Report - wemeettoday.com/tt/02

Report Overview

URL

wemeettoday.com/tt/02
IP

104.21.95.141

ASN

#13335 CLOUDFLARENET
Submitted

2023-01-24T21:56:50Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

1

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
botd.fpapi.io (1)	297160	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	460	515	54.172.130.239
cdn.onesignal.com (1)	3015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375	496	104.18.225.52
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5856	34.160.144.191
my.rtmark.net (2)	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	960	2426	139.45.195.8
ocsp.sectigo.com (1)	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340	963	172.64.155.188
c.clarity.ms (2)	803	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	847	1185	20.234.93.27
c.bing.com (1)	247	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	473	795	204.79.197.200
wmtn2.datingtopgirls.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	810	111859	31.220.24.141
www.clarity.ms (2)	1404	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	763	1157	13.107.238.53
we-meet-today.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	521	2701	188.114.97.1
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	62125	34.120.237.76
ocsp.pki.goog (10)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3430	82950	142.250.74.131
icalendar.datingtopgirls.com (1)	260095	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378	2432	31.220.24.141
www.google.no (1)	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	483	694	142.250.74.163
b.clarity.ms (1)	3462	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	450	286	20.75.32.255
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	35.161.132.177
stats.g.doubleclick.net (1)	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	487	564	173.194.221.157
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
www.googletagmanager.com (2)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	137591	216.58.207.200
fonts.gstatic.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	985	38177	216.58.207.227
www.googleoptimize.com (1)	1604	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386	49017	142.250.74.78
ocsp.digicert.com (3)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1023	4324	93.184.220.29
e1.o.lencr.org (2)	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676	1458	23.36.77.32
fonts.googleapis.com (2)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	822	2291	142.250.74.106
region1.google-analytics.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	725	564	216.239.32.36
wemeettoday.com (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1176	3160	172.67.170.116
r3.o.lencr.org (13)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4394	19393	23.36.77.32
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2372	35.241.9.150
ocsp.sca1b.amazontrust.com (1)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	1004	54.230.245.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-24	medium	icalendar.datingtopgirls.com/icalendar.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (68)

URL IP Response Size

wemeettoday.com/tt/02

172.67.170.116

301 Moved Permanently

162

URL HTTP/1.1

wemeettoday.com/tt/02
IP

172.67.170.116:0
ASN

#13335 CLOUDFLARENET

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

162
Hash

4f8e702cc244ec5d4de32740c0ecbd97

3adb1f02d5b6054de0046e367c1d687b6cdf7aff

9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

                                        GET /tt/02 HTTP/1.1
Host: wemeettoday.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Date: Tue, 24 Jan 2023 21:56:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://wemeettoday.com/tt/02
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yn4tcyDVg3NngqJBrp0PaR6gwUgWgk%2BXV5L5sm99JRRq2pwVJk2R7HWPt4dBOAQ%2F05XyUUjiHPvqNDdn7LbQWovEiCNlOguN973Y8%2FtRHKvglhR7MOIjnxVntvfH3zwZYzY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78ec05327fa7b4e8-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f5e46725831d8d722872bf68d752f4c5

cf37793a1b73e3f84fe6c37fb27382c83b49dbc0

0582b6180687dd95c7fd728f1b9db4495b807151e309b608ad203d69708f9da6

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0582B6180687DD95C7FD728F1B9DB4495B807151E309B608AD203D69708F9DA6"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4923
Expires: Tue, 24 Jan 2023 23:18:42 GMT
Date: Tue, 24 Jan 2023 21:56:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

04512fea22644dc0d22c3f3a665f6645

0e213646abfc6d9560ba562362fd9e9115be8354

124d9534f75506b8e8c7535ee7295ac4e6cf5a8249a0edac6940839e56043181

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "124D9534F75506B8E8C7535EE7295AC4E6CF5A8249A0EDAC6940839E56043181"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4038
Expires: Tue, 24 Jan 2023 23:03:57 GMT
Date: Tue, 24 Jan 2023 21:56:39 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

dcd75ca6daca51c5e39d431468511793

07f76d3bf23d65c9110d810fa71a994e39e085d3

73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 24 Jan 2023 21:42:45 GMT
content-type: application/json
age: 834
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

31c8743c2b5202ce0228bac5aad7229b

4b5eee8e1ecbfc992505003be58e265ff3a0ee0a

8b3b47ea29fc02b8a08ee2a340a05ab23e391f0eb3b8d6beb17516706bb2e94d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B3B47EA29FC02B8A08EE2A340A05AB23E391F0EB3B8D6BEB17516706BB2E94D"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12483
Expires: Wed, 25 Jan 2023 01:24:42 GMT
Date: Tue, 24 Jan 2023 21:56:39 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

7b922915ebf1fa3639b333f994c74f24

144a3f80b98fd0652d4614f24cf6cbbee40f8938

adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: X9wPvhkxRwBpBNJhaaFsi64HRC0y1tSA+rrBcPJWNRT+X89HkMMzuEBrhAkbYlQzOzp1BmKpdjyoErjAipSCLg==
x-amz-request-id: QGZ2QAB4V1WMPWS9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 24 Jan 2023 21:19:25 GMT
age: 2234
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

93e86d8fbf845820dcc3cd58ca3c498e

b0bd7765a358a5a2cebf4b6dab19a10e265f721b

b7eeef55419eedc8003736a004e87c4fc51f00bb4655668c212ec1c68ebe10f4

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:56:39 GMT
Server: ECS (amb/6B80)
Content-Length: 279

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Tue, 24 Jan 2023 21:56:39 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

93e86d8fbf845820dcc3cd58ca3c498e

b0bd7765a358a5a2cebf4b6dab19a10e265f721b

b7eeef55419eedc8003736a004e87c4fc51f00bb4655668c212ec1c68ebe10f4

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:56:39 GMT
Last-Modified: Tue, 24 Jan 2023 21:56:39 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 24 Jan 2023 21:48:59 GMT
age: 461
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

c398b6b39d11d25b8ae9bc5cd94a1c98

640aa8c399ced71d0c2a9f5a90fbaf091b01d642

a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17165
Expires: Wed, 25 Jan 2023 02:42:45 GMT
Date: Tue, 24 Jan 2023 21:56:40 GMT
Connection: keep-alive

push.services.mozilla.com/

35.161.132.177

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

35.161.132.177:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eFicN5ZVtQr+X/Xx4Jc+NA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6ZfqW8ajF9h2ExDSMhczyS8oMTs=

wemeettoday.com/tt/02

172.67.170.116

302 Found

URL HTTP/2

wemeettoday.com/tt/02
IP

172.67.170.116:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /tt/02 HTTP/1.1
Host: wemeettoday.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/2 302 Found
date: Tue, 24 Jan 2023 21:56:39 GMT
content-type: text/html; charset=UTF-8
location: https://r.go2offer-1.com/click?offer_id=2476&pid=1698
set-cookie: hashid=4d6253544590565e0e4a70977a9ac69b; expires=Wed, 24-Jan-2024 21:56:39 GMT; Max-Age=31536000; path=/
country=Norway; expires=Wed, 24-Jan-2024 21:56:39 GMT; Max-Age=31536000; path=/
region=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
country_code=no; expires=Wed, 24-Jan-2024 21:56:39 GMT; Max-Age=31536000; path=/
city=Oslo; expires=Wed, 24-Jan-2024 21:56:39 GMT; Max-Age=31536000; path=/
latitude=59.9127; expires=Wed, 24-Jan-2024 21:56:39 GMT; Max-Age=31536000; path=/
longitude=10.7461; expires=Wed, 24-Jan-2024 21:56:39 GMT; Max-Age=31536000; path=/
tour=02; expires=Fri, 23-Jan-2026 21:56:39 GMT; Max-Age=94608000; path=/
hashid=bf3eaf8c0be3fa5fb658bff185d19c5a; expires=Wed, 24-Jan-2024 21:56:39 GMT; Max-Age=31536000; path=/
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mZiFkCRkvagXc5m07jha%2B1URa0InqpPUs8xgStK0vG3fBI%2B1ctQmGaMWl0n%2FTKoNEQI0tuFpVFJH8A40LEKQRHoqzAwayQEMeN3ksvUJ5IElpZ48O%2BxodndhvXg8oTwmFmg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ec0534aca6b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

345

URL HTTP/1.1

e1.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

345
Hash

bde802899f503222c6bd0fddaff51393

b97442a323fae540a808bf2ed67474401e0942c1

c573a3c616e4a7d643ca0ab3f4881d9285b083a4196bca49839a49dc3187bc4a

HTTP Headers

                                        POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C573A3C616E4A7D643CA0AB3F4881D9285B083A4196BCA49839A49DC3187BC4A"
Last-Modified: Mon, 23 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17089
Expires: Wed, 25 Jan 2023 02:41:30 GMT
Date: Tue, 24 Jan 2023 21:56:41 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

345

URL HTTP/1.1

e1.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

345
Hash

bde802899f503222c6bd0fddaff51393

b97442a323fae540a808bf2ed67474401e0942c1

c573a3c616e4a7d643ca0ab3f4881d9285b083a4196bca49839a49dc3187bc4a

HTTP Headers

                                        POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C573A3C616E4A7D643CA0AB3F4881D9285B083A4196BCA49839A49DC3187BC4A"
Last-Modified: Mon, 23 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17089
Expires: Wed, 25 Jan 2023 02:41:30 GMT
Date: Tue, 24 Jan 2023 21:56:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d5528af26e629a9bfbf0c421146b921f

1e4f99245d551384bedfe9b59b5f9905127d87bf

989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8761
Expires: Wed, 25 Jan 2023 00:22:42 GMT
Date: Tue, 24 Jan 2023 21:56:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d5528af26e629a9bfbf0c421146b921f

1e4f99245d551384bedfe9b59b5f9905127d87bf

989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8761
Expires: Wed, 25 Jan 2023 00:22:42 GMT
Date: Tue, 24 Jan 2023 21:56:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d5528af26e629a9bfbf0c421146b921f

1e4f99245d551384bedfe9b59b5f9905127d87bf

989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8761
Expires: Wed, 25 Jan 2023 00:22:42 GMT
Date: Tue, 24 Jan 2023 21:56:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d5528af26e629a9bfbf0c421146b921f

1e4f99245d551384bedfe9b59b5f9905127d87bf

989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8761
Expires: Wed, 25 Jan 2023 00:22:42 GMT
Date: Tue, 24 Jan 2023 21:56:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d5528af26e629a9bfbf0c421146b921f

1e4f99245d551384bedfe9b59b5f9905127d87bf

989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8761
Expires: Wed, 25 Jan 2023 00:22:42 GMT
Date: Tue, 24 Jan 2023 21:56:41 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febfe8cd9-8a38-4bff-80c1-8c58b3618c4d.jpeg

34.120.237.76

200 OK

10594

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febfe8cd9-8a38-4bff-80c1-8c58b3618c4d.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10594
Hash

3172dcbfc344029f09fec71cfa869af7

1a45d9e39cb8a2fcf5cb06bbfcf0194f1eaff2ad

e818325e9a7a516912bba892f0ff7377ee0a60d0a38afbbc7f41f8f5d7857a07

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febfe8cd9-8a38-4bff-80c1-8c58b3618c4d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10594
x-amzn-requestid: 25119c89-8b57-4f78-ba4d-6181a565fc55
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNyrOG_VIAMF15w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefe47-5f7fde965860cba74a51ddbf;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:38:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZM3fGgrP1P7ju8-1AFIahWbbTgZaAu3mCZyN9m_g_rw6rWHeldJhmQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 21:57:44 GMT
etag: "1a45d9e39cb8a2fcf5cb06bbfcf0194f1eaff2ad"
content-type: image/jpeg
age: 86337
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11918

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

11918
Hash

4cb7be12333fa7ea3353901b4b3215af

4b758cc432874384f330568177eef5a328d7e69a

d6f86c0ddbabd5c4fd7cee72ce4da62ccddd9d29139c9ab033bb1ab8425bae22

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 11918
x-amzn-requestid: ff47dd24-004f-4cc7-acfb-283b2e751f23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEqxwEyWoAMF3gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb580b-1e95f74b0846080f75a757f6;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 03:12:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ntW_cYMwX6UWInGOxxPlwnV1AJh46X-hiLvwggRz9oa1Yno6jyE51g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 03:28:47 GMT
age: 66474
etag: "4b758cc432874384f330568177eef5a328d7e69a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12907

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67794d4b-c63e-47af-b530-92b195f8e718.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

12907
Hash

16d9c0855b43a6c2351cb450187948e2

7208e2e4beb739ae9aded4a207d48cb3572fad5f

92b0423b09aa653ec7326d0aa05dbe137ba452ef21f118c7eb6499a8ccecc8fd

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67794d4b-c63e-47af-b530-92b195f8e718.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 12907
x-amzn-requestid: c9f9a619-f0e1-4bc4-af2a-796b16aa1250
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNzFqF-lIAMFXIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefef0-625e4bab03baa979605f13f8;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: riKsmnzvLP5xapNSozaa5W4P6--p4xU5bkS4Ir7jln-P_o_QhMBBxQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 22:04:30 GMT
age: 85931
etag: "7208e2e4beb739ae9aded4a207d48cb3572fad5f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7642

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b12041d-fdaa-483d-b290-d584ffb6ea13.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7642
Hash

deb690b8f5503bf4bcf424e58ddb6b8c

eb96120190e3a5c286ac5ec51ee8b163540377fd

c762b17d3e43d773966490d1186ebc352a78d47781c77a4f048e32fee9732b7d

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b12041d-fdaa-483d-b290-d584ffb6ea13.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7642
x-amzn-requestid: 3f4482cf-98a5-420e-abe7-17fd2d214da0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNyxIF3aIAMFWoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefe6d-0c1838dc7b4ab4650d54ee56;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:38:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OD1DSocM7Q1FhRQ4oMhGjU8GN-sv978YqNpLMiKjeWupfFbK-WDXxQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 22:04:05 GMT
age: 85956
etag: "eb96120190e3a5c286ac5ec51ee8b163540377fd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8308

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67efee66-d227-4c28-89a3-8fd7f382049b.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8308
Hash

91b2e12a39dc4f63b9d52e8800cce1f2

42d5b4b4a091778d98c351f0002d8656449d0243

d4dbc79e3383e83f861ccf8cde3e78ba427a66cd3fa99c17e23ec935867de4ad

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67efee66-d227-4c28-89a3-8fd7f382049b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: 1988d3b3-5e1a-41fd-83f5-092eddb9185f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNys5GDKoAMFdbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefe52-2349fde60b7db8a34c996717;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:38:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WZE7yDAT_YRseW7m410pGAwkWAwJ2HmuTlg2IbSvCbN20SJbmQ4Odg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 22:06:36 GMT
age: 85805
etag: "42d5b4b4a091778d98c351f0002d8656449d0243"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4381

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ad2eb2b-9cfe-4f71-89ea-99ac9e3f783f.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4381
Hash

462fc1946b8dbae49aa3cf22291fc707

400c6dc7973b36a5d3e43cc3b439da49ab6c76b5

88e13373963e8427baa4cdf19909eb297aafe035ec0376cbed6d4f4fa45dbd32

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ad2eb2b-9cfe-4f71-89ea-99ac9e3f783f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4381
x-amzn-requestid: 528fddee-8bac-466a-8f82-3d5bffab7ca4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNzFpFghoAMFSPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefef0-63f97c8409b808910ce8f50a;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0eb65TKWgBaHaPETcwgUpjEHT6yMMT4N0vcRh3C66WYct0PNL-AcpQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 21:56:47 GMT
etag: "400c6dc7973b36a5d3e43cc3b439da49ab6c76b5"
content-type: image/jpeg
age: 86394
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

1005c9e99dc8d4390861d6730c7a403b

0e3858ae26a1c01e0160e3b60e400bea202ebd05

4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

1005c9e99dc8d4390861d6730c7a403b

0e3858ae26a1c01e0160e3b60e400bea202ebd05

4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

2532

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

2532
Hash

13dad5fb71695a12a2dbaff35fc2a4a0

acf877c6573f7728a6b397118096fe7f5ad63c65

d3fb0a854833b6067991f591d872ca1f505dea876c2a3bb4770f424393bf890a

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

4241

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

4241
Hash

f83afab9bb7bfef268cb8c3d2fb6df4e

52769b71964c23a387065b55aa1a696ea0ae861d

4a13840ad53ab378ae86332c5a5b258c40c794cb6021a607d9a1c975bc9c560d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12BF48E38773F66E5619C5BCA3A741CED03DA08946D2C712BE7A493D6C848107"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1305
Expires: Tue, 24 Jan 2023 22:18:27 GMT
Date: Tue, 24 Jan 2023 21:56:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

19fe4f43216c31c9016702ba29c0b854

f9cdc1ef1ae9ee9163def27f2abc6339ff97dfe5

12bf48e38773f66e5619c5bca3a741ced03da08946d2c712be7a493d6c848107

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12BF48E38773F66E5619C5BCA3A741CED03DA08946D2C712BE7A493D6C848107"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1280
Expires: Tue, 24 Jan 2023 22:18:02 GMT
Date: Tue, 24 Jan 2023 21:56:42 GMT
Connection: keep-alive

www.googletagmanager.com/gtag/js?id=G-C27SH5W4XN

216.58.207.200

200 OK

76973

URL HTTP/2

www.googletagmanager.com/gtag/js?id=G-C27SH5W4XN
IP

216.58.207.200:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (19467)

Size

76973
Hash

7137b2249ea6beff8b291b2eb855f4ee

85ec7fa3dab4adee396739fddcb3ca293b480e24

24ae42bdf80966baf7576e53929ea539e18456489ca89222b8788761224dcd55

HTTP Headers

                                        GET /gtag/js?id=G-C27SH5W4XN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Jan 2023 21:56:42 GMT
expires: Tue, 24 Jan 2023 21:56:42 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76973
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

1005c9e99dc8d4390861d6730c7a403b

0e3858ae26a1c01e0160e3b60e400bea202ebd05

4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

icalendar.datingtopgirls.com/icalendar.js

31.220.24.141

200 OK

2171

URL HTTP/1.1

icalendar.datingtopgirls.com/icalendar.js
IP

31.220.24.141:0
ASN

#39572 DataWeb Global Group B.V.

Magic

ASCII text

Size

2171
Hash

ee5ff51b385e058b2c9877d81f9d5d65

352f9c19bf07dec79a78e07481d8ae94e717cd87

d1ba9d269e7826b85e539634b6f57cded11b472b3b839f6994409acb9e35319a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /icalendar.js HTTP/1.1
Host: icalendar.datingtopgirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 24 Jan 2023 21:56:42 GMT
Content-Type: application/javascript
Last-Modified: Fri, 30 Dec 2022 14:40:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63aef87a-1d8c"
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

3067

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

3067
Hash

f9a5365493af877aba72645232f6c358

29eabeb4c37656a854fbefdcd64fa4aa59e221f4

d1f25a043c8163c1423f7a13f75fc3d0368eace3800cc5bb5a4307fc29a2fbbe

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:56:42 GMT
Last-Modified: Tue, 24 Jan 2023 21:56:39 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

78ed7b7d814d987601b30851546309b5

12a653dabfd738fef99fad2295eec55e4651bc7c

a55164c954f0255d6d360ac0fac8b4598f8e0e01ec646105eed2e9b0abf5e2bd

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-T76Q9QX

216.58.207.200

200 OK

59138

URL HTTP/2

www.googletagmanager.com/gtm.js?id=GTM-T76Q9QX
IP

216.58.207.200:0
ASN

#15169 GOOGLE

Magic

ASCII text

Size

59138
Hash

bda49f80a03cd8334db1ec9e7eda5fa7

2d3bb9c264a1425250c5e87a21c32d209dd6f820

560271510d919a58e427b33e439249d226672cbdc193475b235e2bc410e69ae9

HTTP Headers

                                        GET /gtm.js?id=GTM-T76Q9QX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Jan 2023 21:56:42 GMT
expires: Tue, 24 Jan 2023 21:56:42 GMT
cache-control: private, max-age=900
last-modified: Tue, 24 Jan 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 57672
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

4637

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

4637
Hash

6fd88837111c1bae6456155f6be44f81

2543d8e977e82d50a4d1ac6c8f5fcf0b96196f74

4cc6923f8da4fc80f718a775c08f5acaa32be1e73d20ae4af9651f9dce812736

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12BF48E38773F66E5619C5BCA3A741CED03DA08946D2C712BE7A493D6C848107"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1360
Expires: Tue, 24 Jan 2023 22:19:22 GMT
Date: Tue, 24 Jan 2023 21:56:42 GMT
Connection: keep-alive

wmtn2.datingtopgirls.com/util/101-main-big.jpg

31.220.24.141

200 OK

71405

URL HTTP/1.1

wmtn2.datingtopgirls.com/util/101-main-big.jpg
IP

31.220.24.141:0
ASN

#39572 DataWeb Global Group B.V.

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 375x281, components 3\012- data

Size

71405
Hash

678b078397918f81c17fc5e985ddc84e

5daf578de0255e1951964a40e4031b3d35b501c5

f125f8acd033c69d7cd469de7f3b7e28409ea97d0d220de8fc60ecccbcf3da13

HTTP Headers

                                        GET /util/101-main-big.jpg HTTP/1.1
Host: wmtn2.datingtopgirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 24 Jan 2023 21:56:42 GMT
Content-Type: image/jpeg
Content-Length: 71405
Last-Modified: Wed, 02 Jun 2021 14:48:40 GMT
Connection: keep-alive
ETag: "60b79a48-116ed"
Accept-Ranges: bytes

fonts.googleapis.com/css?family=Lato&display=swap?85

142.250.74.106

200 OK

799

URL HTTP/2

fonts.googleapis.com/css?family=Lato&display=swap?85
IP

142.250.74.106:0
ASN

#15169 GOOGLE

Magic

data

Size

799
Hash

3bee76b9136ff6e97ad6bdb75f13df48

c0fa2d989b4c67a1d36f84b60482718884f59373

aa55f469eb1f18e6f51b57e87d9e06f4620aca7b03bea1c465b6b277a71e98e9

HTTP Headers

                                        GET /css?family=Lato&display=swap?85 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://we-meet-today.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 24 Jan 2023 21:56:42 GMT
date: Tue, 24 Jan 2023 21:56:42 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

wmtn2.datingtopgirls.com/util/101-main-small.jpg

31.220.24.141

200 OK

39973

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

#1 JS:Script (size: 159161)

#2 JS:Script (size: 135470)

#3 JS:Script (size: 86841)

#4 JS:Script (size: 1026)

#5 JS:Script (size: 244)

#6 JS:Script (size: 2878)

#7 JS:Script (size: 181)

#8 JS:Script (size: 676)

#9 JS:Script (size: 230899)

#10 JS:Script (size: 580)

#11 JS:Script (size: 56734)

#12 JS:Script (size: 12500)

#13 JS:Script (size: 74304)

#14 JS:Script (size: 697)

#15 JS:Script (size: 65)

#16 JS:Script (size: 865)

#17 JS:Script (size: 381)

#18 JS:Script (size: 4459)

#19 JS:Script (size: 289928)

#20 JS:Script (size: 9138)

#21 JS:Script (size: 3650)

#22 JS:Script (size: 9240)

#23 JS:Script (size: 925)

#24 JS:Script (size: 269)

#25 JS:Script (size: 1765)

#26 JS:Script (size: 7564)

#27 JS:Script (size: 23618)

#28 JS:Script (size: 100)

#29 JS:Script (size: 2776)

#30 JS:Script (size: 33)

#31 JS:Script (size: 1423)

#32 JS:Script (size: 219254)

HTTP Transactions (68)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP