o.tr1net.com/click?pid=67459&offer_id=377&l=1646603015&ref_id=653de7cc67ea00cbafaeb771afdcaec4-41740-0111
104.21.79.176301 Moved Permanently 0 B URL HTTP/1.1 o.tr1net.com/click?pid=67459&offer_id=377&l=1646603015&ref_id=653de7cc67ea00cbafaeb771afdcaec4-41740-0111
IP 104.21.79.176:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=67459&offer_id=377&l=1646603015&ref_id=653de7cc67ea00cbafaeb771afdcaec4-41740-0111 HTTP/1.1
Host: o.tr1net.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 10 Jan 2023 23:08:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 11 Jan 2023 00:08:49 GMT
Location: https://o.tr1net.com/click?pid=67459&offer_id=377&l=1646603015&ref_id=653de7cc67ea00cbafaeb771afdcaec4-41740-0111
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pH8aV4kHyRkexERVo%2BYLAjtjcoiOJ435Me2cBbiRLx%2Fw80289Ag6cUOLayMaMwKk6I1FjWw7yYk01U8rF192EC9vna5lAdE45zH7AXtofR%2BDh5ye%2F5qc%2BFjdR02FXXI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 787913a8ca7cb511-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e6b7a72139d0ef7688330456e9be9a4c
e130a94e7d531768300071764dd1e81fee5bbbcb
d3818afd1493030105341b4cfb91037acbf27085c96068b3ef91c5071277c8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3818AFD1493030105341B4CFB91037ACBF27085C96068B3EF91C5071277C8E5"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13883
Expires: Wed, 11 Jan 2023 03:00:12 GMT
Date: Tue, 10 Jan 2023 23:08:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eecebe0566883e33558e8e67beaccb29
acdd8fd09e2066ed5ecfbc3f11c4a2d61218ecc7
65e21170242bf41eb529fa422385dbe5af65a61e374e6dd5669e7e5f927948af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65E21170242BF41EB529FA422385DBE5AF65A61E374E6DD5669E7E5F927948AF"
Last-Modified: Mon, 09 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4592
Expires: Wed, 11 Jan 2023 00:25:21 GMT
Date: Tue, 10 Jan 2023 23:08:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d8ccb7b2b89aec333fabc04d37337892
c2a13a42c1bd0cf7ce68d9c13b3d6ba1044b5283
75fcc3ea090454e3489a131b70ab50798fec6a08664745027d7a1cf62c6aba28
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75FCC3EA090454E3489A131B70AB50798FEC6A08664745027D7A1CF62C6ABA28"
Last-Modified: Mon, 09 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8355
Expires: Wed, 11 Jan 2023 01:28:04 GMT
Date: Tue, 10 Jan 2023 23:08:49 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 10 Jan 2023 22:41:44 GMT
content-type: application/json
age: 1625
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zL8lC/oYih4nUiPiaSyTXflUJPZCpcj9eBlajeh0fXH87EKke+26ZTm+lXqeXivkW3OLIGeUVR8=
x-amz-request-id: 70X7Q68M8GQFEFF6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 10 Jan 2023 23:01:50 GMT
age: 419
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/tMJ5qQUFq9g
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/tMJ5qQUFq9g
IP 216.58.211.3:0
Hash 3ab07326a1bd768aadffe600b8594715
bc5eb4ed3f536735dd95637df75810ab5e4675b0
06f30dfab1894f6a81d793d8d2b5877979f9cc59e64406deb9702324142e9a53
POST /s/gts1p5/tMJ5qQUFq9g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 23:08:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 10 Jan 2023 23:08:49 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
o.tr1net.com/click?pid=67459&offer_id=377&l=1646603015&ref_id=653de7cc67ea00cbafaeb771afdcaec4-41740-0111
172.67.146.213302 Found 0 B URL HTTP/2 o.tr1net.com/click?pid=67459&offer_id=377&l=1646603015&ref_id=653de7cc67ea00cbafaeb771afdcaec4-41740-0111
IP 172.67.146.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=67459&offer_id=377&l=1646603015&ref_id=653de7cc67ea00cbafaeb771afdcaec4-41740-0111 HTTP/1.1
Host: o.tr1net.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 10 Jan 2023 23:08:50 GMT
content-length: 0
location: https://www2.lone1y.com/click?pid=67459&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,377,%5BMOB%2BWEB%5D+Jolly.me+Adult+25%2B+-+PPL+-+BR%2FEC%2FGT%2FDO%2FAR%2FPE%2FHN%2FCL%2FCR%2FUY%2FPR+-+Adult+Dating+-+SOI
x-adjust-use-original-forwarded-for: 1
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tru2UiqmDpb3IiT6JTR%2FY3Ky6kZqKNk0B6mxP5%2FsRrLS%2FWsxt2%2F3B6BqI%2BuWgq6a4JQFQ00oNYmD3q3FB93WjmUvKm%2BzXxW5vp%2F16Vzc4wZDKJpXyPmymC8Ei546GWM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 787913abd844b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/tMJ5qQUFq9g
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/tMJ5qQUFq9g
IP 216.58.211.3:0
Hash 3ab07326a1bd768aadffe600b8594715
bc5eb4ed3f536735dd95637df75810ab5e4675b0
06f30dfab1894f6a81d793d8d2b5877979f9cc59e64406deb9702324142e9a53
POST /s/gts1p5/tMJ5qQUFq9g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 23:08:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f9f84655ce9b2bfd4e033c9ddd759a8b
48760018618063c2b08dcd6d5940c0c0afdfc072
51648eac2b6f401e571351f177cfd6be1b85163436e118579f312bbef2d511ee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "51648EAC2B6F401E571351F177CFD6BE1B85163436E118579F312BBEF2D511EE"
Last-Modified: Mon, 09 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21562
Expires: Wed, 11 Jan 2023 05:08:12 GMT
Date: Tue, 10 Jan 2023 23:08:50 GMT
Connection: keep-alive
www2.lone1y.com/click?pid=67459&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,377,%5BMOB%2BWEB%5D+Jolly.me+Adult+25%2B+-+PPL+-+BR%2FEC%2FGT%2FDO%2FAR%2FPE%2FHN%2FCL%2FCR%2FUY%2FPR+-+Adult+Dating+-+SOI
172.67.143.19302 Found 0 B URL HTTP/2 www2.lone1y.com/click?pid=67459&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,377,%5BMOB%2BWEB%5D+Jolly.me+Adult+25%2B+-+PPL+-+BR%2FEC%2FGT%2FDO%2FAR%2FPE%2FHN%2FCL%2FCR%2FUY%2FPR+-+Adult+Dating+-+SOI
IP 172.67.143.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=67459&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,377,%5BMOB%2BWEB%5D+Jolly.me+Adult+25%2B+-+PPL+-+BR%2FEC%2FGT%2FDO%2FAR%2FPE%2FHN%2FCL%2FCR%2FUY%2FPR+-+Adult+Dating+-+SOI HTTP/1.1
Host: www2.lone1y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 10 Jan 2023 23:08:50 GMT
content-length: 0
location: https://nn1.tracksofast.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63bdf002a3b1190001a11376&affpid=67459&action_id=NOdesktop&referrer=&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,377,[MOB+WEB] Jolly.me Adult 25+ - PPL - BR/EC/GT/DO/AR/PE/HN/CL/CR/UY/PR - Adult Dating - SOI
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63bdf002a3b1190001a11376; expires=Wed, 10 Jan 2024 23:08:50 GMT; secure; SameSite=None
afoffers={"25":1673392130}; expires=Wed, 10 Jan 2024 23:08:50 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZAkThGaBBa3kqKejgSuY%2BJNqeSCvQtBgfgI7KXvpAUyxoo6JUj0VxeCnOX6firUa4qjsZBiYyYx6pcg8qB5KwYMHTuz0GRfGaBOW2Oai7RAHyB68XfT4X4DyN6EsibkRvgs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 787913ae8b5ab4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f9f84655ce9b2bfd4e033c9ddd759a8b
48760018618063c2b08dcd6d5940c0c0afdfc072
51648eac2b6f401e571351f177cfd6be1b85163436e118579f312bbef2d511ee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "51648EAC2B6F401E571351F177CFD6BE1B85163436E118579F312BBEF2D511EE"
Last-Modified: Mon, 09 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21562
Expires: Wed, 11 Jan 2023 05:08:12 GMT
Date: Tue, 10 Jan 2023 23:08:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 10 Jan 2023 22:33:45 GMT
age: 2105
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6c62a7201b8d88148927100c57993e27
cfd2e700882290cd6cd0abfe8b682440f3746a63
dde9de8a7cc94de43fbc01fbc18ba8bc8304db7dbf5ffbe7fa3a098ee4c63816
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=117622
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 23:08:50 GMT
Etag: "63bd1878-117"
Expires: Thu, 12 Jan 2023 07:49:12 GMT
Last-Modified: Tue, 10 Jan 2023 07:49:12 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a831a999b5e598b4e9f4e31e8054ca7c
9971a4a806f48777ae6d9525085d16d0c6314c51
cdffa8dd48e75baa98670f82dfac2b3948667ca32dd93f469d2cd49d3a58581c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6281
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 23:08:50 GMT
Etag: "63bd2aaa-1d7"
Last-Modified: Tue, 10 Jan 2023 21:24:09 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 367fdd012f411eaf7afb1464f38ac4ad
3ff361d8d55cd528502c06066d783884f38121ca
d5eeca2ef5d075a9b7c97e18108e3f1b8ee8a7be8015581d173f1742f75b2486
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143853
Date: Tue, 10 Jan 2023 23:08:51 GMT
Etag: "63bd727b-1d7"
Expires: Thu, 12 Jan 2023 15:06:24 GMT
Last-Modified: Tue, 10 Jan 2023 14:13:15 GMT
Server: ECS (dcb/7F18)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: T4bAewn-MzgK8ebGygpZnlwMT9Uzcrbr7EK2I-ZVt8sDc2YwPf1T9g==
Age: 3190
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6c62a7201b8d88148927100c57993e27
cfd2e700882290cd6cd0abfe8b682440f3746a63
dde9de8a7cc94de43fbc01fbc18ba8bc8304db7dbf5ffbe7fa3a098ee4c63816
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=117622
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 23:08:51 GMT
Etag: "63bd1878-117"
Expires: Thu, 12 Jan 2023 07:49:13 GMT
Last-Modified: Tue, 10 Jan 2023 07:49:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
54.212.170.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.212.170.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZVIvJwackOGPDwhoMed7aA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yQjtqF8gSFwU9Pchy/0irX5f8cA=
goads.pro/bridge/intg.js?v=8
3.64.249.95200 OK 269 B URL HTTP/2 goads.pro/bridge/intg.js?v=8
IP 3.64.249.95:0
Hash 8c8514ed7eae8968b59692f7897f2857
69e9f6e0625ef8bf0a4099b05f7356587e3e62be
556f2a46047c9b8dedbae5ef8c59dc7ea04ff88e76d7dcda568f1eb2dce03548
Analyzer Verdict Alert fortinet Phishing
GET /bridge/intg.js?v=8 HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
Cookie: dci=64c89b5ad243eb266ccf29a9aef6becb619e486f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 23:08:51 GMT
content-type: application/javascript; charset=UTF-8
content-length: 269
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"10d-18558ae0a18"
vary: Accept-Encoding
X-Firefox-Spdy: h2
goads.pro/bridge/ao_loader.js
3.64.249.95200 OK 836 B URL HTTP/2 goads.pro/bridge/ao_loader.js
IP 3.64.249.95:0
File type ASCII text, with very long lines (835)
Hash 05f233960b55dfe40742964902345911
e00af7d954b5032f95c32341794e0f4d73208bff
d5d65364c02602f4fae5c63195607cfff433ac59d4c7d756e4a0a2e6f33ccd19
Analyzer Verdict Alert fortinet Phishing
GET /bridge/ao_loader.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
Cookie: dci=64c89b5ad243eb266ccf29a9aef6becb619e486f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 23:08:52 GMT
content-type: application/javascript; charset=UTF-8
content-length: 836
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"344-18558ae0a18"
vary: Accept-Encoding
X-Firefox-Spdy: h2
goads.pro/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgoads.pro%2Fjump%3Faffid%3D4b82d238%26tds_cid%3D3987330f139ec36afab3dd052875db464221cc5a%26_tgUrl%3DaHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%252FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%253D%26tds_ac_id%3Ds0729bel%26tds_oid%3D23674%26tds_host%3Dgoads.pro%26clickid%3D5b2c3he1mj2y9fea49%26dci%3D64c89b5ad243eb266ccf29a9aef6becb619e486f%26tds_campaign%3Db7867den%26tds_id%3Db7867den_jump_a_1635405738306%26subid%3D1285fbefca90b0d9471900305dd7fe212c3%26utm_source%3Dint%26tds_ao%3D1%26s1%3Dps%26subid2%3D%257Bsubid2%257D%26tds_p_campaign%3Db3957mar%26id%3D23674%26tds_rt%3D&uaDataValues={}
3.64.249.95200 OK 199 B URL HTTP/2 goads.pro/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgoads.pro%2Fjump%3Faffid%3D4b82d238%26tds_cid%3D3987330f139ec36afab3dd052875db464221cc5a%26_tgUrl%3DaHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%252FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%253D%26tds_ac_id%3Ds0729bel%26tds_oid%3D23674%26tds_host%3Dgoads.pro%26clickid%3D5b2c3he1mj2y9fea49%26dci%3D64c89b5ad243eb266ccf29a9aef6becb619e486f%26tds_campaign%3Db7867den%26tds_id%3Db7867den_jump_a_1635405738306%26subid%3D1285fbefca90b0d9471900305dd7fe212c3%26utm_source%3Dint%26tds_ao%3D1%26s1%3Dps%26subid2%3D%257Bsubid2%257D%26tds_p_campaign%3Db3957mar%26id%3D23674%26tds_rt%3D&uaDataValues={}
IP 3.64.249.95:0
Hash 009352dfef3982ce64e0155d3a98a4b7
b234c9e9e61ec9ce6e5d98147caa8adf552428e3
274fcd0183b956664a6e9d562c1a5f3906df998c40e66567788501e94cda4485
GET /ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgoads.pro%2Fjump%3Faffid%3D4b82d238%26tds_cid%3D3987330f139ec36afab3dd052875db464221cc5a%26_tgUrl%3DaHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%252FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%253D%26tds_ac_id%3Ds0729bel%26tds_oid%3D23674%26tds_host%3Dgoads.pro%26clickid%3D5b2c3he1mj2y9fea49%26dci%3D64c89b5ad243eb266ccf29a9aef6becb619e486f%26tds_campaign%3Db7867den%26tds_id%3Db7867den_jump_a_1635405738306%26subid%3D1285fbefca90b0d9471900305dd7fe212c3%26utm_source%3Dint%26tds_ao%3D1%26s1%3Dps%26subid2%3D%257Bsubid2%257D%26tds_p_campaign%3Db3957mar%26id%3D23674%26tds_rt%3D&uaDataValues={} HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
Cookie: dci=64c89b5ad243eb266ccf29a9aef6becb619e486f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 23:08:52 GMT
content-type: text/javascript; charset=utf-8
content-length: 199
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"c7-sjTJ6eYeyc5uXZgUfKqK31UkKOM"
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/tits-small.jpg
54.230.111.55200 OK 30 kB URL HTTP/2 cdn3reference.com/landings/23674/images/tits-small.jpg
IP 54.230.111.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash 873c365c8a7038936ecaad085b16b85b
407cbd20e47c485e8596a009ef62ea975932d424
fac35c856b5431597d90f79e4aed9a454c10a5d58e166dcbfb40d2c796329f61
GET /landings/23674/images/tits-small.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 29487
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Tue, 10 Jan 2023 23:08:52 GMT
cache-control: public, max-age=604800
etag: "732f-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FC3qDTI8fhtkZh-OP1BkK6dWshAddlpnfiLPJtmh1qelEPNf3OGMpA==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/tits-average.jpg
54.230.111.55200 OK 22 kB URL HTTP/2 cdn3reference.com/landings/23674/images/tits-average.jpg
IP 54.230.111.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash 0d093f438752a6d8462360157086cc7e
c282b299651398cbc814a0712ea96435e7dcf7e9
2c6a69630c6b635ccd5137af320e3b262e80b09429039ab4aa8f5ec1840e0742
GET /landings/23674/images/tits-average.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 21632
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Tue, 10 Jan 2023 23:08:52 GMT
cache-control: public, max-age=604800
etag: "5480-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: DVvqdrurEwyxdwRakkmdYC13zUCG1O0KEQPJJYy9zjUuRN9TKXW4sw==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/ass-average.jpg
54.230.111.55200 OK 24 kB URL HTTP/2 cdn3reference.com/landings/23674/images/ass-average.jpg
IP 54.230.111.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash 44ffa759158ebabe9caf96f6cb1f3696
03a53fd1162a1e2a6ed1bfad47d09af2ab54ac21
272d21bee55c0f85ef07d962165148b7515a07f25ed61bbec4c96e37d780dc74
GET /landings/23674/images/ass-average.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 24466
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Tue, 10 Jan 2023 23:08:52 GMT
cache-control: public, max-age=604800
etag: "5f92-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JZe9vhcsWGC1Mjf-YY6u2IE65l7GeDUnB1k6sSN3i0BjEe_JCUAS5Q==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/ass-big.jpg
54.230.111.55200 OK 29 kB URL HTTP/2 cdn3reference.com/landings/23674/images/ass-big.jpg
IP 54.230.111.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash addc6f4c87845156da366cbe62198b82
2fa50ca5e97f7f6b091114b07820af3868421e6f
f2c2cb0cb53e9d8f80412ac7904a5083d4c9da93ef1fdca6a77ad6178eca60e4
GET /landings/23674/images/ass-big.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 29300
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Tue, 10 Jan 2023 23:08:52 GMT
cache-control: public, max-age=604800
etag: "7274-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hu9Pjr8ItyenAks1wQbz2QtashUQdAQOOHnIs78ZiZt7D1A5LpQSCQ==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/tits-big.jpg
54.230.111.55200 OK 26 kB URL HTTP/2 cdn3reference.com/landings/23674/images/tits-big.jpg
IP 54.230.111.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash e7f4c3332c5c3193853db759346b4969
385b5fb205510e954600c879fc3ca73344d07dec
90ad9ee07b9dafcda13e0854625c52edd70835a084b9786245c0c44faa3eebc6
GET /landings/23674/images/tits-big.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 25995
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Tue, 10 Jan 2023 23:08:52 GMT
cache-control: public, max-age=604800
etag: "658b-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vTvstt2Rl6s0cuVlNnfRrfK2qcLBzcz1k3jNXo1CeIdMiUXW4Vs7SA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20953
Expires: Wed, 11 Jan 2023 04:58:05 GMT
Date: Tue, 10 Jan 2023 23:08:52 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 4869dd33e55646a13f30e71c4e677a6e
bbbac08ceb5f444c9e6ec277dbfa280ec788fa8e
a5ad5a0bf5db110a5a24570a5b3426566aa90b14f2bbfdfd35d0869589be52c4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Tue, 10 Jan 2023 23:08:52 GMT
Etag: "63bb6cfa-1d7"
Server: ECS (dcb/7F5C)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4sRjfyJuPyQLgGbRaI0swc-hQ_Vem2WLL3i44yhhBJlVhUVju_UfaA==
cdn3reference.com/landings/23674/images/ass-small.jpg
54.230.111.55200 OK 26 kB URL HTTP/2 cdn3reference.com/landings/23674/images/ass-small.jpg
IP 54.230.111.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash 944f12f3be6036474668857dd8987b4d
029d2f8821ac3a7af4ac286e2f006e9c0fe8f5ad
a51df9f425b1642550136741dfd63f20df73eaabdbe42e6c2c94d868bb2ce762
GET /landings/23674/images/ass-small.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 25824
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Tue, 10 Jan 2023 23:08:52 GMT
cache-control: public, max-age=604800
etag: "64e0-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qOaDTG-JC110dWI4csO8jEXM0gLcdfIRu_UHhcGu-Yd2xM_z8MWpJg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20953
Expires: Wed, 11 Jan 2023 04:58:05 GMT
Date: Tue, 10 Jan 2023 23:08:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20953
Expires: Wed, 11 Jan 2023 04:58:05 GMT
Date: Tue, 10 Jan 2023 23:08:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20953
Expires: Wed, 11 Jan 2023 04:58:05 GMT
Date: Tue, 10 Jan 2023 23:08:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a4e5f8-90d2-4932-b687-e827f7b75a6b.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a4e5f8-90d2-4932-b687-e827f7b75a6b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 82b10434cd29773d0f2f05a9904bd8d7
254f8d0a30d61afe871b7d603d4f0669bfb59808
5955b48e68572fd477fbb1bf172c3d590320b7408668a7fc586022362dd7447d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a4e5f8-90d2-4932-b687-e827f7b75a6b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8395
x-amzn-requestid: 13f52de6-c624-4005-8c98-b8299ce3d156
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei75DGBwIAMFU3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9d3-278ee7ad4b30336e2ada7970;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2pOcdK8bVXyEoZvhn6X6jYWBA53UY_zuNExfPEMaVxuPuWeNyEGjCA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:47:53 GMT
age: 4859
etag: "254f8d0a30d61afe871b7d603d4f0669bfb59808"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4869fe48-260f-46c9-81a4-5ac67e647443.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4869fe48-260f-46c9-81a4-5ac67e647443.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a241015ff8d404c1837655539fc53ed
6dc1b2fd2ef31f12d95e912ed56316c2fb01ae35
c289b877f9e66a830ec4effffd411d1e1a251aac2fa82ac80bee8369bce1748b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4869fe48-260f-46c9-81a4-5ac67e647443.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8772
x-amzn-requestid: 0d049342-a984-487a-b48b-862704fa3d5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei8QdFKXIAMFX0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdda69-1caef78222b6470241e7db53;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:36:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aE4f4yuWkPLj8UAKwg4efQzzP1fI9fcXpv2AG2ZJZxMVx920yqqbQg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:43:48 GMT
age: 5104
etag: "6dc1b2fd2ef31f12d95e912ed56316c2fb01ae35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd94a5360-2ddf-4088-a880-212e75db1287.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd94a5360-2ddf-4088-a880-212e75db1287.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aad80e2c0386d7c7d88ac85b00d2e50f
291629800087b85000b89165892b05fd7babd8b3
bac555de181f5181e01bccf20691916725baae448130a1de3c8da908f60a727f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd94a5360-2ddf-4088-a880-212e75db1287.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7602
x-amzn-requestid: 10f2172b-1c93-4525-bdc7-23cb66d878dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eS1mOHeuoAMFfpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7695a-385d20e03946bf41036d6378;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 00:20:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Eoz-ra19uQNrO5CyWYbe_ASmTkgYmSxE3RoSmWSEmQ-KpvpyQlIYbw==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:56:36 GMT
age: 4336
etag: "291629800087b85000b89165892b05fd7babd8b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94fd75b6-8b38-4585-a6d9-7fe9c9b69e86.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94fd75b6-8b38-4585-a6d9-7fe9c9b69e86.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d51c94181cae0f64af5a64d0a154598
e540e8d54f425408d38a4ad69144ec87041a440c
4577272b9ef8c0d2c431d84dd241fe174ab986900f9c78075e8938e15eaff731
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94fd75b6-8b38-4585-a6d9-7fe9c9b69e86.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7412
x-amzn-requestid: 1794e3d3-4c51-4745-bfdd-330ffdb2ac6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eTxflFI3oAMFx6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7c930-2060926968f809af6f667c72;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 07:09:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9M5rXjdoNUWCaFosOrE1d_yJCddzaVFnOrB4Upe3Nv4q5iaDK57Bgg==
via: 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 13:35:31 GMT
age: 34401
etag: "e540e8d54f425408d38a4ad69144ec87041a440c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4da885e-af97-45cf-8aa1-1867db7d3381.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4da885e-af97-45cf-8aa1-1867db7d3381.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36f19790a56d051ec79ac837bf8ee625
3a50370e7b5321826a85717d1164a76e510018ad
e84237643e2d757be51f40e71c891e3c424709fa3a47b34e2e181275cb725844
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4da885e-af97-45cf-8aa1-1867db7d3381.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3462
x-amzn-requestid: 7a2e8620-e3e1-4429-bdc7-fa95b88cb7eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eY6FUHckIAMFjUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9d6ee-6907fd97018a896951e608d8;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 20:32:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yp0goMhWNWa0Ud0iUfr9IvdKM-v1kUs_DfwrOCxUTAeGUmb25hsRRg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 13:13:59 GMT
age: 35693
etag: "3a50370e7b5321826a85717d1164a76e510018ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe834a7de-1ed4-4b8b-a3be-fce3151bd1b1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe834a7de-1ed4-4b8b-a3be-fce3151bd1b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 68af9d9acdc08345ac38ae59f83a9a24
d3c0b7fa6ab4f421835acd595a75b5035d1ff9ee
1ae2e194f6bb20166d326002b39a4e3f44a9a97046e77ffd2a186eae384b7ce1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe834a7de-1ed4-4b8b-a3be-fce3151bd1b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10640
x-amzn-requestid: 0b0b6732-7692-4b35-9625-154dc39386dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei745GEooAMFafA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9d2-314dad90600e9d8c737adf05;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZR6BWnywdcRk5KkmuuMtlIgFKqD_IHiv9jSum7TsjPo5US-gkn7Z-w==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:43:43 GMT
etag: "d3c0b7fa6ab4f421835acd595a75b5035d1ff9ee"
content-type: image/jpeg
age: 5109
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 6b11b6253aaf522320ab85bcb5a7ae3e
12caaeaf823a0ce97549d4bf2cc727c135313b22
6539b16feab0102e166ffb63e5a5f8dc2e917053d430f093f4e99687ce716324
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 23:08:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
142.250.74.168200 OK 51 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP 142.250.74.168:0
File type ASCII text, with very long lines (4073)
Hash dfd911deddca8fd7ab56a7cb22979569
265cf449f8dc616ec648f399cb47b366ab332f42
09b81929fb1f99c0b1505bc4ceabdb5f414b53cb2d8721c0f5299239a4205cea
GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 10 Jan 2023 23:08:52 GMT
expires: Tue, 10 Jan 2023 23:08:52 GMT
cache-control: private, max-age=900
last-modified: Tue, 10 Jan 2023 22:25:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50930
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/bg_2.jpg
54.230.111.55200 OK 99 kB URL HTTP/2 cdn3reference.com/landings/23674/images/bg_2.jpg
IP 54.230.111.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components 3\012- data
Hash e02bf382dcfca702160af988acff0d1a
379dfdc8d31c45667ceb27a3a77e3df044e24ff3
b39336ed9cd055d8f804779fbc7ccf4052ff8a34dfb1124f9a7ac68714db02af
GET /landings/23674/images/bg_2.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/23674/css/36f147efc1f0d6cafd1dcae49f227755.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 98872
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Tue, 10 Jan 2023 23:08:52 GMT
cache-control: public, max-age=604800
etag: "18238-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iQ8CZY-zOd1B4MVQBfzga61mfQ89g2WuvsApZZPlYepunF_-fRuHmA==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/bg_3.jpg
54.230.111.55200 OK 83 kB URL HTTP/2 cdn3reference.com/landings/23674/images/bg_3.jpg
IP 54.230.111.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components 3\012- data
Hash 10607d2f8cd534af7d760a4326e9271b
7ba7808e29f966248668988c8cee9ceed5588ea0
c26df0b44fba9abe158835f6320ce3f0e7573993504586152c79464435b2c30b
GET /landings/23674/images/bg_3.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/23674/css/36f147efc1f0d6cafd1dcae49f227755.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 82850
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Tue, 10 Jan 2023 23:08:52 GMT
cache-control: public, max-age=604800
etag: "143a2-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: AtEv-JQmw6gK9aTJlC871EZGmsXmzZUI2gZsPayDkC-ev_Xp1Wf9sw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 6b11b6253aaf522320ab85bcb5a7ae3e
12caaeaf823a0ce97549d4bf2cc727c135313b22
6539b16feab0102e166ffb63e5a5f8dc2e917053d430f093f4e99687ce716324
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 23:08:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
goads.pro/tds/ae?tdsId=s0729bel_r&tds_campaign=s0729bel&s1=ps&utm_source=int&utm_sub=opnfnl&clickid=5b2c3he1mj2y9fea49&subid=1285fbefca90b0d9471900305dd7fe212c3&subid2={subid2}&affid=4b82d238
3.64.249.95302 Found 1.5 kB URL HTTP/2 goads.pro/tds/ae?tdsId=s0729bel_r&tds_campaign=s0729bel&s1=ps&utm_source=int&utm_sub=opnfnl&clickid=5b2c3he1mj2y9fea49&subid=1285fbefca90b0d9471900305dd7fe212c3&subid2={subid2}&affid=4b82d238
IP 3.64.249.95:0
File type gzip compressed data, from Unix\012- data
Hash d7799d9290931f56152423ea97c98bde
5a9377f9e15acd485200c7e2417b06e8264cec32
d2a0df6e9ffdbb952aea08dcad36e1ab5971e3b1a3b9d88a227919108b47ad42
GET /tds/ae?tdsId=s0729bel_r&tds_campaign=s0729bel&s1=ps&utm_source=int&utm_sub=opnfnl&clickid=5b2c3he1mj2y9fea49&subid=1285fbefca90b0d9471900305dd7fe212c3&subid2={subid2}&affid=4b82d238 HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 10 Jan 2023 23:08:51 GMT
location: https://goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=64c89b5ad243eb266ccf29a9aef6becb619e486f; Max-Age=31536000; Domain=.goads.pro; Path=/; Expires=Wed, 10 Jan 2024 23:08:51 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Sun, 15 Jan 2023 23:08:51 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 717e46c67f1d7a8ed063b7a549838f8e
101c70474277ecf8e100263c8475ee27b2926c52
9d9163281abf23d2a036a7ecc974b212e711ace76e015238d77e3c215bafac0f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Tue, 10 Jan 2023 23:08:52 GMT
Etag: "63bdcc5c-1d7"
Server: ECS (dcb/7EA7)
X-Cache: Miss from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: D3kYgKnYYBAXWpTQB-Q3F9OC-scIhJc1nql0i3ikSlc8lkEBQz7wrg==
goads.pro/integration.js
3.64.249.95200 OK 0 B IP 3.64.249.95:0
Analyzer Verdict Alert fortinet Phishing
GET /integration.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
Cookie: dci=64c89b5ad243eb266ccf29a9aef6becb619e486f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 23:08:52 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"70c-g/VrQL6RfqlPOn1A0dFDRkNyx7g"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
goads.pro/bridge/frodi_data.js
3.64.249.95200 OK 0 B URL HTTP/2 goads.pro/bridge/frodi_data.js
IP 3.64.249.95:0
Analyzer Verdict Alert fortinet Phishing
GET /bridge/frodi_data.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
Cookie: dci=64c89b5ad243eb266ccf29a9aef6becb619e486f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 23:08:52 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"19f8-18558ae0a18"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
goads.pro/bridge/crypto-4.1.1.js
3.64.249.95200 OK 0 B URL HTTP/2 goads.pro/bridge/crypto-4.1.1.js
IP 3.64.249.95:0
Analyzer Verdict Alert fortinet Phishing
GET /bridge/crypto-4.1.1.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
Cookie: dci=64c89b5ad243eb266ccf29a9aef6becb619e486f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 23:08:52 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"bde2-18558ae0a18"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
goads.pro/ao.js
3.64.249.95200 OK 0 B IP 3.64.249.95:0
Analyzer Verdict Alert fortinet Phishing
GET /ao.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
Cookie: dci=64c89b5ad243eb266ccf29a9aef6becb619e486f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 23:08:52 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"1509-18558ae0a18"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/js/b3baa6ef873d9c917f4e6f20d71ac5da.js
54.230.111.55200 OK 0 B URL HTTP/2 cdn3reference.com/landings/23674/js/b3baa6ef873d9c917f4e6f20d71ac5da.js
IP 54.230.111.55:0
GET /landings/23674/js/b3baa6ef873d9c917f4e6f20d71ac5da.js HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Tue, 10 Jan 2023 23:08:52 GMT
last-modified: Wed, 29 May 2019 07:06:14 GMT
content-encoding: gzip
etag: W/"17d99-58a016abe2580"
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CeQLBUNPkWzcnBDAP79sO7gwLLLxLQct3miqOe5pKtcrGc1iYZU5yg==
X-Firefox-Spdy: h2
retarget2core.com/fp/fp_ec.js
52.58.118.128200 OK 0 B URL HTTP/2 retarget2core.com/fp/fp_ec.js
IP 52.58.118.128:0
GET /fp/fp_ec.js HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 10 Jan 2023 23:08:53 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"4bd-18558ae0a18"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
nn1.tracksofast.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63bdf002a3b1190001a11376&affpid=67459&action_id=NOdesktop&referrer=&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,377,[MOB+WEB]%20Jolly.me%20Adult%2025+%20-%20PPL%20-%20BR/EC/GT/DO/AR/PE/HN/CL/CR/UY/PR%20-%20Adult%20Dating%20-%20SOI
104.21.70.202302 Found 0 B URL HTTP/2 nn1.tracksofast.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63bdf002a3b1190001a11376&affpid=67459&action_id=NOdesktop&referrer=&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,377,[MOB+WEB]%20Jolly.me%20Adult%2025+%20-%20PPL%20-%20BR/EC/GT/DO/AR/PE/HN/CL/CR/UY/PR%20-%20Adult%20Dating%20-%20SOI
IP 104.21.70.202:0
GET /c.php?k=63r1l5p2seqav3mqsdvc&clickid=63bdf002a3b1190001a11376&affpid=67459&action_id=NOdesktop&referrer=&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,377,[MOB+WEB]%20Jolly.me%20Adult%2025+%20-%20PPL%20-%20BR/EC/GT/DO/AR/PE/HN/CL/CR/UY/PR%20-%20Adult%20Dating%20-%20SOI HTTP/1.1
Host: nn1.tracksofast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 10 Jan 2023 23:08:50 GMT
content-type: text/html; charset=UTF-8
location: https://goads.pro/tds/ae?tdsId=s0729bel_r&tds_campaign=s0729bel&s1=ps&utm_source=int&utm_sub=opnfnl&clickid=5b2c3he1mj2y9fea49&subid=1285fbefca90b0d9471900305dd7fe212c3&subid2={subid2}&affid=4b82d238
set-cookie: uclick=he1mj2y90; expires=Wed, 11-Jan-2023 23:08:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=he1mj2y90-he1mj2y90-1z-1zx9-bghq-1zocwj-1zocvr-390438; expires=Wed, 11-Jan-2023 23:08:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclick=he1mj2y90; expires=Wed, 11-Jan-2023 23:08:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=he1mj2y90-he1mj2y9fe-q5g5-1z1m-bgtw-1ze28n-1ze2fe-fd0c5f; expires=Wed, 11-Jan-2023 23:08:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0BW07l6SdNMPWJlLZSsTUYU22ECU2EXMy8t5q2yfTmotmxAFy2INMRtWYzU0vRhYc3glq5hlX34aF%2B%2BMDsewgfokhC6vt3DXyTLfQbnE7FzXe%2FW%2FlSoxbWA0MvOW2wrsRKYfkOP1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 787913afec76b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
3.64.249.95200 OK 0 B URL HTTP/2 goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
IP 3.64.249.95:0
GET /jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt= HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: dci=64c89b5ad243eb266ccf29a9aef6becb619e486f; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 23:08:51 GMT
content-type: text/html; charset=UTF-8
server: nginx
content-encoding: br
X-Firefox-Spdy: h2
cdn3reference.com/js/dc_img.js?v=8
54.230.111.55200 OK 0 B URL HTTP/2 cdn3reference.com/js/dc_img.js?v=8
IP 54.230.111.55:0
GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Tue, 10 Jan 2023 23:08:52 GMT
last-modified: Thu, 29 Oct 2020 09:19:39 GMT
content-encoding: gzip
etag: W/"1e8-5b2cbc78da216"
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8W50-LxROcQWfWCeUWe2HWuEsn0JqrMCwsqUbPe6nXTaIRgiMY09MQ==
X-Firefox-Spdy: h2
cdn.freshmarketer.com/399348/1047486.js
54.230.111.27403 Forbidden 0 B URL HTTP/2 cdn.freshmarketer.com/399348/1047486.js
IP 54.230.111.27:0
GET /399348/1047486.js HTTP/1.1
Host: cdn.freshmarketer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
content-type: application/xml
date: Tue, 10 Jan 2023 23:08:52 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TgKakGJDN80QLIijQ95qLqi4sGuuTSNnVOy60kB_FdCiQkbg8IGiNQ==
X-Firefox-Spdy: h2
goads.pro/tds/interlayer?handler=FrodiData
3.64.249.95200 OK 0 B URL HTTP/2 goads.pro/tds/interlayer?handler=FrodiData
IP 3.64.249.95:0
Analyzer Verdict Alert fortinet Phishing
POST /tds/interlayer?handler=FrodiData HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 1421
Origin: https://goads.pro
Connection: keep-alive
Referer: https://goads.pro/jump?affid=4b82d238&tds_cid=3987330f139ec36afab3dd052875db464221cc5a&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDc1YjQ5YzNmYzE5MTA4ZmYwYzI3YTNlYWNiZmM0N2U%2FX190PTE2NzMzOTIxMzE0OTkmX19sPTM2MDA%3D&tds_ac_id=s0729bel&tds_oid=23674&tds_host=goads.pro&clickid=5b2c3he1mj2y9fea49&dci=64c89b5ad243eb266ccf29a9aef6becb619e486f&tds_campaign=b7867den&tds_id=b7867den_jump_a_1635405738306&subid=1285fbefca90b0d9471900305dd7fe212c3&utm_source=int&tds_ao=1&s1=ps&subid2=%7Bsubid2%7D&tds_p_campaign=b3957mar&id=23674&tds_rt=
Cookie: dci=64c89b5ad243eb266ccf29a9aef6becb619e486f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 23:08:54 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
X-Firefox-Spdy: h2
cdn3reference.com/images/jump-favicon.ico
54.230.111.55200 OK 0 B URL HTTP/2 cdn3reference.com/images/jump-favicon.ico
IP 54.230.111.55:0
GET /images/jump-favicon.ico HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
server: nginx
date: Tue, 10 Jan 2023 23:08:52 GMT
last-modified: Fri, 05 Dec 2014 08:28:50 GMT
cache-control: public, max-age=604800
content-encoding: gzip
etag: W/"47e-50973ddcdee10"
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 014SExU-N321RdbtJ0TxNXdOwHBM7KpCj4BIRQd60HesoQ4LUtXbpg==
X-Firefox-Spdy: h2