Report - we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|

Report Overview

URL

we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
IP

188.114.96.1

ASN

#13335 CLOUDFLARENET
Submitted

2022-11-30T04:08:57Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

14

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog (12)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4116	8398	142.250.74.131
wemeettoday.com (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2285	90847	104.21.95.141
stats.g.doubleclick.net (1)	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	485	563	74.125.131.156
www.clarity.ms (2)	1404	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	762	2533	13.107.246.53
we-meet-today.com (15)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10126	567972	188.114.97.1
icalendar.datingtopgirls.com (1)	260095	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	377	2057	31.220.24.141
fonts.gstatic.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	983	38177	216.58.207.227
www.google.no (1)	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	480	694	142.250.74.163
ocsp.sca1b.amazontrust.com (1)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	1003	143.204.42.165
botd.fpapi.io (1)	297160	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	458	514	44.197.87.191
c.bing.com (1)	247	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	472	795	13.107.21.200
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3244	63753	34.120.237.76
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5844	34.160.144.191
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2374	34.102.187.140
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
www.googletagmanager.com (1)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384	76863	142.250.74.168
wmt.datingtopgirls.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	396	63048	31.220.24.141
www.googleoptimize.com (1)	1604	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	385	43729	142.250.74.78
region1.google-analytics.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	848	563	216.239.32.36
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	34.216.88.5
r3.o.lencr.org (7)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2366	6206	23.36.77.32
fonts.googleapis.com (2)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	820	1492	142.250.74.106
b.clarity.ms (1)	3462	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	449	285	20.75.32.255
my.rtmark.net (2)	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1083	1906	139.45.195.8
c.clarity.ms (2)	803	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	845	1185	20.234.93.27
ocsp.digicert.com (6)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2046	3977	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-30	medium	we-meet-today.com/fav/wmt/css/tt/02/app.css?82	Phishing
2022-11-30	medium	we-meet-today.com/js/main.js?82	Phishing
2022-11-30	medium	we-meet-today.com/js/script.js?82	Phishing
2022-11-30	medium	we-meet-today.com/fav/wmt/js/general.js?82	Phishing
2022-11-30	medium	we-meet-today.com/fav/wmt/js/jquery-3.3.1.min.js	Phishing
2022-11-30	medium	we-meet-today.com/js/notify.js?82	Phishing
2022-11-30	medium	icalendar.datingtopgirls.com/icalendar.js	Malware
2022-11-30	medium	we-meet-today.com/fav/wmt/img/tt/02/logo.svg	Phishing
2022-11-30	medium	we-meet-today.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669780800	Phishing
2022-11-30	medium	we-meet-today.com/fav/wmt/video/tt/02/1.mp4	Phishing
2022-11-30	medium	wemeettoday.com/ascripts/gcu-2.8.3.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-30	medium	wemeettoday.com	Sinkholed
2022-11-30	medium	wemeettoday.com	Sinkholed
2022-11-30	medium	wemeettoday.com	Sinkholed

HTTP Transactions (75)

URL IP Response Size

we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|

188.114.97.1

200 OK

7169

URL HTTP/1.1

we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2912)

Size

7169
Hash

ab6300fda30ce011021a0cdf4d315a10

8890cd4856d8da8a323ca7714975a10e451b84e7

2f23ccfffcd5a236e2e5da86f9bd77ca072783757cff26e5e8269954ccb9a3f5

HTTP Headers

                                        GET /tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86| HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hashid=31e497539f7bcbe59a777310464c98f5; expires=Thu, 30-Nov-2023 04:08:45 GMT; Max-Age=31536000; path=/
sub1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub1=2rjovn354s408; expires=Thu, 30-Nov-2023 04:08:45 GMT; Max-Age=31536000; path=/
sub2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub2=421841; expires=Thu, 30-Nov-2023 04:08:45 GMT; Max-Age=31536000; path=/
sub3=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub4=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub5=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub6=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub7=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub7=42; expires=Thu, 30-Nov-2023 04:08:45 GMT; Max-Age=31536000; path=/
sub8=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
source=184142; expires=Thu, 30-Nov-2023 04:08:45 GMT; Max-Age=31536000; path=/
affiliate_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
affiliate_id=15001; expires=Thu, 30-Nov-2023 04:08:45 GMT; Max-Age=31536000; path=/
cid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
mst=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
ot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
st=1669781325; expires=Thu, 01-Dec-2022 04:08:45 GMT; Max-Age=86400; path=/
push_v2=50; expires=Wed, 07-Dec-2022 04:08:45 GMT; Max-Age=604800; path=/
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcYWz%2BKidDxPUv7orQfXipW3uMDYNFYoSEUlPdcq6I%2BZBtFEUx2npzYzrTzaQ1%2FCCqUWcvJhodeRm3VX6BR2hF8PkBFCrKu%2FMPBG1rtCzNP5DqR9mPEhn%2BLtVsngLKBJJsP3zg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b9469aacb521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a5daf4dc99951793ae2315d4795e8146

4427507ca4d3a5632cc8f598afbc85e2195d00bd

94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5543
Expires: Wed, 30 Nov 2022 05:41:09 GMT
Date: Wed, 30 Nov 2022 04:08:46 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

4ed065cb23b5fca1a179dd73b3c5b7b2

4422eb24688f5e056fc1b18b127c7f63b1dbf5e0

b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6538
Cache-Control: max-age=115883
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 12:20:09 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

9fce5679881bf302a8978a0b462f01a9

b699fe030ea13ac73813e655c42ed9b531925e2b

a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10385
Expires: Wed, 30 Nov 2022 07:01:51 GMT
Date: Wed, 30 Nov 2022 04:08:46 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

30db107dcf4380cef05efea409c2e6a3

96e6a306fbc07299aba64e5c14e2bfca35872fa9

b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 03:17:58 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3048
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

9ebddc2b260d081ebbefee47c037cb28

492bad62a7ca6a74738921ef5ae6f0be5edebf39

74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: n3jl4ENSAdr2Xj6B1mGJqUbJK4/RPlsE2qZWDkxVbttwWdSAvD5ADqqcybigkjAUve14HILoHIM=
x-amz-request-id: 76Y6RF67D1KBSB8T
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 03:45:43 GMT
age: 1383
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:08:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

we-meet-today.com/fav/wmt/css/tt/02/app.css?82

188.114.97.1

200 OK

4985

URL HTTP/1.1

we-meet-today.com/fav/wmt/css/tt/02/app.css?82
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text

Size

4985
Hash

bc68ff480e3b144050e5f2b9ecb9f520

26ccb78db6a48fbcc702a12b51c6edd8fe3327cf

cc91dc70171a9dd42c3f38dbeb1e5a512a23ac6be67270234c8b1ce2ad957920

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /fav/wmt/css/tt/02/app.css?82 HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 11:08:05 GMT
ETag: W/"62da8515-52c2"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F3V8D%2F%2B0MQ2OFsq8u4061hn04NwPgtcx6viBbuAnElJuD5tChxkF71vnrbMhiVX3m5CS2ELq%2BmP3Kq5nAl7zi31Sfrw9Sw7KDTdJNg4BxBD3%2FNlbTwUH8KsyuREgO49Bguey%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b948bb61b521-OSL
alt-svc: h2=":443"; ma=60

we-meet-today.com/fav/wmt/js/sektor.js?82

188.114.97.1

200 OK

1616

URL HTTP/1.1

we-meet-today.com/fav/wmt/js/sektor.js?82
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text

Size

1616
Hash

f74913a553af03fcb5d16688f40f09ff

163796aaccdd159d276ab20e53729a8f73462ec6

8f709ff8c497a8b1805f81b9fa0cc4f8c92d8cb451ee886d62bb51fe1af0daff

HTTP Headers

                                        GET /fav/wmt/js/sektor.js?82 HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 11:08:05 GMT
ETag: W/"62da8515-116b"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ziwLnq441w8VGSdFPbV81xBt0PKFuRSdoQh34UiVwia%2FXbpxoHyXa%2B%2B%2Fh8%2FcCeKlelLVddUHzTtiLu3bu93cGPv8MOZ63c1goc0kyfEzp%2B3Of2GKnmzZAwsqPFi8fQieVWw%2FJw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b948eb77b521-OSL
alt-svc: h2=":443"; ma=60

we-meet-today.com/fav/wmt/css/additional.css?82

188.114.97.1

200 OK

2343

URL HTTP/1.1

we-meet-today.com/fav/wmt/css/additional.css?82
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text

Size

2343
Hash

b1acf4ef68827b14106ab74591ab4b8f

9714a07c36a44a5639f042841a89ca031aa02da4

c45cad606d40451a732068b4b9ffda664bb011ba1b4483852ca86b11f3627ce3

HTTP Headers

                                        GET /fav/wmt/css/additional.css?82 HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 11:08:05 GMT
ETag: W/"62da8515-1bc8"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UxMOqskcGjXb%2Bmzbdqnj%2FndJdXBHZpRtI2M9toI6%2FhTfTlM%2FvjvVQk0zUEsxuxDkLBDSig2HXXblusNFHnGpV9GAMGFsFnVN7vpsMHz7Y%2BdQaXNPLFjI%2FS06rwZHLjXGi3AXgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b948bc88fab4-OSL
alt-svc: h2=":443"; ma=60

we-meet-today.com/js/main.js?82

188.114.97.1

200 OK

5310

URL HTTP/1.1

we-meet-today.com/js/main.js?82
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text

Size

5310
Hash

25a789a4e3b8690534449ad6c71d895a

3b6785430ece316753c62f6f2facaadd7408e337

6800a5801037fc30a1854e07b2cc109e5410347609bf456421b9b7a5a4ec8668

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/main.js?82 HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 06 Sep 2022 15:43:16 GMT
ETag: W/"63176a94-5ce5"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQeO2J4arX7H7bV5ss4fqJIy%2BKIBTxPZVjr3jvAosnEyBuUMkE3vQpPsDF5bOgB4erkK6Tf%2FDDxlvO84JbueyqO8HyRm51RjHRYw3vejy86dB5LATXIa84I2uf7zWlBDOs2ocg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b948ce420b41-OSL
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

1e258d2d97dc1a2c884f27040ee7ce5e

fd1009422b0736848e10d0d72ed079c711fc7944

106002bf0a4504a5148fd13443cf5b29a83887da7ee321595f48c661d309416b

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6534
Cache-Control: max-age=106507
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Etag: "6385bad3-117"
Expires: Thu, 01 Dec 2022 09:43:53 GMT
Last-Modified: Tue, 29 Nov 2022 07:54:59 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

we-meet-today.com/js/script.js?82

188.114.97.1

200 OK

4035

URL HTTP/1.1

we-meet-today.com/js/script.js?82
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text

Size

4035
Hash

cc35d90137ec3c878aeb6ceb28bd60cf

b0c32064ec5a948c9c2c33438768879ca2e43dea

e7d859d599a91c901aaa7ee6d032337acbc2b760d943b8e4d715e7e29e0e9324

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/script.js?82 HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 12:01:20 GMT
ETag: W/"633acf10-30d4"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZREXDj3wepld0XepOeIryQpul6ySzuBKCIsr8zpClp4sCf6UemaUymwBcPH8MpfTWtUnwgpnsIlVu4vnXslhdYBXhJtt0qFlqWvAKqj%2BVqZyGv2KhSJDb6kn3aKbyiA8GHMGog%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b948dbaeb512-OSL
alt-svc: h2=":443"; ma=60

we-meet-today.com/fav/wmt/js/general.js?82

188.114.97.1

200 OK

1160

URL HTTP/1.1

we-meet-today.com/fav/wmt/js/general.js?82
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text

Size

1160
Hash

bd9dbb2970393ee22d11cb17b3e16564

c5657446a6ae9b3c95fda043a1656cf4782cebdb

0941ec6bebf09e01a9428a5a4606d9e2a055504a462f0b2d8d22cfc4febf4468

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /fav/wmt/js/general.js?82 HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 10 Nov 2022 08:49:19 GMT
ETag: W/"636cbb0f-ad8"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6U0QZQI832wNYyPmwe%2FKJqgSIqOtNalKsOmZl%2FZEli4f7uo2p0iQUnosKfAfeYZQGLs6xALqyYbNR5KZuVw%2BBkm6i6PwZZe36zpPhB5Yhq9K3iJWvcz1ZCmPVGUdg7jtfgVwEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b948da13b4fa-OSL
alt-svc: h2=":443"; ma=60

we-meet-today.com/fav/wmt/js/jquery-3.3.1.min.js

188.114.97.1

200 OK

35293

URL HTTP/1.1

we-meet-today.com/fav/wmt/js/jquery-3.3.1.min.js
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

35293
Hash

6bf2d76cb230a7aa9826611fda6744d8

fdfb5f5a10b395c57feb07e07f15bc23ad5f617c

70c7f7e865d8a5e685595c8994211a46bffa65949f756f49f27cc3c22d1d192b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /fav/wmt/js/jquery-3.3.1.min.js HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 11:08:05 GMT
ETag: W/"62da8515-15339"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=la9U52WDiKUubAjvJXHSwncwiRvI0r6pvdtcEN31MJf0J19MKfWoDDoTlecJRhNlxAFRNilXn2eCn%2FqftAAclkZYyVGtlWTAwaiQjApcYm61519ssvJHk%2Fzfx01Gt2tYdsYGTw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b948ce8a0af6-OSL
alt-svc: h2=":443"; ma=60

we-meet-today.com/fav/wmt/js/tt/02/app.js?82

188.114.97.1

200 OK

3091

URL HTTP/1.1

we-meet-today.com/fav/wmt/js/tt/02/app.js?82
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text

Size

3091
Hash

566f58607b1c4b47dc79aa1a4c60d4d0

7de86ebaf669e67b22547e20a3791f48e9e9fc78

f858bce37397d5f4260a8dfe82b130efd29e1bc85371e75981168f8fd5d45f7d

HTTP Headers

                                        GET /fav/wmt/js/tt/02/app.js?82 HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 09:51:10 GMT
ETag: W/"63638f0e-2359"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ul7D%2BAOyT1hc2eQG4aqdHdsT2uHZe1XJQoSpOYr2IkeNEUzpSbnZmf%2BhdQEpiYcb3ar%2FBfY15ZehrxXWKZjjDbTRYh4qTLAvcCfOi3LB5gPkkvLtn5lkSdllaBT8L404GdVPMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b9491b86b521-OSL
alt-svc: h2=":443"; ma=60

we-meet-today.com/js/notify.js?82

188.114.97.1

200 OK

1096

URL HTTP/1.1

we-meet-today.com/js/notify.js?82
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text

Size

1096
Hash

3b2d92e9efee2e0f9c3ccb0a2ae6bfcb

75d1b601260e855515dde0311fae850c5e06ea4a

0f3e5cf310cd33af2898491caa7351f8825b08e143ba8f26c7d007063c4aed8f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/notify.js?82 HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 14:34:37 GMT
ETag: W/"631f437d-b54"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1%2BlsdA%2FywVf67DilC9nd0WXacMwQAFGeC2QXdqiVuxpxgmWh56dICNM20I7XXgyHP%2F4rNZaqjfmkHQPB2TUKjP9EsSwLHCs%2BO998V75HC40xZZm7XDTPaE6X26%2BL4ptUAHGWg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b9492c97fab4-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

146dac10a93604a686550631e14eefb9

b4af601ce6d515d9ec124938ce626060e0d43099

bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

07b8296613be09905e34b09dce4a203f

c97c67e8c4b1247423d089c028c31e05734f124e

c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

10fb48c2515863ec74d02b600e49c8c5

2e5cddc96936b8b90af3e7766fa85db1f3a540e4

453064cbd01922007eb97ad4afd469893e9d02b55c881df2ebbfdc433d295a24

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "453064CBD01922007EB97AD4AFD469893E9D02B55C881DF2EBBFDC433D295A24"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4731
Expires: Wed, 30 Nov 2022 05:27:37 GMT
Date: Wed, 30 Nov 2022 04:08:46 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

33f732b4dfbd5fb3ed7345eba2896fe6

2652f214cf7127302cc65b1d4e42f48a80907d5d

904ce722469d356f8ec20c14bd51ca3ce459012ea0869f7d14821a963310a494

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

10fb48c2515863ec74d02b600e49c8c5

2e5cddc96936b8b90af3e7766fa85db1f3a540e4

453064cbd01922007eb97ad4afd469893e9d02b55c881df2ebbfdc433d295a24

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "453064CBD01922007EB97AD4AFD469893E9D02B55C881DF2EBBFDC433D295A24"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4731
Expires: Wed, 30 Nov 2022 05:27:37 GMT
Date: Wed, 30 Nov 2022 04:08:46 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

1e258d2d97dc1a2c884f27040ee7ce5e

fd1009422b0736848e10d0d72ed079c711fc7944

106002bf0a4504a5148fd13443cf5b29a83887da7ee321595f48c661d309416b

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6534
Cache-Control: max-age=106507
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Etag: "6385bad3-117"
Expires: Thu, 01 Dec 2022 09:43:53 GMT
Last-Modified: Tue, 29 Nov 2022 07:54:59 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

icalendar.datingtopgirls.com/icalendar.js

31.220.24.141

200 OK

1796

URL HTTP/1.1

icalendar.datingtopgirls.com/icalendar.js
IP

31.220.24.141:0
ASN

#39572 DataWeb Global Group B.V.

Magic

ASCII text

Size

1796
Hash

d39f355915d9633385c213781d160c84

f22997c5f291268e4f7996b2664ad19c241fd31f

533ecbbbb80cdf2f49dc8333f2801b3ab1a508bacc1abedcde6872c622c0d92e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /icalendar.js HTTP/1.1
Host: icalendar.datingtopgirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: application/javascript
Last-Modified: Thu, 25 Aug 2022 08:43:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6307364a-173d"
Content-Encoding: gzip

we-meet-today.com/fav/wmt/img/tt/02/logo.svg

188.114.97.1

200 OK

3915

URL HTTP/1.1

we-meet-today.com/fav/wmt/img/tt/02/logo.svg
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (890)

Size

3915
Hash

85b82f3d2ef7036367b4f12920b3fb8f

3096d9f7093f4eef81a8a1287b454f08f93c8c76

e8202961f223c452b73b4a2d3946bbc492abff4a814cd0bf638a1d3151a9a5b8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /fav/wmt/img/tt/02/logo.svg HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 11:08:05 GMT
ETag: W/"62da8515-2006"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v8AKaxXsKvKjf8WSuXAZy3biYHTL0K4SG%2Fgpz%2BD57IaXtcJXScnwpjC%2FMZam0hADNsxx%2B4ZwpD3d44yoNUJd12jkM2%2BRu5JM%2BZJ4OAN9qcGbJCpOzQvCmG3RGPxkubyIDtkxaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b949eee40b41-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

we-meet-today.com/fav/wmt/img/tt/02/user-1.jpg

188.114.97.1

200 OK

3430

URL HTTP/1.1

we-meet-today.com/fav/wmt/img/tt/02/user-1.jpg
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 40x40, components 3\012- data

Size

3430
Hash

e25421fcd356f9ad3925d5acb670d448

73d3da0ca8a41a87ab5940b62b46205250973c47

925848eae3e2c433683cc6bc8368d737b108d8da3ea07da846106f66eba2fe73

HTTP Headers

                                        GET /fav/wmt/img/tt/02/user-1.jpg HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: image/jpeg
Content-Length: 3430
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 11:08:05 GMT
ETag: "62da8515-d66"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3nfm484vQpNIHPfIBrnkGDHOQe0zAFiGGpRvmwghZ3%2BRMycixKSpIsD96iopN2pWomc2Mubewr6oEmgqKQz8c1CMmkTHJfMHPU8JSxtChcGdKz3oiwL%2Bqx7AfUNWMSvuX7Sa7g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b949eec70af6-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

07b8296613be09905e34b09dce4a203f

c97c67e8c4b1247423d089c028c31e05734f124e

c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-C27SH5W4XN

142.250.74.168

200 OK

76146

URL HTTP/2

www.googletagmanager.com/gtag/js?id=G-C27SH5W4XN
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (20080)

Size

76146
Hash

6c461f19877350a3fa459795693e321c

6bc0ce7bdb0e95e00a418530109e3e8174c14f10

9f510ed7568e64899db7cc298bdb192ac18701eb8962a5b34b3fb192c1293e97

HTTP Headers

                                        GET /gtag/js?id=G-C27SH5W4XN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Nov 2022 04:08:46 GMT
expires: Wed, 30 Nov 2022 04:08:46 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76146
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

f50fd635895870df33a17fe377a6a038

dd65dfbbc810b095432cfd59f971af04a9e31ab7

ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

wmt.datingtopgirls.com/util/1-small.jpg

31.220.24.141

200 OK

62808

URL HTTP/1.1

wmt.datingtopgirls.com/util/1-small.jpg
IP

31.220.24.141:0
ASN

#39572 DataWeb Global Group B.V.

Magic

JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2021:02:02 15:44:59], baseline, precision 8, 240x240, components 3\012- data

Size

62808
Hash

30737574deb1bfc2fbe5ccb5ced7b656

12f02e651c9d3ac340c23aede3b2d9409194d6f5

711fa4742db0c2a94c5e7d87c3f7a0c8208418d49f93aad353f8b6a0aba7fb29

HTTP Headers

                                        GET /util/1-small.jpg HTTP/1.1
Host: wmt.datingtopgirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://we-meet-today.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: image/jpeg
Content-Length: 62808
Last-Modified: Wed, 10 Feb 2021 13:16:58 GMT
Connection: keep-alive
ETag: "6023dcca-f558"
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

bfcb97bc007296310a0d45cf85de02e3

258f6dd3ca8054b8899ced27b32b4432a1022fe7

7662c8886d345fa3db1b731fdb67a7b9571043a32a6dd61abebd57fefd81b8a8

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=134886
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Etag: "63864334-117"
Expires: Thu, 01 Dec 2022 17:36:52 GMT
Last-Modified: Tue, 29 Nov 2022 17:36:52 GMT
Server: nginx
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

49eee25f3ccd585a29e34e80cf5bb160

73eca8be91deedd049304862759a3d8084c0b07e

531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2

216.58.207.227

200 OK

12700

URL HTTP/2

fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
IP

216.58.207.227:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 12700, version 1.0\012- data

Size

12700
Hash

e571167fbcce8d5081bce96a09930063

e12420f5e4da3ccdc75a58ce744e7d5a0c6cf79e

98be19bc78b5bc5d419e4fa6ea055ebd4671a963e2cc644aeed4362f15d14c31

HTTP Headers

                                        GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://we-meet-today.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 02:08:31 GMT
expires: Mon, 27 Nov 2023 02:08:31 GMT
cache-control: public, max-age=31536000
age: 266415
last-modified: Mon, 11 Jul 2022 18:56:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

49eee25f3ccd585a29e34e80cf5bb160

73eca8be91deedd049304862759a3d8084c0b07e

531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

we-meet-today.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669780800

188.114.97.1

200 OK

15507

URL HTTP/1.1

we-meet-today.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669780800
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (32390), with no line terminators

Size

15507
Hash

3d112d63c6143b5ad3d17e851a39ea76

f93e592b7b9562f9f06b026c7ba2176109fa5e22

b62f22b87e51a1f2b9cb6b2f00fa7f952c83ff13a18215ff3f3f01be1298ed0a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669780800 HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=14400, public
content-encoding: gzip
vary: accept-encoding
x-control-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6Jp4IGK2QmbQ9tH61SeSri8L1Jbmqq8piVBkA0i17hKJWpPVL2lywNsi%2BHuQ8yAbPkzZEPUiTWNR%2F3hNA4x6emeMSxZxsroU%2FIm7sPKEOM3CLKqKypuDBygdnXdeqmNkCfmvA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b94b0f420b41-OSL
alt-svc: h2=":443"; ma=60

fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

23580

URL HTTP/2

fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP

216.58.207.227:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data

Size

23580
Hash

e1b3b5908c9cf23dfb2b9c52b9a023ab

fcd4136085f2a03481d9958cc6793a5ed98e714c

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

                                        GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://we-meet-today.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 17:11:08 GMT
expires: Wed, 29 Nov 2023 17:11:08 GMT
cache-control: public, max-age=31536000
age: 39458
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

608e4d04a251ebcd51660e801f388303

fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d

cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:08:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

we-meet-today.com/fav/wmt/video/tt/02/1.mp4

188.114.97.1

206 Partial Content

465914

URL HTTP/1.1

we-meet-today.com/fav/wmt/video/tt/02/1.mp4
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data

Size

465914
Hash

c3acc6bf0da85a13c9f74aa1c127ae9b

72584b1fe86a0f7b3e00ca397eafcb445b149d78

f3b9ab5a33561c74d6f4a0dda9fc194fd97ef5d8b82805a397a432fe88d54005

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /fav/wmt/video/tt/02/1.mp4 HTTP/1.1
Host: we-meet-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://we-meet-today.com/tt/02?affiliate_id=15001&sub1=2rjovn354s408&sub2=421841&sub8=&sub7=42&source=184142&c1=arb|86|
Cookie: hashid=31e497539f7bcbe59a777310464c98f5; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=1; st=1669781325; push_v2=50; sub1=2rjovn354s408; sub2=421841; sub7=42; source=184142; affiliate_id=15001

                                        HTTP/1.1 206 Partial Content
Date: Wed, 30 Nov 2022 04:08:46 GMT
Content-Type: video/mp4
Content-Length: 465914
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 11:08:05 GMT
ETag: "62da8515-71bfa"
Expires: Thu, 30 Nov 2023 04:08:46 GMT
Cache-Control: max-age=31536000
Content-Range: bytes 0-465913/465914
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RuYdW8%2Bm74fLgcAYf9KquiL1hN8N591HJDMx%2BPT8offWps%2BYXVe780n7BO8GQZOcP8tHK8vdePbQ0rj4fx02HYjlB%2BKO5a9sVP%2BQ%2FPqTpz2RopiwXHH7eFSNwhYHs5Yf60UNYw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7720b94b1f5c0b41-OSL
alt-svc: h2=":443"; ma=60

wemeettoday.com/ascripts/gcu-2.8.3.js

104.21.95.141

200 OK

87136

URL HTTP/2

wemeettoday.com/ascripts/gcu-2.8.3.js
IP

104.21.95.141:0
ASN

#13335 CLOUDFLARENET

Magic

Unicode text, UTF-8 text, with very long lines (59579)

Size

87136
Hash

ccdde5dd5a6c83381c08de658de73971

a6b7db19471e64949e1f53e368d4ce1e10e7f7be

7b032c2f6f8fbccbffd2a7443ad7026549b88322d48aca7d2b3b7fce307ad286

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

                                        GET /ascripts/gcu-2.8.3.js HTTP/1.1
Host: wemeettoday.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Wed, 30 Nov 2022 04:08:46 GMT
content-type: application/javascript
last-modified: Wed, 02 Feb 2022 07:04:10 GMT
etag: W/"61fa2cea-1737c"
expires: Wed, 30 Nov 2022 07:11:26 GMT
cache-control: max-age=86400, public
x-77-nzt: AblMCgF0Jjf/sCYBAA
x-77-nzt-ray: 382b0f19f26c8e344ed78663115a9225
x-cache: HIT
x-age: 75440
x-77-pop: amsterdamNL
x-77-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pqxGap%2FxkiwNEvoL3oZxEpV0rcBlkoGNEKTTw3f8%2BYSbxYJ%2FASTLC%2FXBoBwSJsA1Ja3g9R%2BZmFrwBzNmch6NUHC4pVW%2BAsKF8%2BhRkNgnIjVl4eEZX%2B9jOTFt25T1I1r6RfA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7720b94aed8db4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (30)

#1 JS:Script (size: 9049)

#2 JS:Script (size: 381)

#3 JS:Script (size: 289928)

#4 JS:Script (size: 1509)

#5 JS:Script (size: 510)

#6 JS:Script (size: 258)

#7 JS:Script (size: 1527)

#8 JS:Script (size: 0)

#9 JS:Script (size: 2900)

#10 JS:Script (size: 9138)

#11 JS:Script (size: 217660)

#12 JS:Script (size: 4459)

#13 JS:Script (size: 229305)

#14 JS:Script (size: 12500)

#15 JS:Script (size: 697)

#16 JS:Script (size: 33)

#17 JS:Script (size: 352)

#18 JS:Script (size: 684)

#19 JS:Script (size: 158092)

#20 JS:Script (size: 23781)

#21 JS:Script (size: 100)

#22 JS:Script (size: 1015)

#23 JS:Script (size: 244)

#24 JS:Script (size: 3654)

#25 JS:Script (size: 2776)

#26 JS:Script (size: 65)

#27 JS:Script (size: 181)

#28 JS:Script (size: 5949)

#29 JS:Script (size: 109930)

#30 JS:Script (size: 55116)

HTTP Transactions (75)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size