Report - kektds.com/GkbLD4Pv

Report Overview

URL

kektds.com/GkbLD4Pv
IP

185.162.87.36

ASN

#39572 DataWeb Global Group B.V.
Submitted

2022-11-27T03:45:40Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

3

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
kektds.com (1)	271713	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	1013	185.162.87.36
e1.o.lencr.org (2)	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676	1456	23.36.77.32
stats.g.doubleclick.net (1)	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	487	564	142.250.150.155
b.clarity.ms (1)	3462	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	450	286	20.75.32.255
img-getpocket.cdn.mozilla.net (5)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2705	45810	34.120.237.76
cdn.onesignal.com (1)	3015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375	10316	104.18.226.52
c.clarity.ms (2)	803	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	847	1185	20.234.93.27
r3.o.lencr.org (9)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3042	12769	23.36.77.32
www.google.no (1)	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	483	694	142.250.74.35
ocsp.sca1b.amazontrust.com (1)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	984	143.204.42.158
c.bing.com (1)	247	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	473	795	13.107.21.200
we-meet-today.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	539	2871	172.67.154.135
wmt.datingtopgirls.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	397	63048	31.220.24.141
fonts.gstatic.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	985	38177	216.58.207.195
my.rtmark.net (2)	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	965	1906	139.45.195.8
ocsp.digicert.com (6)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2046	11317	93.184.220.29
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2374	34.102.187.140
www.googleoptimize.com (1)	1604	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386	47427	142.250.74.78
www.clarity.ms (2)	1404	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	764	58132	13.107.238.53
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	35.160.184.41
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5842	34.160.144.191
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
www.googletagmanager.com (1)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	385	76665	142.250.74.168
icalendar.datingtopgirls.com (1)	260095	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378	2057	31.220.24.141
region1.google-analytics.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	729	564	216.239.34.36
ocsp.pki.goog (11)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3773	39144	142.250.74.35
fonts.googleapis.com (2)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	822	2292	142.250.74.10
botd.fpapi.io (2)	297160	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	930	1368	52.21.195.32
wemeettoday.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374	885	172.67.170.116

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-27	medium	icalendar.datingtopgirls.com/icalendar.js	Malware
2022-11-27	medium	wemeettoday.com/ascripts/gcu-2.8.3.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	wemeettoday.com	Sinkholed

HTTP Transactions (64)

URL IP Response Size

kektds.com/GkbLD4Pv

United Kingdom DataWeb Global Group B.V.

185.162.87.36

302 Found

URL HTTP/1.1

kektds.com/GkbLD4Pv
IP

185.162.87.36:0
ASN

#39572 DataWeb Global Group B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /GkbLD4Pv HTTP/1.1
Host: kektds.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Found
Server: nginx
Date: Sun, 27 Nov 2022 03:45:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Sun, 27 Nov 2022 03:45:29 GMT
Location: https://we-meet-today.com/tt/02?affiliate_id=13989&sub1=s8hnpa52ie77&sub2=&sub8=&sub7=61&source=225961&c1=arb%7C966%7C
Pragma: no-cache
Set-Cookie: _subid=s8hnpa52ie77;Expires=Wednesday, 28-Dec-2022 03:45:29 GMT;Max-Age=2678400;Path=/
_token=uuid_s8hnpa52ie77_s8hnpa52ie776382dd5953c081.83884260;Expires=Wednesday, 28-Dec-2022 03:45:29 GMT;Max-Age=2678400;Path=/
bdeee=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIyNTlcIjoxNjY5NTIwNzI5fSxcImNhbXBhaWduc1wiOntcIjk2NlwiOjE2Njk1MjA3Mjl9LFwidGltZVwiOjE2Njk1MjA3Mjl9In0.9Xd_zvvlAKdlWCvpT9YKo_LNT38EfFmj4gKPgU5BRZc;Expires=Thursday, 24-Oct-2075 07:30:58 GMT;Max-Age=1669607129;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

cdbad2434b7d127a4fc769807a9dc3e7

fa98cd9fc2309ab4423f33f683d17bdb17d76713

560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3461
Expires: Sun, 27 Nov 2022 04:43:10 GMT
Date: Sun, 27 Nov 2022 03:45:29 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

15b59d5e62caedb4bec3ba6724906c1e

960f801e608a56fdd11449f4face29f62cad2b21

8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1363
Cache-Control: max-age=112102
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:29 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 10:53:51 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

4d7e4eed097b9c4e5d509419f1cfc85a

290bb3d428a7c6330e2e3d73a952b16f820896c8

0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 03:17:34 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1675
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

71f9c681a82440fd55e76c780a20e55d

3147768cfbcdd06e0c6e69684292e68e99917a80

5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6254
Expires: Sun, 27 Nov 2022 05:29:43 GMT
Date: Sun, 27 Nov 2022 03:45:29 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

344

URL HTTP/1.1

e1.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

344
Hash

cc560a2f7ce28571e7bc85df1f8b6846

62ee0c012c4d57dcac658da737ff760c1a3b23f7

0b0e25f51c75aa07702084d84862778352f1b0b92b1f998ba35884e16f20c202

HTTP Headers

                                        POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0B0E25F51C75AA07702084D84862778352F1B0B92B1F998BA35884E16F20C202"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Sun, 27 Nov 2022 09:45:20 GMT
Date: Sun, 27 Nov 2022 03:45:29 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

9ebddc2b260d081ebbefee47c037cb28

492bad62a7ca6a74738921ef5ae6f0be5edebf39

74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: 8DYADUdJh0ZS7DIBXr/CfIUe1DVVt5cShJ4swzQS3IVs5y4DQXl1a7uDk3w1iHW/SsOVyPVl5Zo=
x-amz-request-id: BPEQYCAHY2D1RDZ1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 03:44:29 GMT
age: 60
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

344

URL HTTP/1.1

e1.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

344
Hash

cc560a2f7ce28571e7bc85df1f8b6846

62ee0c012c4d57dcac658da737ff760c1a3b23f7

0b0e25f51c75aa07702084d84862778352f1b0b92b1f998ba35884e16f20c202

HTTP Headers

                                        POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0B0E25F51C75AA07702084D84862778352F1B0B92B1F998BA35884E16F20C202"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Sun, 27 Nov 2022 09:45:20 GMT
Date: Sun, 27 Nov 2022 03:45:29 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:45:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

a1c7753e40d16dce31b09133f3ab2085

b6c1d7c45247818f9d0d7caf3c2b3ae57be6ec3b

ae1c6160a1b34700b2a71846d0ab5c0602928607b39ca62574829de41d9d3c0a

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3887
Cache-Control: max-age=105275
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:29 GMT
Etag: "6381c665-117"
Expires: Mon, 28 Nov 2022 09:00:04 GMT
Last-Modified: Sat, 26 Nov 2022 07:55:17 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

5af61422c4eaa1b995ec63e463abda26

db75634681ed688840773ce828c169ac9da7d131

506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

e388353a642bc503beff27c23339e2b5

7849301df8cbfa3f9c019b1d4033b66e0f44c4bd

5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

619fa0039b94697fc8a5bd24f57e8aa2

53a366391a51d625029cc6d32fb4e8b6060990fd

dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

5168

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

5168
Hash

830c5ae5529b60448a9813daf6ab7c2a

590a42776ec4288e7ee96a68a7ccbda2832c2954

2565f9d4e8295a21021e2ae7a6f49cdd7698a8eb01b90eeaad0b3962a1ed946d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA7E9AA849C5E2C49B609CC0B77D2A09C66870578F16E7EFF5F14F91F7B20203"
Last-Modified: Sat, 26 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15338
Expires: Sun, 27 Nov 2022 08:01:07 GMT
Date: Sun, 27 Nov 2022 03:45:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

67cab66298314bd85ba924a163d8a007

1ec98e2302941764d21e5afa059e0210108450fc

aa7e9aa849c5e2c49b609cc0b77d2a09c66870578f16e7eff5f14f91f7b20203

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA7E9AA849C5E2C49B609CC0B77D2A09C66870578F16E7EFF5F14F91F7B20203"
Last-Modified: Sat, 26 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15338
Expires: Sun, 27 Nov 2022 08:01:07 GMT
Date: Sun, 27 Nov 2022 03:45:29 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

4017

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

4017
Hash

b9b262953c30c21fb5ce0bb3b6bd0e03

9064339825e528c2863238468e30918384bf00a6

563cb3009dbb6519bc502e284b910849c4b918545fc37eecaeb99044ac8a5c96

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3887
Cache-Control: max-age=105275
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:29 GMT
Etag: "6381c665-117"
Expires: Mon, 28 Nov 2022 09:00:04 GMT
Last-Modified: Sat, 26 Nov 2022 07:55:17 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279

www.googletagmanager.com/gtag/js?id=G-C27SH5W4XN

142.250.74.168

200 OK

75948

URL HTTP/2

www.googletagmanager.com/gtag/js?id=G-C27SH5W4XN
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (19102)

Size

75948
Hash

24beec0d3ceef1e7c04356f1bd09bcfc

4862c9d2e6dcc8cb747636e84af021e78f333ec1

f739b7f044f0483edc90163c84a9b5a955dfd999e8d21e07b0548c4386e97f0e

HTTP Headers

                                        GET /gtag/js?id=G-C27SH5W4XN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 03:45:29 GMT
expires: Sun, 27 Nov 2022 03:45:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75948
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

icalendar.datingtopgirls.com/icalendar.js

31.220.24.141

200 OK

1796

URL HTTP/1.1

icalendar.datingtopgirls.com/icalendar.js
IP

31.220.24.141:0
ASN

#39572 DataWeb Global Group B.V.

Magic

ASCII text

Size

1796
Hash

d39f355915d9633385c213781d160c84

f22997c5f291268e4f7996b2664ad19c241fd31f

533ecbbbb80cdf2f49dc8333f2801b3ab1a508bacc1abedcde6872c622c0d92e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /icalendar.js HTTP/1.1
Host: icalendar.datingtopgirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Sun, 27 Nov 2022 03:45:29 GMT
Content-Type: application/javascript
Last-Modified: Mon, 23 May 2022 15:29:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"628ba83c-173d"
Content-Encoding: gzip

fonts.googleapis.com/css?family=Lato&display=swap?82

142.250.74.10

200 OK

800

URL HTTP/2

fonts.googleapis.com/css?family=Lato&display=swap?82
IP

142.250.74.10:0
ASN

#15169 GOOGLE

Magic

data

Size

800
Hash

e7f7fa6e41b7389362dc727168e21191

2615e6d649db9acf7929a37b24c1e6085f001812

4f46826fc205298c6bb21b6a695b5bd70d55b98dd98213f2f76a49ce90c44059

HTTP Headers

                                        GET /css?family=Lato&display=swap?82 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 03:45:29 GMT
date: Sun, 27 Nov 2022 03:45:29 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

0ee1d1a60ec1770ec3e880a25c257f5d

015b05feff63bdcf8fae4d1a8c0c83c923a2ca67

b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

wmt.datingtopgirls.com/util/1-small.jpg

31.220.24.141

200 OK

62808

URL HTTP/1.1

wmt.datingtopgirls.com/util/1-small.jpg
IP

31.220.24.141:0
ASN

#39572 DataWeb Global Group B.V.

Magic

JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2021:02:02 15:44:59], baseline, precision 8, 240x240, components 3\012- data

Size

62808
Hash

30737574deb1bfc2fbe5ccb5ced7b656

12f02e651c9d3ac340c23aede3b2d9409194d6f5

711fa4742db0c2a94c5e7d87c3f7a0c8208418d49f93aad353f8b6a0aba7fb29

HTTP Headers

                                        GET /util/1-small.jpg HTTP/1.1
Host: wmt.datingtopgirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Sun, 27 Nov 2022 03:45:29 GMT
Content-Type: image/jpeg
Content-Length: 62808
Last-Modified: Wed, 10 Feb 2021 13:16:58 GMT
Connection: keep-alive
ETag: "6023dcca-f558"
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

b05606331c6f88a724d9e404e62974e4

72176bc6b618fbbe567b5746ed54e14d381a9815

7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

b05606331c6f88a724d9e404e62974e4

72176bc6b618fbbe567b5746ed54e14d381a9815

7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

3881

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

3881
Hash

b2c1b3a4f46ee74bc212d1ab80e733b4

5d9c1981f4d4b9106c0d90d546c0a33be469b59a

f31343fac4c72d5bea8027fd7b3b15bffbefef0b442161a54c7df623edf6735c

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=136267
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:30 GMT
Etag: "63824ea5-117"
Expires: Mon, 28 Nov 2022 17:36:37 GMT
Last-Modified: Sat, 26 Nov 2022 17:36:37 GMT
Server: nginx
Content-Length: 279

fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2

216.58.207.195

200 OK

12700

URL HTTP/2

fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
IP

216.58.207.195:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 12700, version 1.0\012- data

Size

12700
Hash

e571167fbcce8d5081bce96a09930063

e12420f5e4da3ccdc75a58ce744e7d5a0c6cf79e

98be19bc78b5bc5d419e4fa6ea055ebd4671a963e2cc644aeed4362f15d14c31

HTTP Headers

                                        GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://we-meet-today.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 01:44:16 GMT
expires: Sun, 26 Nov 2023 01:44:16 GMT
cache-control: public, max-age=31536000
age: 93674
last-modified: Mon, 11 Jul 2022 18:56:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.195

200 OK

23580

URL HTTP/2

fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP

216.58.207.195:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data

Size

23580
Hash

e1b3b5908c9cf23dfb2b9c52b9a023ab

fcd4136085f2a03481d9958cc6793a5ed98e714c

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

                                        GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://we-meet-today.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 17:10:21 GMT
expires: Wed, 22 Nov 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 383709
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

b05606331c6f88a724d9e404e62974e4

72176bc6b618fbbe567b5746ed54e14d381a9815

7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

74b9c4653dc1c5484e9fd4ffbdd2e2b9

fb0618bfb29e8c4a10c064cc9d833a9c7374fb67

9ff7f1564b1269c87fbdeb2640ab6865707b82cbae89b7e4c8cc41e17a5d5ffd

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=136267
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:30 GMT
Etag: "63824ea5-117"
Expires: Mon, 28 Nov 2022 17:36:37 GMT
Last-Modified: Sat, 26 Nov 2022 17:36:37 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279

www.googleoptimize.com/optimize.js?id=OPT-NN2R6FM

142.250.74.78

200 OK

46710

URL HTTP/2

www.googleoptimize.com/optimize.js?id=OPT-NN2R6FM
IP

142.250.74.78:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (15264)

Size

46710
Hash

3e9abbf8965a787d41291ba51fb46e61

b2dc2fa95b983c1ac5fe04091a76848112f935ff

cdf14b6eba2a5825be30b1b23c216ef4dc3a770258e1ead1a919d579fdb1d574

HTTP Headers

                                        GET /optimize.js?id=OPT-NN2R6FM HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 03:45:30 GMT
expires: Sun, 27 Nov 2022 03:45:30 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46710
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e413346bdf4cea48847886fc7871e4d8

5d89ec3ae90ebf5069321bfc6fb0abeff77db028

85398a907af9d7c7041b28ec00595c5056ee3ecb51d9f09e4e75b6bfa0859d84

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85398A907AF9D7C7041B28EC00595C5056EE3ECB51D9F09E4E75B6BFA0859D84"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2697
Expires: Sun, 27 Nov 2022 04:30:27 GMT
Date: Sun, 27 Nov 2022 03:45:30 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 03:08:54 GMT
cache-control: public,max-age=3600
age: 2196
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

my.rtmark.net/p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc

139.45.195.8

200 OK

697

URL HTTP/2

my.rtmark.net/p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc
IP

139.45.195.8:0
ASN

#9002 RETN Limited

Magic

ASCII text

Size

697
Hash

1ba2794f0f7dd2b29159959320fd42bd

8e73fa295266b44f59b5bc53cafb7febe3c85e39

3ae0c3406428498610c125ba13450e55a412406359bd6b2cf21bdf5f5be4486c

HTTP Headers

                                        GET /p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:45:30 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

31917

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

amd 29k coff prebar executable\012- data

Size

31917
Hash

b0dd765206988a85175f24bf341e98c1

7ce4f60f129c76bcc67caede3ba76cd4bedf9f97

433276e827e8e702e742f1fe4eebe678071859999fefef8a4f5a9c0daca7575a

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q7W6GLM2DR&cid=296340258.1669520730&gtm=2oeb90&aip=1&z=1348201578

142.250.74.35

200 OK

URL HTTP/2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q7W6GLM2DR&cid=296340258.1669520730&gtm=2oeb90&aip=1&z=1348201578
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

                                        GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q7W6GLM2DR&cid=296340258.1669520730&gtm=2oeb90&aip=1&z=1348201578 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 03:45:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

f3424fd0abb5ab18be62cd209cb3d3dc

dbb2a21b12e92c8837c4346b6d052454bb6dffd6

e69548655278cf6a48fce549928656eb5a91d787e7b1afc12959e2bffb58990b

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

d3df71aab146eefc49acb608796aab63

8401892995193919376dfcd798b09c8261579454

a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5437
Cache-Control: max-age=111117
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:45:30 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:37:27 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471

URL HTTP/1.1

ocsp.sca1b.amazontrust.com/
IP

143.204.42.158:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

ec490fb1655bc4688d88b1ed8e68b70d

9f75ada2488ea84d2f9267cbf5dc790f090ba088

ab990f382d28bd37e53e4bee48f490232c9ed7c9f1dbf5dc3ab1ccc6d8a7e142

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=169436
Date: Sun, 27 Nov 2022 03:45:30 GMT
Etag: "6382d036-1d7"
Expires: Tue, 29 Nov 2022 02:49:26 GMT
Last-Modified: Sun, 27 Nov 2022 02:49:26 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Py9cC-1s4pd3bnqxCPkX1Ev-DfZBtlX-doYd7tFJHAR4BgupeDwKhw==

www.clarity.ms/eus2/s/0.6.43/clarity.js

United States MICROSOFT-CORP-MSN-AS-BLOCK

13.107.238.53

200 OK

55116

URL HTTP/2

www.clarity.ms/eus2/s/0.6.43/clarity.js
IP

13.107.238.53:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Unicode text, UTF-8 text, with very long lines (55029)

Size

55116
Hash

441723b72633b1ac9757ad7c63168005

806166ca9ebb5839dd90a5e5c9335e3e0b18c169

cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11

HTTP Headers

                                        GET /eus2/s/0.6.43/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
cache-control: public,max-age=86400
content-length: 55116
content-type: application/javascript;charset=utf-8
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8fceb15c2864c"
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0Wt2CYwAAAADKkQUR80tyQaWHHpZ53k9/Q1BIMzBFREdFMDQxMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sun, 27 Nov 2022 03:45:30 GMT
X-Firefox-Spdy: h2

c.clarity.ms/c.gif

20.234.93.27

302 Found

URL HTTP/2

c.clarity.ms/c.gif
IP

20.234.93.27:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=2516BE4935E649FD9D494810A90A4967&RedC=c.clarity.ms&MXFR=2D914A525D7F60170DE3583B597F6EDB
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=2D914A525D7F60170DE3583B597F6EDB; domain=.clarity.ms; expires=Fri, 22-Dec-2023 03:45:30 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Sun, 27 Nov 2022 03:45:30 GMT
content-length: 0
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.160.184.41

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

35.160.184.41:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EQCUuvmcaq1LSYBqkLNNew==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VOCsE6JhnH4paeXqSe1RHqnviGg=

region1.google-analytics.com/g/collect?v=2&tid=G-C27SH5W4XN&gtm=2oeb90&_p=756684412&cid=296340258.1669520730&ul=en-us&sr=1280x1024&_s=1&sid=1669520730&sct=1&seg=0&dl=https%3A%2F%2Fwe-meet-today.com%2Ftt%2F02&dt=WeMeetToday.com%20-%20search%20all%20best%20free%20online%20dating%20sites&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90

216.239.34.36

204 No Content

URL HTTP/2

region1.google-analytics.com/g/collect?v=2&tid=G-C27SH5W4XN&gtm=2oeb90&_p=756684412&cid=296340258.1669520730&ul=en-us&sr=1280x1024&_s=1&sid=1669520730&sct=1&seg=0&dl=https%3A%2F%2Fwe-meet-today.com%2Ftt%2F02&dt=WeMeetToday.com%20-%20search%20all%20best%20free%20online%20dating%20sites&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90
IP

216.239.34.36:0
ASN

#15169 GOOGLE

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (30)

#1 JS:Script (size: 33)

#2 JS:Script (size: 684)

#3 JS:Script (size: 55116)

#4 JS:Script (size: 244)

#5 JS:Script (size: 228468)

#6 JS:Script (size: 12500)

#7 JS:Script (size: 86841)

#8 JS:Script (size: 2900)

#9 JS:Script (size: 3650)

#10 JS:Script (size: 23781)

#11 JS:Script (size: 100)

#12 JS:Script (size: 181)

#13 JS:Script (size: 1527)

#14 JS:Script (size: 1014)

#15 JS:Script (size: 4459)

#16 JS:Script (size: 133536)

#17 JS:Script (size: 1509)

#18 JS:Script (size: 257)

#19 JS:Script (size: 352)

#20 JS:Script (size: 216562)

#21 JS:Script (size: 5949)

#22 JS:Script (size: 697)

#23 JS:Script (size: 158235)

#24 JS:Script (size: 381)

#25 JS:Script (size: 289928)

#26 JS:Script (size: 9049)

#27 JS:Script (size: 508)

#28 JS:Script (size: 2776)

#29 JS:Script (size: 9138)

#30 JS:Script (size: 65)

HTTP Transactions (64)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size