www2.lone1y.com/click?pid=734&offer_id=25&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB+WEB]+Flirterchaud+-+PPL++/FR+-+Adult+Dating+-+SOI
104.21.71.37301 Moved Permanently 0 B URL HTTP/1.1 www2.lone1y.com/click?pid=734&offer_id=25&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB+WEB]+Flirterchaud+-+PPL++/FR+-+Adult+Dating+-+SOI
IP 104.21.71.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=734&offer_id=25&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB+WEB]+Flirterchaud+-+PPL++/FR+-+Adult+Dating+-+SOI HTTP/1.1
Host: www2.lone1y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Feb 2023 11:00:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 25 Feb 2023 12:00:31 GMT
Location: https://www2.lone1y.com/click?pid=734&offer_id=25&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB+WEB]+Flirterchaud+-+PPL++/FR+-+Adult+Dating+-+SOI
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2Fp%2BYTVx3D4G2DvYFRbsRFf%2FvzAglDAyvsn%2Fktqb7dSu9Cg8jbsLXNM%2FudAWHvRQ0ihMdCjpDemmpwZH2C8wA651%2BPyGVE43v%2B8zoXiaKNlozusqgsmsXZSXuxZwLbbyDrM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79eff00efa13b52d-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8083775b7a6637d27672cc4a2581fa2d
023420d026fbf2cd0f69d5606524094011375202
66664ed1d36948fe99498950e3525d03c1797689c9186c4cd0bd5ded531b3bac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66664ED1D36948FE99498950E3525D03C1797689C9186C4CD0BD5DED531B3BAC"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8292
Expires: Sat, 25 Feb 2023 13:18:43 GMT
Date: Sat, 25 Feb 2023 11:00:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7a57f620f4b5b83c5c9520e881269446
d46ca3756afc5d9775c1e48c78b39d11574d507a
8417deae76018365ad55aabd7950ed99f429e02c3915626137695f90c955215b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8417DEAE76018365AD55AABD7950ED99F429E02C3915626137695F90C955215B"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3190
Expires: Sat, 25 Feb 2023 11:53:41 GMT
Date: Sat, 25 Feb 2023 11:00:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 29cfccb9238759ed21dbb0d92cae75f8
f41ad1b02e353cd2b33af7618c71cc16fae2886e
91e392e78e584e8a82762dab0d5615aa1af3893237d601db3d45bb6fad488580
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91E392E78E584E8A82762DAB0D5615AA1AF3893237D601DB3D45BB6FAD488580"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5614
Expires: Sat, 25 Feb 2023 12:34:05 GMT
Date: Sat, 25 Feb 2023 11:00:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Feb 2023 10:07:47 GMT
content-type: application/json
age: 3164
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6ZP81zpP0pbHfYwP5v1bGeMEu5v3RbvM3o0rX7ZhVejI4VZF0gcMzyUd+bZyWqLsr8+fAB9CGrg5mutUDS7EdA==
x-amz-request-id: JFRZENJYA8DK21WJ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Feb 2023 10:30:58 GMT
age: 1773
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 11:00:31 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d5d467666e21b7e5e8a1cd52ed232008
e979c236779ab1f6190a85558bf279a17fbf5ba0
0b69834e272b326c4d48f11fd6d72f713500998ae597bd5ea4fd414aee7f2d05
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 11:00:31 GMT
Etag: "63f7b247-117"
Server: ECS (amb/6B84)
Content-Length: 280
www2.lone1y.com/click?pid=734&offer_id=25&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB+WEB]+Flirterchaud+-+PPL++/FR+-+Adult+Dating+-+SOI
172.67.143.19302 Found 0 B URL HTTP/2 www2.lone1y.com/click?pid=734&offer_id=25&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB+WEB]+Flirterchaud+-+PPL++/FR+-+Adult+Dating+-+SOI
IP 172.67.143.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=734&offer_id=25&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB+WEB]+Flirterchaud+-+PPL++/FR+-+Adult+Dating+-+SOI HTTP/1.1
Host: www2.lone1y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 25 Feb 2023 11:00:31 GMT
content-length: 0
location: https://tr1.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63f9ea4f7dc81c00010ff617&affpid=734&action_id=NOdesktop&referrer=&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB WEB] Flirterchaud - PPL /FR - Adult Dating - SOI
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63f9ea4f7dc81c00010ff617; expires=Sun, 25 Feb 2024 11:00:31 GMT; secure; SameSite=None
afoffers={"25":1677322831}; expires=Sun, 25 Feb 2024 11:00:31 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRYXzimVM6LQGWm8JR9PY7M%2Bdt9F713Q6z03H8BjxkxVQczucdwsUk0qW84T6cfR10pi4IlIER6AHBxXzD17ez4Xk2n%2FkqDVx9fRGcGb7ipD5gy8%2BGGIYCpoLRmOZHRx1AM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79eff0129c5db50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d5d467666e21b7e5e8a1cd52ed232008
e979c236779ab1f6190a85558bf279a17fbf5ba0
0b69834e272b326c4d48f11fd6d72f713500998ae597bd5ea4fd414aee7f2d05
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 11:00:31 GMT
Etag: "63f7b247-117"
Last-Modified: Sat, 25 Feb 2023 11:00:31 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 280
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Expires, Last-Modified, Cache-Control, ETag, Backoff, Content-Type, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Feb 2023 10:12:23 GMT
age: 2888
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/tMJ5qQUFq9g
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/tMJ5qQUFq9g
IP 142.250.74.131:0
Hash 8c2dedc608d0522bda494ca9aef58566
fc05daf8a15225bb641d50a1ca19fc61b5152769
0a104ad79c352805ff7fde62d7d96f8f0fc67d89575373e1e212944f314f939e
POST /s/gts1p5/tMJ5qQUFq9g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 11:00:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b1d73c7d1e3e594a7be10b7ac62176ac
46105f3b581c409f00524674825c08343e4d71d1
7b31674705946d30e1822ddca8008520258d81a32cb11fadeded012dac2b0d13
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B31674705946D30E1822DDCA8008520258D81A32CB11FADEDED012DAC2B0D13"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6654
Expires: Sat, 25 Feb 2023 12:51:26 GMT
Date: Sat, 25 Feb 2023 11:00:32 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/tMJ5qQUFq9g
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/tMJ5qQUFq9g
IP 142.250.74.131:0
Hash 8c2dedc608d0522bda494ca9aef58566
fc05daf8a15225bb641d50a1ca19fc61b5152769
0a104ad79c352805ff7fde62d7d96f8f0fc67d89575373e1e212944f314f939e
POST /s/gts1p5/tMJ5qQUFq9g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 11:00:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash a66ab92c629ed13fe821bec50b019a98
dd34cf8edcb9cdd14e5f9fc097ee1f898c6c63b2
1cd74541872ff0caabf82adf1b28eb801acbdb0d9c71d744e9a5d7c7748646f4
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=148101
Date: Sat, 25 Feb 2023 11:00:32 GMT
Etag: "63f9894d-1d7"
Expires: Mon, 27 Feb 2023 04:08:53 GMT
Last-Modified: Sat, 25 Feb 2023 04:06:37 GMT
Server: ECS (dcb/7EA5)
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yk2_28Tf5euerfplaiCjgcg9tukuCzATFdH6fC2s0VUf2hvoQLFJJw==
Age: 136
push.services.mozilla.com/
52.35.169.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.169.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CVwZGkioX1Sc5O0T42dr0Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fTVT7mKSrqDhKRad29qCPZI0mgk=
goads.pro/bridge/intg.js?v=8
3.65.87.157200 OK 269 B URL HTTP/2 goads.pro/bridge/intg.js?v=8
IP 3.65.87.157:0
Hash 8c8514ed7eae8968b59692f7897f2857
69e9f6e0625ef8bf0a4099b05f7356587e3e62be
556f2a46047c9b8dedbae5ef8c59dc7ea04ff88e76d7dcda568f1eb2dce03548
Analyzer Verdict Alert fortinet Phishing
GET /bridge/intg.js?v=8 HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps
Cookie: dci=ab59ace213cbd239f8f17c14e6e55e867f76636f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:33 GMT
content-type: application/javascript; charset=UTF-8
content-length: 269
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 23 Feb 2023 11:16:36 GMT
etag: W/"10d-1867dfd4620"
vary: Accept-Encoding
X-Firefox-Spdy: h2
goads.pro/bridge/ao_loader.js
3.65.87.157200 OK 836 B URL HTTP/2 goads.pro/bridge/ao_loader.js
IP 3.65.87.157:0
File type ASCII text, with very long lines (835)
Hash 05f233960b55dfe40742964902345911
e00af7d954b5032f95c32341794e0f4d73208bff
d5d65364c02602f4fae5c63195607cfff433ac59d4c7d756e4a0a2e6f33ccd19
Analyzer Verdict Alert fortinet Phishing
GET /bridge/ao_loader.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps
Cookie: dci=ab59ace213cbd239f8f17c14e6e55e867f76636f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:33 GMT
content-type: application/javascript; charset=UTF-8
content-length: 836
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 23 Feb 2023 11:16:36 GMT
etag: W/"344-1867dfd4620"
vary: Accept-Encoding
X-Firefox-Spdy: h2
goads.pro/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgoads.pro%2Fjump%3Fclickid%3D17e67y9wha29z8n919%26tds_ac_id%3Ds0729bel%26dci%3Dab59ace213cbd239f8f17c14e6e55e867f76636f%26_tgUrl%3DaHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%252FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%253D%26affid%3D4b82d238%26id%3D24401%26tds_campaign%3Db7867den%26tds_oid%3D24401%26subid%3D128e995f98d56967d946471af29d7bf99f1%26subid2%3D%257Bsubid2%257D%26tds_cid%3D1894ccf328415fdaf4faa8ca59ebce94adeae0d9%26tds_ao%3D1%26tds_p_campaign%3Db3957mar%26utm_source%3Dint%26tds_id%3Db7867den_jump_a_1635405738306%26tds_host%3Dgoads.pro%26s1%3Dps&uaDataValues={}
3.65.87.157200 OK 199 B URL HTTP/2 goads.pro/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgoads.pro%2Fjump%3Fclickid%3D17e67y9wha29z8n919%26tds_ac_id%3Ds0729bel%26dci%3Dab59ace213cbd239f8f17c14e6e55e867f76636f%26_tgUrl%3DaHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%252FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%253D%26affid%3D4b82d238%26id%3D24401%26tds_campaign%3Db7867den%26tds_oid%3D24401%26subid%3D128e995f98d56967d946471af29d7bf99f1%26subid2%3D%257Bsubid2%257D%26tds_cid%3D1894ccf328415fdaf4faa8ca59ebce94adeae0d9%26tds_ao%3D1%26tds_p_campaign%3Db3957mar%26utm_source%3Dint%26tds_id%3Db7867den_jump_a_1635405738306%26tds_host%3Dgoads.pro%26s1%3Dps&uaDataValues={}
IP 3.65.87.157:0
Hash 009352dfef3982ce64e0155d3a98a4b7
b234c9e9e61ec9ce6e5d98147caa8adf552428e3
274fcd0183b956664a6e9d562c1a5f3906df998c40e66567788501e94cda4485
GET /ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgoads.pro%2Fjump%3Fclickid%3D17e67y9wha29z8n919%26tds_ac_id%3Ds0729bel%26dci%3Dab59ace213cbd239f8f17c14e6e55e867f76636f%26_tgUrl%3DaHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%252FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%253D%26affid%3D4b82d238%26id%3D24401%26tds_campaign%3Db7867den%26tds_oid%3D24401%26subid%3D128e995f98d56967d946471af29d7bf99f1%26subid2%3D%257Bsubid2%257D%26tds_cid%3D1894ccf328415fdaf4faa8ca59ebce94adeae0d9%26tds_ao%3D1%26tds_p_campaign%3Db3957mar%26utm_source%3Dint%26tds_id%3Db7867den_jump_a_1635405738306%26tds_host%3Dgoads.pro%26s1%3Dps&uaDataValues={} HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps
Cookie: dci=ab59ace213cbd239f8f17c14e6e55e867f76636f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:33 GMT
content-type: text/javascript; charset=utf-8
content-length: 199
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"c7-sjTJ6eYeyc5uXZgUfKqK31UkKOM"
vary: Accept-Encoding
X-Firefox-Spdy: h2
goads.pro/ao.js
3.65.87.157200 OK 2.7 kB IP 3.65.87.157:0
Hash 8d0833cb144ae59df0422e1d72c49b69
fd717568b48b9ec51e28b00c43e081f115f4602b
c8fde83cbd6c5a4de1d83dc6bfa79172bb9faa87b6f736c7879f4d6089aa9f13
Analyzer Verdict Alert fortinet Phishing
GET /ao.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps
Cookie: dci=ab59ace213cbd239f8f17c14e6e55e867f76636f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:33 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 23 Feb 2023 11:16:36 GMT
etag: W/"1509-1867dfd4620"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
goads.pro/bridge/crypto-4.1.1.js
3.65.87.157200 OK 18 kB URL HTTP/2 goads.pro/bridge/crypto-4.1.1.js
IP 3.65.87.157:0
Hash a6695c4e41890c43a9dd81b2fe31323e
8639d0f3a0b3bb5830b703fbcda33ff72e29c18f
f19a891ba6d4802308e7802ed30e00d0ee17704e974f6f8fa2af435e92d58988
Analyzer Verdict Alert fortinet Phishing
GET /bridge/crypto-4.1.1.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps
Cookie: dci=ab59ace213cbd239f8f17c14e6e55e867f76636f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:33 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 23 Feb 2023 11:16:36 GMT
etag: W/"bde2-1867dfd4620"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d5cf3f527452c87e71b812f75d18aff
e5c41bc319d5831248d3b855ceedf0f9fcede64b
f6a19fa64c95712fdbcf654cc999a244f79fb0dc38b66745a08afad747f9e69c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6A19FA64C95712FDBCF654CC999A244F79FB0DC38B66745A08AFAD747F9E69C"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10840
Expires: Sat, 25 Feb 2023 14:01:13 GMT
Date: Sat, 25 Feb 2023 11:00:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d5cf3f527452c87e71b812f75d18aff
e5c41bc319d5831248d3b855ceedf0f9fcede64b
f6a19fa64c95712fdbcf654cc999a244f79fb0dc38b66745a08afad747f9e69c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6A19FA64C95712FDBCF654CC999A244F79FB0DC38B66745A08AFAD747F9E69C"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10840
Expires: Sat, 25 Feb 2023 14:01:13 GMT
Date: Sat, 25 Feb 2023 11:00:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d5cf3f527452c87e71b812f75d18aff
e5c41bc319d5831248d3b855ceedf0f9fcede64b
f6a19fa64c95712fdbcf654cc999a244f79fb0dc38b66745a08afad747f9e69c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6A19FA64C95712FDBCF654CC999A244F79FB0DC38B66745A08AFAD747F9E69C"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10840
Expires: Sat, 25 Feb 2023 14:01:13 GMT
Date: Sat, 25 Feb 2023 11:00:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a5f3d376fe6a3a78a5d1fe136f962fb
3e9b03cc296e954d63526a4e7e75beea3130fc3b
c8cf4f1c0352102764247e4dc5a2076921e0eaa18bfd110e5b0b97a55c706690
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9093
x-amzn-requestid: 3fd9f8c8-cf10-4222-a2cc-5f18ff7b2e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9D3HqmoAMFeBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbb2-352315613cc0c2bc7eb28e05;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:33:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S8s54RJtScNtsl6uEFtBEHnTj4lb3l5xIWR96Kvr_SdwQQQMgSKNxA==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:34:57 GMT
age: 48336
etag: "3e9b03cc296e954d63526a4e7e75beea3130fc3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d5cf3f527452c87e71b812f75d18aff
e5c41bc319d5831248d3b855ceedf0f9fcede64b
f6a19fa64c95712fdbcf654cc999a244f79fb0dc38b66745a08afad747f9e69c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6A19FA64C95712FDBCF654CC999A244F79FB0DC38B66745A08AFAD747F9E69C"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10840
Expires: Sat, 25 Feb 2023 14:01:13 GMT
Date: Sat, 25 Feb 2023 11:00:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d5cf3f527452c87e71b812f75d18aff
e5c41bc319d5831248d3b855ceedf0f9fcede64b
f6a19fa64c95712fdbcf654cc999a244f79fb0dc38b66745a08afad747f9e69c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6A19FA64C95712FDBCF654CC999A244F79FB0DC38B66745A08AFAD747F9E69C"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10840
Expires: Sat, 25 Feb 2023 14:01:13 GMT
Date: Sat, 25 Feb 2023 11:00:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d76b60b-41c8-4742-8c9b-13dac693ea8f.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d76b60b-41c8-4742-8c9b-13dac693ea8f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e7b2af9ca71ffa2c88f3eb0c36da91d6
8fc54ea45a10a6fcf2fe2466a95a8bd0d0b7fed3
25958405c6076fa22157498ad90fb72477369aaf12c163cfda77d81b34a9eb7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d76b60b-41c8-4742-8c9b-13dac693ea8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5978
x-amzn-requestid: 05ccc8fa-91b0-4af3-8951-cb2e20d72fbc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ax_FOGVKoAMFaKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f71221-52b7d324068bfb766f573ed9;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 07:13:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cn1WvKzIJYUn0I9eQ_3BPMSrmBYfy225rB_e6aOMXkHHvrTtUfzRyg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 08:20:09 GMT
age: 9624
etag: "8fc54ea45a10a6fcf2fe2466a95a8bd0d0b7fed3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn3reference.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
54.230.111.104200 OK 3.6 kB URL HTTP/2 cdn3reference.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
IP 54.230.111.104:0
Hash 36aabe2341f116d50132749a1e39f538
6f1781c5b0ec39f97cc75b762c502e62079f86a5
22006446da22474a5ba03028daaef7e722f3bbf8d39322738006a4e9c935aa26
GET /landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Sat, 25 Feb 2023 11:00:33 GMT
last-modified: Thu, 25 Aug 2022 15:53:12 GMT
content-encoding: gzip
etag: W/"bde-5e712cb6e8a00"
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2xfUMLQY3HhhsnSTwZcay4MrYahdDmaim4U5YyEb5t7nj4ywj1xxwQ==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg
34.120.237.76200 OK 2.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 07de4b2f670ddb3d7188529f2a663e32
6eb14318c585598c0ee9e7e5d694eb190f2cfbbc
6f6c649e01b654856df8a17db50787b7888dc063a4d68a337ce8bfad275bcadd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2472
x-amzn-requestid: 9d01ae07-0fbe-416a-a72f-fc2a346cb69e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A1SX7FW0oAMFv7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f86432-343b48897370e2ba75832e37;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 07:16:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KmYGtLT5vCrL-aCB3-NB1eOAWIhm0Iu4DeWpk7Ai63K-fPfEjMK9Bw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 17:57:07 GMT
age: 61406
etag: "6eb14318c585598c0ee9e7e5d694eb190f2cfbbc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5c457f02a50b085b748b7e806f166f7
a7b75438ba91b71e023e2e6e355563ac2635bf25
7607c112a56f9893b0c491cad54d7d83be0fa414e69dd44c251e074e15877f6a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5269
x-amzn-requestid: e6460273-d038-41fa-9915-5f5762feecab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A3QiUFqhIAMF5sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f92e0e-6c3baead0e2b8845557bf7e9;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 21:37:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 07pNAHZlG7fP3dgG0eb-onMglfj9-wP2RAFShvr3b-MkOECPQZaSdA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:40:19 GMT
age: 48014
etag: "a7b75438ba91b71e023e2e6e355563ac2635bf25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c87908-10da-4c1e-98d5-7b8969dc1d8f.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c87908-10da-4c1e-98d5-7b8969dc1d8f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8a79c5116304a1077022d4e19d5f892
9c70a05af13a4b959aea1211aeceffaf022bb958
0ff1c048a91e61945398123124970d6b7309f48a688181274ab0365e87f13759
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c87908-10da-4c1e-98d5-7b8969dc1d8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9277
x-amzn-requestid: e261e234-b057-478e-89c2-beba806ca510
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A3QiTFWMoAMF18A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f92e0e-3a86e7a303be3ce619b876f8;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 21:37:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: QWHYevVRVpj96ZeAjz14lg7uxt8X78VpVCOIrvGjldD7ON2EGVVcSg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 29a825d8a219984d47bec4350779b558.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 23:10:45 GMT
age: 42588
etag: "9c70a05af13a4b959aea1211aeceffaf022bb958"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4432722afb07ba74051c88ed8a3d0c96
e5715d828785bd764f820cde1e387e4e83aaae99
bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 11:00:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goads.pro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 21 Feb 2023 13:09:06 GMT
expires: Wed, 21 Feb 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 337887
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4432722afb07ba74051c88ed8a3d0c96
e5715d828785bd764f820cde1e387e4e83aaae99
bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 11:00:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4432722afb07ba74051c88ed8a3d0c96
e5715d828785bd764f820cde1e387e4e83aaae99
bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 11:00:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5d6d2dc56034ceeb9879a97a225229c5
97cc164f3bb36a445348f872091edf29358b4621
2aef17106815e6ff6a7639355abb7b756df360e015ff15bc14c8ffe454cad0d2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 11:00:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn3reference.com/js/dc_img.js?v=8
54.230.111.104200 OK 16 kB URL HTTP/2 cdn3reference.com/js/dc_img.js?v=8
IP 54.230.111.104:0
Hash adb97c88eac221de1a3af116d2916188
56b8496aabb778524c5d739cfe2e604afc9e36bb
b6baefad2ff8633ff27a10ab5ac0e827c0e659d9dd97b1af771cc588351c6684
GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Sat, 25 Feb 2023 11:00:33 GMT
last-modified: Thu, 29 Oct 2020 09:22:15 GMT
etag: W/"1e8-5b2cbd0d9620d"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ehnf-e3xO0fTaTO3f7dcAL-o7IGONZ6uJGwVmZXtakSGW1yjSr6S4w==
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goads.pro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Feb 2023 07:51:59 GMT
expires: Thu, 22 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 270514
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4432722afb07ba74051c88ed8a3d0c96
e5715d828785bd764f820cde1e387e4e83aaae99
bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 11:00:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
142.250.74.168200 OK 51 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP 142.250.74.168:0
File type ASCII text, with very long lines (4073)
Hash b5034f1231cb674bb02c338ac20513fc
aa21a2b416b6a7743512142ba756a02a9db6119e
77a6461adc1525ce7c5e4b43bc1b2b69aaf047fc69d862d57e94a397f2e4571a
GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Feb 2023 11:00:33 GMT
expires: Sat, 25 Feb 2023 11:00:33 GMT
cache-control: private, max-age=900
last-modified: Sat, 25 Feb 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50644
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5d6d2dc56034ceeb9879a97a225229c5
97cc164f3bb36a445348f872091edf29358b4621
2aef17106815e6ff6a7639355abb7b756df360e015ff15bc14c8ffe454cad0d2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 11:00:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 6996f5074f13ecad84cf2b2fd342b2e2
fe25f7240201d9a4a18830ebb2d37de2fda5abf6
cf23268ae979e8e5bff1c9aa00a5288168f2479b93b023fe94c6bd3af5590a06
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 25 Feb 2023 11:00:33 GMT
Etag: "63f941b0-1d7"
Last-Modified: Sat, 25 Feb 2023 09:26:59 GMT
Server: ECS (dcb/7F60)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gsIKbbAc1DJ3v9AIMuAbWOu2BYkPl_6e_nQ-DG0DnELOP-DpJC7bow==
Age: 5614
cdn3reference.com/landings/24401/images/2.gif
54.230.111.104200 OK 1000 kB URL HTTP/2 cdn3reference.com/landings/24401/images/2.gif
IP 54.230.111.104:0
File type GIF image data, version 89a, 350 x 350\012- data
Size 1000 kB (999922 bytes)
Hash b6b27f38cd115cf71f4a78cd5ef2a95f
94d2bb66eec706db9cb5660c58208a92c3464b93
60a79cc5475537d4126be3448f0bd7faacafdc09482241a7fb195fffbe03b281
GET /landings/24401/images/2.gif HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 999922
server: nginx
last-modified: Tue, 03 Dec 2019 13:56:45 GMT
accept-ranges: bytes
date: Sat, 25 Feb 2023 11:00:33 GMT
cache-control: public, max-age=604800
etag: "f41f2-598cd1107e140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MEUftAGld_mBw0J0JD_QfXNYF6ctpEqE_CJt_mShV_Kq5rHwdEYZig==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda67715d-e89a-4d27-ba90-d03d7f1158be.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda67715d-e89a-4d27-ba90-d03d7f1158be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 07d3ab8b5ecb204be6d77cb4b6e8d729
eaa73ea6cf01cab89ee951cf7d4c6d6a5a6856a2
324bc394c64d7f72d1baf7f4cfd0bd063ff2587ecaedaeca2f1f6e6c910a5dfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda67715d-e89a-4d27-ba90-d03d7f1158be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6123
x-amzn-requestid: 86500cf9-69e9-4e10-9dd0-bef917845457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9FEEDWIAMFzFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbb9-499f8eaa59e6dd7d6e26abaf;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:33:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JdCqPcDvZaPUb410UeKu0H1JUCoGDX6MIa25b67pZaT_AcigwzTdPA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 22:26:40 GMT
age: 45240
etag: "eaa73ea6cf01cab89ee951cf7d4c6d6a5a6856a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
retarget2core.com/fp/fp_ec.js
18.158.166.31200 OK 0 B URL HTTP/2 retarget2core.com/fp/fp_ec.js
IP 18.158.166.31:0
GET /fp/fp_ec.js HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:33 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 23 Feb 2023 11:16:36 GMT
etag: W/"4bd-1867dfd4620"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn3reference.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js
54.230.111.104200 OK 0 B URL HTTP/2 cdn3reference.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js
IP 54.230.111.104:0
GET /landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Sat, 25 Feb 2023 11:00:33 GMT
last-modified: Thu, 25 Aug 2022 15:53:12 GMT
content-encoding: gzip
etag: W/"17b45-5e712cb6e8a00"
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6M1jQ1FG0PTD4HWSDcQqZ7U4cyeT2h0gq234ex7QD_fUq3VTKnjsOA==
X-Firefox-Spdy: h2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&j_type=open&jump=24401&jump_name=
18.158.166.31200 OK 0 B URL HTTP/2 retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&j_type=open&jump=24401&jump_name=
IP 18.158.166.31:0
GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&j_type=open&jump=24401&jump_name= HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:33 GMT
content-type: image/gif
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=1da45dcb6e5291be991dd0cea6d8dd04e316b586; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Sun, 25 Feb 2024 11:00:33 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
tr1.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63f9ea4f7dc81c00010ff617&affpid=734&action_id=NOdesktop&referrer=&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB%20WEB]%20Flirterchaud%20-%20PPL%20%20/FR%20-%20Adult%20Dating%20-%20SOI
104.21.79.176302 Found 0 B URL HTTP/2 tr1.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63f9ea4f7dc81c00010ff617&affpid=734&action_id=NOdesktop&referrer=&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB%20WEB]%20Flirterchaud%20-%20PPL%20%20/FR%20-%20Adult%20Dating%20-%20SOI
IP 104.21.79.176:0
GET /c.php?k=63r1l5p2seqav3mqsdvc&clickid=63f9ea4f7dc81c00010ff617&affpid=734&action_id=NOdesktop&referrer=&sub1=teleg&sub2=&sub3=&sub4=&sub5=&sub6=trafficback,274,[MOB%20WEB]%20Flirterchaud%20-%20PPL%20%20/FR%20-%20Adult%20Dating%20-%20SOI HTTP/1.1
Host: tr1.tr1net.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 25 Feb 2023 11:00:32 GMT
content-type: text/html; charset=UTF-8
location: https://goads.pro/tds/ae?tdsId=s0729bel_r&tds_campaign=s0729bel&s1=ps&utm_source=int&utm_sub=opnfnl&clickid=17e67y9wha29z8n919&subid=128e995f98d56967d946471af29d7bf99f1&subid2={subid2}&affid=4b82d238
set-cookie: uclick=y9wha29zwj; expires=Sun, 26-Feb-2023 11:00:32 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=y9wha29zwj-y9wha29zwj-1z-1zx9-bghq-1zocwj-1zocvr-1c0bb3; expires=Sun, 26-Feb-2023 11:00:32 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclick=y9wha29zwj; expires=Sun, 26-Feb-2023 11:00:32 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=y9wha29zwj-y9wha29z8n-q5g5-1z1m-bgtw-1ze28n-1ze2fe-dc7f8c; expires=Sun, 26-Feb-2023 11:00:32 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IpfImAoWZPS1GI28RwUigce0qLHPsvgjUeR5YjKWqLvNf0%2FJd%2FyHDr9t%2FfMePL0dw2ITEa6t5vCdMmRaZzY1fFMO4kFHNzrz7FtMhWeYpE5qVdm230iOIrBgtqH%2BuFt1tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79eff013dd94b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
goads.pro/jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps
3.65.87.157200 OK 0 B URL HTTP/2 goads.pro/jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps
IP 3.65.87.157:0
GET /jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: dci=ab59ace213cbd239f8f17c14e6e55e867f76636f; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:32 GMT
content-type: text/html; charset=UTF-8
server: nginx
content-encoding: br
X-Firefox-Spdy: h2
goads.pro/bridge/frodi_data.js
3.65.87.157200 OK 0 B URL HTTP/2 goads.pro/bridge/frodi_data.js
IP 3.65.87.157:0
Analyzer Verdict Alert fortinet Phishing
GET /bridge/frodi_data.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps
Cookie: dci=ab59ace213cbd239f8f17c14e6e55e867f76636f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:33 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 23 Feb 2023 11:16:36 GMT
etag: W/"19f8-1867dfd4620"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
goads.pro/integration.js
3.65.87.157200 OK 0 B IP 3.65.87.157:0
Analyzer Verdict Alert fortinet Phishing
GET /integration.js HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goads.pro/jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps
Cookie: dci=ab59ace213cbd239f8f17c14e6e55e867f76636f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:33 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"70c-g/VrQL6RfqlPOn1A0dFDRkNyx7g"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
goads.pro/tds/interlayer?handler=FrodiData
3.65.87.157200 OK 0 B URL HTTP/2 goads.pro/tds/interlayer?handler=FrodiData
IP 3.65.87.157:0
Analyzer Verdict Alert fortinet Phishing
POST /tds/interlayer?handler=FrodiData HTTP/1.1
Host: goads.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 1413
Origin: https://goads.pro
Connection: keep-alive
Referer: https://goads.pro/jump?clickid=17e67y9wha29z8n919&tds_ac_id=s0729bel&dci=ab59ace213cbd239f8f17c14e6e55e867f76636f&_tgUrl=aHR0cHM6Ly9nb2Fkcy5wcm8vdGRzL2FlL3RnL3MvOTcwMzRlODQ4NTllM2YwZjg2MDliMmU2ZTIyNWI3ZDQ%2FX190PTE2NzczMjI4MzI2NjImX19sPTM2MDA%3D&affid=4b82d238&id=24401&tds_campaign=b7867den&tds_oid=24401&subid=128e995f98d56967d946471af29d7bf99f1&subid2=%7Bsubid2%7D&tds_cid=1894ccf328415fdaf4faa8ca59ebce94adeae0d9&tds_ao=1&tds_p_campaign=b3957mar&utm_source=int&tds_id=b7867den_jump_a_1635405738306&tds_host=goads.pro&s1=ps
Cookie: dci=ab59ace213cbd239f8f17c14e6e55e867f76636f; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 11:00:35 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
X-Firefox-Spdy: h2