www2.lone1y.com/click?pid=57346&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB]+TikTokXXX+-+PPL+-+Click-2-SMS+-+Adult+Dating+-+DOI
104.21.71.37301 Moved Permanently 0 B URL HTTP/1.1 www2.lone1y.com/click?pid=57346&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB]+TikTokXXX+-+PPL+-+Click-2-SMS+-+Adult+Dating+-+DOI
IP 104.21.71.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=57346&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB]+TikTokXXX+-+PPL+-+Click-2-SMS+-+Adult+Dating+-+DOI HTTP/1.1
Host: www2.lone1y.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 16 Sep 2022 17:41:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 16 Sep 2022 18:41:09 GMT
Location: https://www2.lone1y.com/click?pid=57346&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB]+TikTokXXX+-+PPL+-+Click-2-SMS+-+Adult+Dating+-+DOI
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vCOoLje56XC6XbZnImlzzzbhfLeraKSKC4ZTgd4Uu5kqbl6Jqhyvlms8oJdWsZ8%2F8lipV%2BeSwcfmVmXGfzXJh8Jqv5UGeF4zAK0s4cTlnKysxIYSjbbMHHXcCyZ8DrlrPzk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74bb642b8a7fb529-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 16 Sep 2022 17:10:52 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: U-BT1n23j0ZWaNJJk3fPKZI4fJ1soBEW_jpIkaWN1QuBsigW9t63LA==
Age: 1817
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b0d651d83075c7a68e3c6a9204226150
294785e3f3a67cdd5f1a530b83a2cbd2c2cc0665
17cbb43fd6662576ba3fe8e06cf44247c903c1313cc419053599c41e286a2442
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17CBB43FD6662576BA3FE8E06CF44247C903C1313CC419053599C41E286A2442"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6907
Expires: Fri, 16 Sep 2022 19:36:16 GMT
Date: Fri, 16 Sep 2022 17:41:09 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 16 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ukrjg9a2fsNZz-Q9xtAh5SmAGo4knBbyPPEZoPp6BOs3UXXnoBljLQ==
age: 47154
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d780c58672be2285929ef965a69a4c4b
bfd787ce45edd32930abb3a8ce79324fbd4b6ee3
589cf7dc6b9dc9ab613fb0f08c1b157d67c211b0855f20aa8a7349cf1b0bcc77
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "589CF7DC6B9DC9AB613FB0F08C1B157D67C211B0855F20AA8A7349CF1B0BCC77"
Last-Modified: Thu, 15 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14452
Expires: Fri, 16 Sep 2022 21:42:01 GMT
Date: Fri, 16 Sep 2022 17:41:09 GMT
Connection: keep-alive
www2.lone1y.com/click?pid=57346&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB]+TikTokXXX+-+PPL+-+Click-2-SMS+-+Adult+Dating+-+DOI
104.21.71.37302 Found 0 B URL HTTP/2 www2.lone1y.com/click?pid=57346&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB]+TikTokXXX+-+PPL+-+Click-2-SMS+-+Adult+Dating+-+DOI
IP 104.21.71.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=57346&offer_id=25&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB]+TikTokXXX+-+PPL+-+Click-2-SMS+-+Adult+Dating+-+DOI HTTP/1.1
Host: www2.lone1y.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 16 Sep 2022 17:41:09 GMT
content-length: 0
location: https://link2.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6324b53581aaea00011f2f78&affpid=57346&action_id=NOdesktop&referrer=&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB] TikTokXXX - PPL - Click-2-SMS - Adult Dating - DOI
set-cookie: afclick=6324b53581aaea00011f2f78; expires=Sat, 16 Sep 2023 17:41:09 GMT; secure; SameSite=None
afoffers={"25":1663350069}; expires=Sat, 16 Sep 2023 17:41:09 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=duFOTuSGxxIMyUiAxgtJpRyQ%2F3s8Wor%2FAML9cqutGC3gJ0pJjulx70fCjyd2x1U7HY%2FgkaPjXunAcH55viqT27DUj5ILkrFunlwFh5lNKTpe59wv9EW8bcZLqRPF2o3t8G0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bb642dcbc8b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 17:41:09 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d780c58672be2285929ef965a69a4c4b
bfd787ce45edd32930abb3a8ce79324fbd4b6ee3
589cf7dc6b9dc9ab613fb0f08c1b157d67c211b0855f20aa8a7349cf1b0bcc77
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "589CF7DC6B9DC9AB613FB0F08C1B157D67C211B0855F20AA8A7349CF1B0BCC77"
Last-Modified: Thu, 15 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14452
Expires: Fri, 16 Sep 2022 21:42:01 GMT
Date: Fri, 16 Sep 2022 17:41:09 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 16 Sep 2022 17:03:22 GMT
Expires: Fri, 16 Sep 2022 17:18:53 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fYNUl9bPmGFEUg3AxDzT_rbNFGjSUAOk3kBUhpQhf6Sx4wdlH9lgWw==
Age: 2267
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3db421016cf0e3ad25f324cf0faf0fac
b15909de1105d4d2fb5be5b3920c454daf022445
914b15f28636e0a5e851540ffb0625ecd09d0546b2f1f7af90b267ceebcf1d5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4331
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 17:41:10 GMT
Last-Modified: Fri, 16 Sep 2022 16:28:59 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.89.15.44101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.15.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bPS3gSrAdo61ixqpRPPBug==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: y5pbCzIbCPhAz//DeA3lk6tXCQc=
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 0aba284861fef46dbd3bff6441c284f3
dee996b9097fa772e2658bd9ddf3509ce76deba6
d40549958a474dab309db68ad3bd2cb388ac5ed037a76375190ec41c41cbf64b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 16 Sep 2022 17:41:10 GMT
Last-Modified: Fri, 16 Sep 2022 17:33:26 GMT
Server: ECS (dcb/7F81)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EKS3EF1fWaZoxNq0_64SRdX3eutsINM4Md6VpvUftUW_iLx1YB82UQ==
Age: 464
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9637
Expires: Fri, 16 Sep 2022 20:21:48 GMT
Date: Fri, 16 Sep 2022 17:41:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9637
Expires: Fri, 16 Sep 2022 20:21:48 GMT
Date: Fri, 16 Sep 2022 17:41:11 GMT
Connection: keep-alive
goads.pro/bridge/intg.js?v=8
52.28.194.13200 OK 332 B URL HTTP/2 goads.pro/bridge/intg.js?v=8
IP 52.28.194.13:0
File type ASCII text, with very long lines (331)
Hash 0f6fbbd07a1685324878c88a0df767f5
7adeeb456eb8b962e14b375440b1b045c347ccf4
f4a2a2209b303ea619087222998e4d4c5bc08621a10a0b0232caa9c866a0ef5c
Analyzer Verdict Alert fortinet Phishing
GET /bridge/intg.js?v=8 HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_ac_id=s0729bel&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&s1=ps&tds_rt=&tds_ao=1&tds_p_campaign=b3957mar&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%2FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%3D&tds_oid=23674&id=23674&tds_host=goads.pro&tds_campaign=b7867den&dci=fc4918caf43fb9bad313372d429996ae46d9412c&affid=4b82d238&subid2=%7Bsubid2%7D
Cookie: dci=fc4918caf43fb9bad313372d429996ae46d9412c; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 17:41:11 GMT
content-type: application/javascript; charset=UTF-8
content-length: 332
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 14 Sep 2022 13:44:41 GMT
etag: W/"14c-1833c3ea128"
vary: Accept-Encoding
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9637
Expires: Fri, 16 Sep 2022 20:21:48 GMT
Date: Fri, 16 Sep 2022 17:41:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9637
Expires: Fri, 16 Sep 2022 20:21:48 GMT
Date: Fri, 16 Sep 2022 17:41:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7d4ee58e0f26ec6817dbab72aa7db6d
b6e634ef27eba9da38c6472565e0fdca6898e4f0
07db05a6ee70a699164ad55da47bfca58e6639956e256d902cbe0388cd7995c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8435
x-amzn-requestid: f6efd924-4f54-41a6-8771-087803b5b8ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU0-EJaoAMFvtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b52-37c21ee857fe27d104b70337;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:38:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hhh1q_MrZVAaRWwmc1IuJbL3KhhwwHQgceaL15okbg4NvKJlWfUjyA==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:02:34 GMT
age: 70717
etag: "b6e634ef27eba9da38c6472565e0fdca6898e4f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f876cdc19dca10c62d83d19303512c7f
9f812c7bc1b42b0cea3e42694e7d1f6738789770
c647aac44ba9eb501eb7def781ca0168b4eb71a716283cc6f4e6782939a396cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12123
x-amzn-requestid: b04ac3c4-b4d8-4094-8b7d-bd229bb7d577
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yb2GvFnEoAMF-Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63216a2a-4e5927ac3f1d0b215ce5a8dc;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 05:44:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1W0Ito5yNmHNxtYBj5jOJQ3Z2OP_Shvhpj94YUDwLHQKzt-zgqjI8A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 03:12:38 GMT
age: 52113
etag: "9f812c7bc1b42b0cea3e42694e7d1f6738789770"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6d17788c7d2a1a91e68eff48df14bd1
8e1090346d90bc69e7a95384e6a7a01154e31567
1e1eefa02e4c55e73be87a309ad5c2335856125cb678cff6ebc42c5ff73a0e2b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9904
x-amzn-requestid: a23cb4b3-db6e-48ae-90b1-3ecf6478bf52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDpH_CIAMFl4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-15869210609a18587467d1e2;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JyXQcHKFIksMgLMROqOfV1ZqdFKSp3QSIlGmXuDR6h88o9J6s-mgkw==
via: 1.1 1002c05e647d0804e83147cdd205d14a.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:14:32 GMT
age: 69999
etag: "8e1090346d90bc69e7a95384e6a7a01154e31567"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a4ed510756efe784c4ca84c61c4b5ba
10262867cfb19d3ba8f618e235d1a98531048f34
b5ba0de5ce381579e49e3e3c23244048fc8aac693ce0c977560f28b9a51f6a0b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10163
x-amzn-requestid: 7c849e5d-468e-4f6a-ad44-c7995bfa81bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvuGFU5oAMF_Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202cc0-5376d2432c79a3146b6c29f4;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:09:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: J5lOTqdLhgg3Hzfw3b86ScfLkODllGEA_y9xUSxBxBCS4sI5nAWKZQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 23:35:10 GMT
age: 65161
etag: "10262867cfb19d3ba8f618e235d1a98531048f34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da1bd18c37b83b0ef4641036dc208eec
abb5c719ec9341c6d4146297a2a1eca171df9c81
0085a66912a814c619a1257545d36610c7109ba32f1b097176102d3d3db2c8d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12425
x-amzn-requestid: 96b5f0d2-1327-4180-9d48-f915630c3de2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDqHyooAMFqyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-7d89d2d7024f6a821a62c948;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dxJEH4Jh8lAZ0T28BZnFLhWczwZ7oOaspCmR-SWudP32cF3BQc6wmw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:56:40 GMT
age: 71071
etag: "abb5c719ec9341c6d4146297a2a1eca171df9c81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 512280055633fcce9abc7d11a9816a24
de5c3e010fca76659455a144875a52c25fa72bdd
435eadb36830928b20d4cf8ead62134b75bd0ed3228489d9fdee66450bcbeaed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13536
x-amzn-requestid: 5533b257-1558-472b-aeb9-8207a78e1110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDzFa4IAMF9Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb1-05d0dfde7a488ed97d2a40d5;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aCCBUNe1NErAN4RiVGCdh-sBxSnMm-XfcFzE-h8IcCq6W1Om-UX45g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:46 GMT
age: 71725
etag: "de5c3e010fca76659455a144875a52c25fa72bdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/tits-average.jpg
54.230.111.104200 OK 22 kB URL HTTP/2 cdn3reference.com/landings/23674/images/tits-average.jpg
IP 54.230.111.104:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash 0d093f438752a6d8462360157086cc7e
c282b299651398cbc814a0712ea96435e7dcf7e9
2c6a69630c6b635ccd5137af320e3b262e80b09429039ab4aa8f5ec1840e0742
GET /landings/23674/images/tits-average.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 21632
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Fri, 16 Sep 2022 17:41:11 GMT
cache-control: public, max-age=604800
etag: "5480-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wAWKR4fb6FCNegOajPlDxSFccOJ-mq88wJDz0QsjarGL9ITU1F84_w==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/tits-small.jpg
54.230.111.104200 OK 30 kB URL HTTP/2 cdn3reference.com/landings/23674/images/tits-small.jpg
IP 54.230.111.104:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash 873c365c8a7038936ecaad085b16b85b
407cbd20e47c485e8596a009ef62ea975932d424
fac35c856b5431597d90f79e4aed9a454c10a5d58e166dcbfb40d2c796329f61
GET /landings/23674/images/tits-small.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 29487
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Fri, 16 Sep 2022 17:41:11 GMT
cache-control: public, max-age=604800
etag: "732f-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KjpRocJGTymcJloxGGXc6ef6rAHMUYShukYi9NtgK5NEcYwnbhEf5A==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/ass-average.jpg
54.230.111.104200 OK 24 kB URL HTTP/2 cdn3reference.com/landings/23674/images/ass-average.jpg
IP 54.230.111.104:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash 44ffa759158ebabe9caf96f6cb1f3696
03a53fd1162a1e2a6ed1bfad47d09af2ab54ac21
272d21bee55c0f85ef07d962165148b7515a07f25ed61bbec4c96e37d780dc74
GET /landings/23674/images/ass-average.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 24466
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Fri, 16 Sep 2022 17:41:11 GMT
cache-control: public, max-age=604800
etag: "5f92-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nccWCyYhUwFj0ym03lKKS4BWZUa-d-XG10NzicNlFo9Yzf4Gz_-Mog==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/ass-small.jpg
54.230.111.104200 OK 26 kB URL HTTP/2 cdn3reference.com/landings/23674/images/ass-small.jpg
IP 54.230.111.104:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash 944f12f3be6036474668857dd8987b4d
029d2f8821ac3a7af4ac286e2f006e9c0fe8f5ad
a51df9f425b1642550136741dfd63f20df73eaabdbe42e6c2c94d868bb2ce762
GET /landings/23674/images/ass-small.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 25824
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Fri, 16 Sep 2022 17:41:11 GMT
cache-control: public, max-age=604800
etag: "64e0-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iIDgBDBwzRNNaDXTTque6ys_BUxj68uR9OAfW-PoOJblhndbOpvPFQ==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/tits-big.jpg
54.230.111.104200 OK 26 kB URL HTTP/2 cdn3reference.com/landings/23674/images/tits-big.jpg
IP 54.230.111.104:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash e7f4c3332c5c3193853db759346b4969
385b5fb205510e954600c879fc3ca73344d07dec
90ad9ee07b9dafcda13e0854625c52edd70835a084b9786245c0c44faa3eebc6
GET /landings/23674/images/tits-big.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 25995
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Fri, 16 Sep 2022 17:41:11 GMT
cache-control: public, max-age=604800
etag: "658b-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0AjQGiIY3WZmln0djve7x4lGqBkxClA14R2YAKWNW_nsJKZR60t0OQ==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/ass-big.jpg
54.230.111.104200 OK 29 kB URL HTTP/2 cdn3reference.com/landings/23674/images/ass-big.jpg
IP 54.230.111.104:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, components 3\012- data
Hash addc6f4c87845156da366cbe62198b82
2fa50ca5e97f7f6b091114b07820af3868421e6f
f2c2cb0cb53e9d8f80412ac7904a5083d4c9da93ef1fdca6a77ad6178eca60e4
GET /landings/23674/images/ass-big.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 29300
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Fri, 16 Sep 2022 17:41:11 GMT
cache-control: public, max-age=604800
etag: "7274-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1OWs_xCsFZtFwQ2XIIeCLaMKpL5YaiGJ7gdg_R7KVJqNRgfkfNjq1w==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 17:41:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.24.14200 OK 14 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (48316), with no line terminators
Hash 2e46e3b0807c19e0ee85603dd4ba3f72
cb55679976d9a5d9933f291218b8ff0f95ebdc17
87a3f839cfc8bca3368a7dec7c5ff14e5f613928e899b601292b5a1f1bd5dc05
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 17:41:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 3200894
expires: Wed, 06 Sep 2023 17:41:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BvxBTMAD%2By5YWihuMzx5ippx3yxYfgDzmaOjDgoRVlD0AC021GtL2Vh8oPqcD9n9UmFBL2hXR%2BxeSeHvggyPXWCR0H7TpJ0BJuwM83NmCT4bTCK08uGOmIMxw7W021eYqYlDTgrC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74bb643d6e61b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 17:41:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
goads.pro/c_js/main.js
52.28.194.13500 Internal Server Error 49 B IP 52.28.194.13:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 3b1dcd73c3f92cbfae5af8d6605a2648
1330b05bf866d3df1b4a972cfa8ea78baea071d3
04098a42cc43ab3c0bef45ae51b3c7adcbf39342e3b6f38b7878f950a993e687
Analyzer Verdict Alert fortinet Phishing
GET /c_js/main.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_ac_id=s0729bel&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&s1=ps&tds_rt=&tds_ao=1&tds_p_campaign=b3957mar&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%2FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%3D&tds_oid=23674&id=23674&tds_host=goads.pro&tds_campaign=b7867den&dci=fc4918caf43fb9bad313372d429996ae46d9412c&affid=4b82d238&subid2=%7Bsubid2%7D
Cookie: dci=fc4918caf43fb9bad313372d429996ae46d9412c; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 500 Internal Server Error
date: Fri, 16 Sep 2022 17:41:11 GMT
content-type: application/json; charset=utf-8
content-length: 49
server: nginx
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
etag: W/"31-EzCwW/hm098bSpcs+o6ni66gcdM"
vary: Accept-Encoding
X-Firefox-Spdy: h2
goads.pro/bridge/ao.js
52.28.194.13200 OK 699 B IP 52.28.194.13:0
File type ASCII text, with very long lines (698)
Hash 6cebf45feb7e4563c5cc6295f32962e9
05b6e9f7db40c500fbf5e6751d763ee1ee9357a0
ff8435de19ba549afe5ad4813fc597bb52fdd6c5b2283d39d5211a94d5068967
Analyzer Verdict Alert fortinet Phishing
GET /bridge/ao.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_ac_id=s0729bel&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&s1=ps&tds_rt=&tds_ao=1&tds_p_campaign=b3957mar&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%2FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%3D&tds_oid=23674&id=23674&tds_host=goads.pro&tds_campaign=b7867den&dci=fc4918caf43fb9bad313372d429996ae46d9412c&affid=4b82d238&subid2=%7Bsubid2%7D
Cookie: dci=fc4918caf43fb9bad313372d429996ae46d9412c; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 17:41:11 GMT
content-type: application/javascript; charset=UTF-8
content-length: 699
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 14 Sep 2022 13:44:41 GMT
etag: W/"2bb-1833c3ea128"
vary: Accept-Encoding
X-Firefox-Spdy: h2
goads.pro/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgoads.pro%2Fjump%3Futm_source%3Dint%26tds_id%3Db7867den_jump_a_1635405738306%26tds_ac_id%3Ds0729bel%26clickid%3D32046xse8h9ydfe596%26subid%3D128f276700014285032bfaf7243a2a33da0%26tds_cid%3Df88ef978851fc477b8600a34685309c32c5f2499%26s1%3Dps%26tds_rt%3D%26tds_ao%3D1%26tds_p_campaign%3Db3957mar%26_tgUrl%3DaHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%252FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%253D%26tds_oid%3D23674%26id%3D23674%26tds_host%3Dgoads.pro%26tds_campaign%3Db7867den%26dci%3Dfc4918caf43fb9bad313372d429996ae46d9412c%26affid%3D4b82d238%26subid2%3D%257Bsubid2%257D&uaDataValues={}
52.28.194.13200 OK 199 B URL HTTP/2 goads.pro/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgoads.pro%2Fjump%3Futm_source%3Dint%26tds_id%3Db7867den_jump_a_1635405738306%26tds_ac_id%3Ds0729bel%26clickid%3D32046xse8h9ydfe596%26subid%3D128f276700014285032bfaf7243a2a33da0%26tds_cid%3Df88ef978851fc477b8600a34685309c32c5f2499%26s1%3Dps%26tds_rt%3D%26tds_ao%3D1%26tds_p_campaign%3Db3957mar%26_tgUrl%3DaHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%252FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%253D%26tds_oid%3D23674%26id%3D23674%26tds_host%3Dgoads.pro%26tds_campaign%3Db7867den%26dci%3Dfc4918caf43fb9bad313372d429996ae46d9412c%26affid%3D4b82d238%26subid2%3D%257Bsubid2%257D&uaDataValues={}
IP 52.28.194.13:0
Hash 009352dfef3982ce64e0155d3a98a4b7
b234c9e9e61ec9ce6e5d98147caa8adf552428e3
274fcd0183b956664a6e9d562c1a5f3906df998c40e66567788501e94cda4485
GET /ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgoads.pro%2Fjump%3Futm_source%3Dint%26tds_id%3Db7867den_jump_a_1635405738306%26tds_ac_id%3Ds0729bel%26clickid%3D32046xse8h9ydfe596%26subid%3D128f276700014285032bfaf7243a2a33da0%26tds_cid%3Df88ef978851fc477b8600a34685309c32c5f2499%26s1%3Dps%26tds_rt%3D%26tds_ao%3D1%26tds_p_campaign%3Db3957mar%26_tgUrl%3DaHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%252FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%253D%26tds_oid%3D23674%26id%3D23674%26tds_host%3Dgoads.pro%26tds_campaign%3Db7867den%26dci%3Dfc4918caf43fb9bad313372d429996ae46d9412c%26affid%3D4b82d238%26subid2%3D%257Bsubid2%257D&uaDataValues={} HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_ac_id=s0729bel&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&s1=ps&tds_rt=&tds_ao=1&tds_p_campaign=b3957mar&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%2FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%3D&tds_oid=23674&id=23674&tds_host=goads.pro&tds_campaign=b7867den&dci=fc4918caf43fb9bad313372d429996ae46d9412c&affid=4b82d238&subid2=%7Bsubid2%7D
Cookie: dci=fc4918caf43fb9bad313372d429996ae46d9412c; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 17:41:12 GMT
content-type: text/javascript; charset=utf-8
content-length: 199
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"c7-sjTJ6eYeyc5uXZgUfKqK31UkKOM"
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 17:41:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
goads.pro/bridge/frodi_data.js
52.28.194.13200 OK 51 kB URL HTTP/2 goads.pro/bridge/frodi_data.js
IP 52.28.194.13:0
Hash 06b41c2bf3bc9c936b6e942f02855bf4
f8b8ce27be0c82c6fa5ed2a2a87af3aaad6528ae
3aa8470ae57eeb283cb8019fe783fd79c4cd112b0d749b67da9786b12706c5b8
Analyzer Verdict Alert fortinet Phishing
GET /bridge/frodi_data.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_ac_id=s0729bel&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&s1=ps&tds_rt=&tds_ao=1&tds_p_campaign=b3957mar&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%2FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%3D&tds_oid=23674&id=23674&tds_host=goads.pro&tds_campaign=b7867den&dci=fc4918caf43fb9bad313372d429996ae46d9412c&affid=4b82d238&subid2=%7Bsubid2%7D
Cookie: dci=fc4918caf43fb9bad313372d429996ae46d9412c; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 17:41:11 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 14 Sep 2022 13:44:41 GMT
etag: W/"19f8-1833c3ea128"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/bg_1.jpg
54.230.111.104200 OK 114 kB URL HTTP/2 cdn3reference.com/landings/23674/images/bg_1.jpg
IP 54.230.111.104:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components 3\012- data
Size 114 kB (114120 bytes)
Hash a5f011b189569ba05adaf85524527cd1
bdab06d7c272deefd1c4df2fe57ab36a68f6a3ab
9b8454a76b0b32c321ecdd949ad4b8d09c902630eb8331ad6a21556e6cd76024
GET /landings/23674/images/bg_1.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/23674/css/36f147efc1f0d6cafd1dcae49f227755.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 114120
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Fri, 16 Sep 2022 17:41:12 GMT
cache-control: public, max-age=604800
etag: "1bdc8-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2GI8cUGqPDaAbBNY7KBWSK1FydAI0j38eOq3rimYrBMGjpl8Y6BGBA==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/bg_2.jpg
54.230.111.104200 OK 99 kB URL HTTP/2 cdn3reference.com/landings/23674/images/bg_2.jpg
IP 54.230.111.104:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components 3\012- data
Hash e02bf382dcfca702160af988acff0d1a
379dfdc8d31c45667ceb27a3a77e3df044e24ff3
b39336ed9cd055d8f804779fbc7ccf4052ff8a34dfb1124f9a7ac68714db02af
GET /landings/23674/images/bg_2.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/23674/css/36f147efc1f0d6cafd1dcae49f227755.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 98872
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Fri, 16 Sep 2022 17:41:12 GMT
cache-control: public, max-age=604800
etag: "18238-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xQaOS91wU7qNqkTEZrbABZEuelfwJdxoZ_iGdbRvslk-ygsKQkKl8Q==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/images/bg_3.jpg
54.230.111.104200 OK 83 kB URL HTTP/2 cdn3reference.com/landings/23674/images/bg_3.jpg
IP 54.230.111.104:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components 3\012- data
Hash 10607d2f8cd534af7d760a4326e9271b
7ba7808e29f966248668988c8cee9ceed5588ea0
c26df0b44fba9abe158835f6320ce3f0e7573993504586152c79464435b2c30b
GET /landings/23674/images/bg_3.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/23674/css/36f147efc1f0d6cafd1dcae49f227755.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 82850
server: nginx
last-modified: Wed, 29 May 2019 07:01:49 GMT
accept-ranges: bytes
date: Fri, 16 Sep 2022 17:41:12 GMT
cache-control: public, max-age=604800
etag: "143a2-58a015af29140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: V4lJOTtUvhujKpvY0IVmV5WgTBau5RAM2yv21JsLB8n-1MYWQj7ksw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 17:41:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 95de2bbe13f789e51adf4c0977e78b7c
7477f35d3a7bda1ae356b1a0200e0cbc509241fa
3a92b544883ec27da5231e1239c0461cb039463908a4ac48d6e2a1f06fdb0ae9
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 16 Sep 2022 17:41:12 GMT
Last-Modified: Fri, 16 Sep 2022 15:58:27 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aIKjrDWRgXXgOPcWL6SMdsbNDgSpM79HwWffqfOpq0K9k1FQdgSP9A==
Age: 6165
retarget2core.com/fp/fp_ec.js
3.124.45.185200 OK 0 B URL HTTP/2 retarget2core.com/fp/fp_ec.js
IP 3.124.45.185:0
GET /fp/fp_ec.js HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 17:41:12 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 14 Sep 2022 13:44:41 GMT
etag: W/"4bd-1833c3ea128"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
link2.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6324b53581aaea00011f2f78&affpid=57346&action_id=NOdesktop&referrer=&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB]%20TikTokXXX%20-%20PPL%20-%20Click-2-SMS%20-%20Adult%20Dating%20-%20DOI
172.67.146.213302 Found 0 B URL HTTP/2 link2.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6324b53581aaea00011f2f78&affpid=57346&action_id=NOdesktop&referrer=&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB]%20TikTokXXX%20-%20PPL%20-%20Click-2-SMS%20-%20Adult%20Dating%20-%20DOI
IP 172.67.146.213:0
GET /c.php?k=63r1l5p2seqav3mqsdvc&clickid=6324b53581aaea00011f2f78&affpid=57346&action_id=NOdesktop&referrer=&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,234,[MOB]%20TikTokXXX%20-%20PPL%20-%20Click-2-SMS%20-%20Adult%20Dating%20-%20DOI HTTP/1.1
Host: link2.tr1net.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 16 Sep 2022 17:41:09 GMT
content-type: text/html; charset=UTF-8
location: https://goads.pro/tds/ae?tdsId=s0729bel_r&tds_campaign=s0729bel&s1=ps&utm_source=int&utm_sub=opnfnl&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&subid2={subid2}&affid=4b82d238
set-cookie: uclick=xse8h9yd0; expires=Sat, 17-Sep-2022 17:41:09 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=xse8h9yd0-xse8h9yd0-1z-1zx9-bghq-1zocwj-1zocvr-fcd85a; expires=Sat, 17-Sep-2022 17:41:09 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclick=xse8h9yd0; expires=Sat, 17-Sep-2022 17:41:09 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=xse8h9yd0-xse8h9ydfe-q5g5-1z1m-bgtw-1ze28n-1ze2fe-d44179; expires=Sat, 17-Sep-2022 17:41:09 GMT; Max-Age=86400; path=/; secure; SameSite=none
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZAB1%2F%2FCNRChVexGiXCnG8lIg%2BT%2BkwrsAIHRhhrfljvQ16r9LUHl5PmxvvTwI%2Fcm7bZhgeZCmwfpN1qwezClYaWSq9%2Fr8EguxTLkM4UzGDTvKx7HBEGjo4bjJgXiC5hwzeAKx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bb642e8a6bb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
goads.pro/tds/ae?tdsId=s0729bel_r&tds_campaign=s0729bel&s1=ps&utm_source=int&utm_sub=opnfnl&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&subid2={subid2}&affid=4b82d238
52.28.194.13302 Found 0 B URL HTTP/2 goads.pro/tds/ae?tdsId=s0729bel_r&tds_campaign=s0729bel&s1=ps&utm_source=int&utm_sub=opnfnl&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&subid2={subid2}&affid=4b82d238
IP 52.28.194.13:0
GET /tds/ae?tdsId=s0729bel_r&tds_campaign=s0729bel&s1=ps&utm_source=int&utm_sub=opnfnl&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&subid2={subid2}&affid=4b82d238 HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 16 Sep 2022 17:41:11 GMT
location: https://goads.pro/jump?utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_ac_id=s0729bel&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&s1=ps&tds_rt=&tds_ao=1&tds_p_campaign=b3957mar&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%2FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%3D&tds_oid=23674&id=23674&tds_host=goads.pro&tds_campaign=b7867den&dci=fc4918caf43fb9bad313372d429996ae46d9412c&affid=4b82d238&subid2=%7Bsubid2%7D
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=fc4918caf43fb9bad313372d429996ae46d9412c; Max-Age=31536000; Domain=.goads.pro; Path=/; Expires=Sat, 16 Sep 2023 17:41:11 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Wed, 21 Sep 2022 17:41:11 GMT
X-Firefox-Spdy: h2
cdn3reference.com/css/webPushMotivationPopupSmall.css?v=2
54.230.111.104200 OK 0 B URL HTTP/2 cdn3reference.com/css/webPushMotivationPopupSmall.css?v=2
IP 54.230.111.104:0
GET /css/webPushMotivationPopupSmall.css?v=2 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Fri, 16 Sep 2022 17:41:11 GMT
last-modified: Wed, 31 Oct 2018 08:29:51 GMT
etag: W/"1340-579821b240313"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3eNfM72ztC1aIDD6hOlPjSBGoRM5XyULEKnXbcOte9HrYOMIZ3FOnw==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/js/b3baa6ef873d9c917f4e6f20d71ac5da.js
54.230.111.104200 OK 0 B URL HTTP/2 cdn3reference.com/landings/23674/js/b3baa6ef873d9c917f4e6f20d71ac5da.js
IP 54.230.111.104:0
GET /landings/23674/js/b3baa6ef873d9c917f4e6f20d71ac5da.js HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Fri, 16 Sep 2022 17:41:11 GMT
last-modified: Wed, 29 May 2019 07:06:14 GMT
content-encoding: gzip
etag: W/"17d99-58a016abe2580"
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2B3WXLBWplbzkQDwjHu3_Z8EI11Jl8BTDx-fyNKkACRGjANxF57ilg==
X-Firefox-Spdy: h2
goads.pro/tds/interlayer?handler=FrodiData
52.28.194.13200 OK 0 B URL HTTP/2 goads.pro/tds/interlayer?handler=FrodiData
IP 52.28.194.13:0
Analyzer Verdict Alert fortinet Phishing
POST /tds/interlayer?handler=FrodiData HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 1602
Origin: https://goads.pro
Connection: keep-alive
Referer: https://goads.pro/jump?utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_ac_id=s0729bel&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&s1=ps&tds_rt=&tds_ao=1&tds_p_campaign=b3957mar&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%2FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%3D&tds_oid=23674&id=23674&tds_host=goads.pro&tds_campaign=b7867den&dci=fc4918caf43fb9bad313372d429996ae46d9412c&affid=4b82d238&subid2=%7Bsubid2%7D
Cookie: dci=fc4918caf43fb9bad313372d429996ae46d9412c; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 17:41:12 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
X-Firefox-Spdy: h2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&dci=fc4918caf43fb9bad313372d429996ae46d9412c&j_type=open&jump=23674&jump_name=
3.124.45.185200 OK 0 B URL HTTP/2 retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&dci=fc4918caf43fb9bad313372d429996ae46d9412c&j_type=open&jump=23674&jump_name=
IP 3.124.45.185:0
GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&dci=fc4918caf43fb9bad313372d429996ae46d9412c&j_type=open&jump=23674&jump_name= HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 17:41:12 GMT
content-type: image/gif
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=f602d000bbd70ca094f22909f7fa834e1f2c6d70; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Sat, 16 Sep 2023 17:41:12 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
goads.pro/jump?utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_ac_id=s0729bel&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&s1=ps&tds_rt=&tds_ao=1&tds_p_campaign=b3957mar&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%2FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%3D&tds_oid=23674&id=23674&tds_host=goads.pro&tds_campaign=b7867den&dci=fc4918caf43fb9bad313372d429996ae46d9412c&affid=4b82d238&subid2=%7Bsubid2%7D
52.28.194.13200 OK 0 B URL HTTP/2 goads.pro/jump?utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_ac_id=s0729bel&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&s1=ps&tds_rt=&tds_ao=1&tds_p_campaign=b3957mar&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%2FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%3D&tds_oid=23674&id=23674&tds_host=goads.pro&tds_campaign=b7867den&dci=fc4918caf43fb9bad313372d429996ae46d9412c&affid=4b82d238&subid2=%7Bsubid2%7D
IP 52.28.194.13:0
GET /jump?utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_ac_id=s0729bel&clickid=32046xse8h9ydfe596&subid=128f276700014285032bfaf7243a2a33da0&tds_cid=f88ef978851fc477b8600a34685309c32c5f2499&s1=ps&tds_rt=&tds_ao=1&tds_p_campaign=b3957mar&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvNDRhOWQ3ZGJmZGMzMDIxYzY0YTQ4MDQwYmNjZjIxOWY%2FX190PTE2NjMzNTAwNzEwNzgmX19sPTM2MDA%3D&tds_oid=23674&id=23674&tds_host=goads.pro&tds_campaign=b7867den&dci=fc4918caf43fb9bad313372d429996ae46d9412c&affid=4b82d238&subid2=%7Bsubid2%7D HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: dci=fc4918caf43fb9bad313372d429996ae46d9412c; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 17:41:11 GMT
content-type: text/html; charset=UTF-8
server: nginx
content-encoding: br
X-Firefox-Spdy: h2
cdn3reference.com/js/dc_img.js?v=8
54.230.111.104200 OK 0 B URL HTTP/2 cdn3reference.com/js/dc_img.js?v=8
IP 54.230.111.104:0
GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Fri, 16 Sep 2022 17:41:11 GMT
last-modified: Thu, 29 Oct 2020 09:19:39 GMT
etag: W/"1e8-5b2cbc78da216"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4ZNz3gm9FOWQ7044UMwheQMGqaUwrHhUMzVJ2OU5Y5C_xfMab-XT6A==
X-Firefox-Spdy: h2
cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8
54.230.111.104200 OK 0 B URL HTTP/2 cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8
IP 54.230.111.104:0
GET /js/webPushMotivationPopupSmall.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Fri, 16 Sep 2022 17:41:11 GMT
last-modified: Wed, 31 Oct 2018 08:31:29 GMT
etag: W/"22c1-5798220f7ced0"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: J65hNT9W-9VqZHkZcCi7k4Lu7isZZlVzf2XpysccgtDojfgXCvL6kQ==
X-Firefox-Spdy: h2
cdn3reference.com/landings/23674/css/36f147efc1f0d6cafd1dcae49f227755.css
54.230.111.104200 OK 0 B URL HTTP/2 cdn3reference.com/landings/23674/css/36f147efc1f0d6cafd1dcae49f227755.css
IP 54.230.111.104:0
GET /landings/23674/css/36f147efc1f0d6cafd1dcae49f227755.css HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Fri, 16 Sep 2022 17:41:11 GMT
last-modified: Wed, 29 May 2019 07:06:14 GMT
content-encoding: gzip
etag: W/"b65-58a016abe2580"
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VA1pdnOJOqab-2NjjBUHEoQpUEK1VYaxPQ9C2jgJ1-7ga_m07CDNcw==
X-Firefox-Spdy: h2