441c8
.specia1.com/	1970-01-20 09:22:34	Name: tour Value: 49746
.specia1.com/	1970-01-20 09:22:34	Name: affsubid Value: 106472-79008_base-popunder
.specia1.com/	1970-01-20 05:04:48	Name: reff Value:
.specia1.com/	1970-01-20 09:22:34	Name: upgrade_tour Value: 0
.specia1.com/	1970-01-20 14:39:22	Name: _ga Value: GA1.2.1179083518.1659802325
.specia1.com/	1970-01-20 05:04:48	Name: _gid Value: GA1.2.1308297094.1659802325
.specia1.com/	1970-01-20 05:03:22	Name: _gat Value: 1
.specia1.com/	1970-01-20 05:04:48	Name: guid Value: B7A5D85A-01C9-42DD-B451-09CF4CDCE9A0
.specia1.com/	1970-01-20 09:22:34	Name: custom_tracking Value: %5B%22address%22%2C%22ad_type%22%2C%22app_id%22%2C%22app_name%22%2C%22auth_token%22%2C%22a_aid%22%2C%22a_bid%22%2C%22banner%22%2C%22banner_id%22%2C%22banner_size%22%2C%22bn%22%2C%22c%22%2C%22cid%22%2C%22city%22%2C%22clickid%22%2C%22click_id%22%2C%22click_url%22%2C%22cmp_bo%22%2C%22cmp_member_id%22%2C%22dx%22%2C%22email%22%2C%22exotracker%22%2C%22f%22%2C%22fbclid%22%2C%22fbid%22%2C%22first_name%22%2C%22gclid%22%2C%22gdpr%22%2C%22h%22%2C%22hts_id%22%2C%22hx%22%2C%22keyword%22%2C%22landerid%22%2C%22lander_id%22%2C%22last_name%22%2C%22misc_tour_info%22%2C%22niche%22%2C%22np%22%2C%22offer%22%2C%22origin%22%2C%22phone_number%22%2C%22placement%22%2C%22product%22%2C%22product_id%22%2C%22profile_visited%22%2C%22publisher%22%2C%22rcid%22%2C%22referer%22%2C%22reqid%22%2C%22rgc%22%2C%22rgh%22%2C%22rgm%22%2C%22schedule%22%2C%22sdaf%22%2C%22sdfsadf%22%2C%22session_initiated_by%22%2C%22sl%22%2C%22smoochy_user_id%22%2C%22snapchat_username%22%2C%22source%22%2C%22state%22%2C%22street%22%2C%22sv_cheating_mon%22%2C%22template%22%2C%22thumb_id%22%2C%22tracker_id%22%2C%22upgrade_uuid%22%2C%22upg_reason%22%2C%22userage%22%2C%22useremail%22%2C%22userzip%22%2C%22user_id%22%2C%22wellhello_profile_id%22%2C%22wellhello_upgrade_tour%22%2C%22xk%22%2C%22zip%22%5D
.specia1.com/	1970-01-20 05:04:48	Name: prop_bn Value: 38
.specia1.com/	1970-01-20 05:04:48	Name: prop_clickid Value: 1020eee6d4332d024a5530628f1496
.specia1.com/	1970-01-20 05:04:48	Name: prop_hts_id Value: 33245fe7-1c09-4506-9185-03c522c22c3e
.specia1.com/	1970-01-20 05:04:48	Name: prop_xk Value: 60e1703541e9d4b88c6295224d647972
.specia1.com/	1970-01-20 09:22:34	Name: affiliate_106472_is_terminated Value: 0
.tours.specia1.com/	1970-01-20 09:22:34	Name: geoip Value: %7B%22country_code%22%3A%22DE%22%2C%22country_name%22%3A%22Germany%22%2C%22region%22%3A%22Sachsen%22%2C%22city%22%3A%22Dresden%22%2C%22latitude%22%3A51.0508918762%2C%22longitude%22%3A13.7383203506%2C%22zipcode%22%3A%2201067%22%2C%22isp_name%22%3A%22LeaseWeb%20Netherlands%20B.V.%22%2C%22mobile_brand%22%3A%22%22%7D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.izooto.com
cl0udh0st1ng.com
events.api.secureserver.net
fonts.googleapis.com
geotargetly-1a441.appspot.com
go.moartraffic.com
img1.wsimg.com
img6.wsimg.com
secure.authbill.com
stats.g.doubleclick.net
t.crdefault1.com
t.link.dating
tegr.am
tours.getflirty.com
tours.specia1.com
utl-1.com
www.google-analytics.com
www.google.com
www.google.nl
img1.wsimg.com
tours.getflirty.com
18.66.122.75
23.36.163.225
2606:4700:3037::ac43:c5e1
2606:4700::6812:d941
2a00:1450:4001:803::2004
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:829::200a
2a00:1450:4001:82f::2014
2a00:1450:400c:c06::9c
2a02:26f0:dc::217:61b2
2a06:98c1:3120::3
2a06:98c1:3120::c
3.218.135.42
54.192.95.4
64.188.52.46
68.169.87.223
0a95686fcd03022a04ed08d0090fd338a193048773e8309e5e6eded6fe06db15
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
1406e8ad5a6f490d35e424539bb837841bf4dff4c885426b282ee750e0ccc45e
252d3a0ef9c3754cdf38a02570d1a84fa4d94d53ac2eaeeada2e141f9c11a2e2
27bfd892978a1454aeace298e543a317aefe9750e74faac177d85db1fe0968c8
2d9cafa7aa05d980cfaeb2fc21b7adcb16823ae303b97d7cb0d86cd43e54a0f0
52f9bd02fb60fdc760cde43610634316e644643dadb500a0d23de2077baa78d9
59027987947a695716751edf6b21fe1ac1bf21dcb6b360443e075d166328a2c0
5dda8e5ceb3f5f0cc9b274f97eff322d63d9917a39ca42f3a24412e3518c5b2a
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
6003f930e7a6ff14bd5520a7324f5a4ffcecbd182aaff2e8ace7ec65d885aa45
61e8a955df8bd6092e9231983ddca6a47083621f2db3d125cb3e8d2d33c35b5c
68c4af29f63d459e33a64a4fbbaec9cfce57a3a2f65748445ad00daaebd96c1e
6cb0efedc1729d965016a35584cb00b03aa46e1a5e170f4b3ce092c7c3e99ec7
78f9153b97d7ffc7cb808144a600ace9cbe92a0208cbf348d55280c40db65d70
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
852d19ed390414ca431837cc185a237cc5c5a393e193182efd17420a5bb4b651
95b1c99567d61185d7884b4ea9b285f849bfb46318b285cd2b25826fad57b1af
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a95f875f338c46afba8d8175e28e73917fe6080019c8ffc19fb3322161dc6872
ac014bf5225347be767bd63c85977fb9fd99fe6ba5cb045a0ee7368dd0fdb35f
adaa303330a1370d61dc665a931abefae43be83e80b58c5477c51d246ee58b9e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b22f5a119c3a380c9891eb731e119e81c162e49e9cf693de71e1ad77480c3d5e
b6116935d332a3da475184595651c2b0ff2126dc6a8be6b2eb70017bd1d8be17
bf91b07f172cdfee38b2c1d85c292b325f696da47abf5624d4ac822f25336b31
c5b0f28baa6db5a15a55ed0b6e7e1d3baa3e5391b88409760b7b6a87a9a311c2
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cebfa75512f12a4d2f05cacae40f83ddc3e1efaf90aba3d5c9eabe0625a94858
cee30a5e031f3895fb1de39c8ac7fc81098cf0344ec1181ec795d0009afe9051
d9288c54cdbb109eb3e546c61874fd5ee3b6ff71482c33370017c079f0c6cb8d
ddedb34a5e7a1f5ff7c32a681db6da851247cc1e96e9e5ed9a9542baba16a433
dfdf153bda0f3c13ee22afd4a3823b46f10334cb33fa982ca2e3b8a11a3d0146
e2236170593ba1fc8095c6e61ed3fe443cd8d5247018d91211c00e7f2ab87b6d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f9d5867bf9fcc3fac578b1d4339ac954ffb6164db38dfc2ed577995ad3f5266f
fbf3ddcc142e33e097c583a0eb5933e3e8a9ac0fc5c56054cb64ddf11762d078
fdbe1fbe29608da20528d14648f6b4cd9c13676ec910d08b0543dee74dad14f4
fe8fc656bd4bd41a636c489d1978ee2394d49068675184eeb43f1e0b0b945674

tours.specia1.com Open in urlscan Pro 54.192.95.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

48 Requests

94 %HTTPS

65 %IPv6

18 Domains

19 Subdomains

16 IPs

4 Countries

489 kBTransfer

770 kBSize

29 Cookies

6 Outgoing links

Page URL History

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

tours.specia1.com Open in urlscan Pro
54.192.95.4 Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

94 %
HTTPS

65 %
IPv6

18
Domains

19
Subdomains

16
IPs

4
Countries

489 kB
Transfer

770 kB
Size

29
Cookies

48 HTTP transactions
0 data transactions