Overview

URLwww.bestukrainiangirl.com/index.php/promote/click?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
IP 44.208.76.17 (United States)
ASN#14618 AMAZON-AES
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-02 06:16:55 UTC
StatusLoading report..
IDS alerts0
Blocklist alert8
urlquery alerts No alerts detected
Tags None

Domain Summary (18)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
fqtag.com (1) 13252 2015-01-02 08:40:37 UTC 2022-12-01 20:10:46 UTC 35.190.72.161
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-12-01 18:48:44 UTC 142.250.74.168
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 34.218.164.174
aux.fqtag.com (2) 19371 2019-08-05 18:31:42 UTC 2022-12-01 20:10:46 UTC 35.190.13.203
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-12-01 17:28:41 UTC 142.250.74.106
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
cdn.fqtag.com (1) 18775 2018-05-30 14:51:44 UTC 2022-12-01 20:57:38 UTC 35.190.36.172
ocsp.godaddy.com (1) 698 2012-05-20 19:28:57 UTC 2020-05-02 20:58:10 UTC 192.124.249.41
www.bestukrainiangirl.com (31) 0 2022-07-06 11:10:55 UTC 2022-10-17 20:26:04 UTC 44.208.76.17 Unknown ranking
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-01 17:14:08 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-12-01 21:18:15 UTC 142.250.74.110
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-01 17:12:49 UTC 34.117.237.239
ocsp.pki.goog (8) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.131
fonts.gstatic.com (3) 0 2014-09-09 00:40:21 UTC 2022-12-01 22:08:56 UTC 216.58.207.227 Domain (gstatic.com) ranked at: 540
flx808.lporirxe.com (1) 0 2018-09-12 08:58:45 UTC 2022-12-01 20:57:38 UTC 104.18.156.225 Domain (lporirxe.com) ranked at: 22083

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-02 2 www.bestukrainiangirl.com/qa/register01/css/layout.css?v1.0 Phishing
2022-12-02 2 www.bestukrainiangirl.com/common/js/my_validate_index2.js Phishing
2022-12-02 2 www.bestukrainiangirl.com/common/js/jquery.cookie.js Phishing
2022-12-02 2 www.bestukrainiangirl.com/qa/register01/images/logo.svg Phishing
2022-12-02 2 www.bestukrainiangirl.com/common/js/auto_email/jquery.autoComplete.js Phishing
2022-12-02 2 www.bestukrainiangirl.com/qa/register01/js/parallax.min.js Phishing
2022-12-02 2 www.bestukrainiangirl.com/common/js/jquery.min.js Phishing
2022-12-02 2 www.bestukrainiangirl.com/qa/register01/js/swiper.min.js Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 44.208.76.17
Date UQ / IDS / BL URL IP
2023-01-27 03:21:46 +0000 0 - 0 - 2 www.bestukrainiangirl.com/my/login.php 44.208.76.17
2023-01-26 17:31:15 +0000 0 - 0 - 2 www.bestukrainiangirl.com/my/login.php 44.208.76.17
2023-01-18 22:43:38 +0000 0 - 0 - 2 bestukrainiangirl.com/ 44.208.76.17
2022-12-02 06:16:55 +0000 0 - 0 - 8 www.bestukrainiangirl.com/index.php/promote/c (...) 44.208.76.17
2022-12-02 06:16:52 +0000 0 - 0 - 8 www.bestukrainiangirl.com/qa/register01.php?a (...) 44.208.76.17


Last 5 reports on ASN: AMAZON-AES
Date UQ / IDS / BL URL IP
2023-01-27 15:06:31 +0000 0 - 0 - 4 consumerrewardscenter.com/go/to/g37sf3/key/73 (...) 107.23.100.94
2023-01-27 14:39:43 +0000 0 - 1 - 0 shopgala.api.twyne.io/lout/rdirect/80/852/163 (...) 52.71.127.56
2023-01-27 14:32:49 +0000 0 - 0 - 58 ui.fraudfree.net/api/r/i/63ae5075a9cd46fb16509925 54.237.163.208
2023-01-27 14:32:09 +0000 0 - 0 - 6 primerewardz.com/go/to/f388f2/key/43e0d9b59fc (...) 107.23.100.94
2023-01-27 14:32:04 +0000 0 - 0 - 6 smoothreward.com/go/to/1c1b97/key/b669f07ad98 (...) 107.23.100.94


Last 5 reports on domain: bestukrainiangirl.com
Date UQ / IDS / BL URL IP
2023-01-27 03:21:46 +0000 0 - 0 - 2 www.bestukrainiangirl.com/my/login.php 44.208.76.17
2023-01-26 17:31:15 +0000 0 - 0 - 2 www.bestukrainiangirl.com/my/login.php 44.208.76.17
2023-01-18 22:43:38 +0000 0 - 0 - 2 bestukrainiangirl.com/ 44.208.76.17
2022-12-02 06:16:55 +0000 0 - 0 - 8 www.bestukrainiangirl.com/index.php/promote/c (...) 44.208.76.17
2022-12-02 06:16:52 +0000 0 - 0 - 8 www.bestukrainiangirl.com/qa/register01.php?a (...) 44.208.76.17


No other reports with similar screenshot

JavaScript

Executed Scripts (22)

Executed Evals (9)
#1 JavaScript::Eval (size: 31) - SHA256: 83ba63efde4d727ac5babaea99f131c7a173c43d8ba138525523e267bf5f19c9
window.location.ancestorOrigins
#2 JavaScript::Eval (size: 20) - SHA256: 989aee59bc8b1d209d85b911b79e19acbd4f38b57f507a32a8824db502e689e0
(function x() {})[-5]
#3 JavaScript::Eval (size: 14) - SHA256: 0510de046e8325540849bad09f31eaaa3e9256fafd330c5d57327dc948812a33
/*@cc_on!@*/ !1
#4 JavaScript::Eval (size: 4) - SHA256: 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408
this
#5 JavaScript::Eval (size: 20) - SHA256: f83271bbf9f61f53799bbe1ea9aa015e44b5b2ab3d7a94605b3aa390d2bfbc59
(function x() {})[-6]
#6 JavaScript::Eval (size: 7) - SHA256: 05f06428ae6926ccb3847eac1c4adbe310cdeb3f5db585f26c2b9bb7887bff03
!+'\v1'
#7 JavaScript::Eval (size: 11) - SHA256: f587a8350df0c0f85a945195aac9f88d92f340e865a2e7fb23ad516da6623618
'\v' == 'v'
#8 JavaScript::Eval (size: 17) - SHA256: 17f5bfdbae6b35ae8bc3b27c069526d694021fe1e37a8027678e770fbb05e061
/*@cc_on!@*/
false
#9 JavaScript::Eval (size: 34325) - SHA256: 5d3c94050ef872a0fc580bc4fd74591defddc495a88faa8ed75dfaf669598830
var FLPXobj = FLPXobj || (function() {
    var flobj = new Object();
    var url_init = "Pixel Conguration Error (1): Cannot generate data!";
    var url_stat = "Pixel Conguration Error (2): Cannot generate data!";
    flobj.statpx = "Pending";
    var isDNT = false;
    isDNT = navigator.doNotTrack == "yes" || navigator.doNotTrack == "1" || navigator.msDoNotTrack == "1";
    if (isDNT !== true) {
        var _args = {};
        var tci = "";
        var flgxfnd = '';
        var flooc = gvid("flooc");
        var _flooc = gvid("_flooc");
        var fl_cp = escape(location.href);
        var flxcid = "";
        var flxpid = "";
        var fl_frm = "";
        var cpg = "";
        var rp = "";
        var allnewfields = genflds();
        var flversion = "f5.0.8";
        var _cdv = s2x("_cd" + Math.random());
        var flxnav = navigator.appVersion;
        var rstat = "";
        var vset = "";
        var hpu = "";
        var gtype = "G";
        var flapptype = "";
        var fltrx = "";
        var pi = GP();
        var us = GFLS();
        var flstatid = "";
        var flstatsid = "";
        var ifw = "";
        gtype += "ET";
        var flgxlist = 0;
        var flgxlm = "";
        var allfrms = document.forms;
        var vid = cvid(0);
        var imgp = (document.location.protocol == "https:") ? "https" : "http";
        var _flxdotnet = 0;
        var _fltrf = 0;
        var _flsvr = "";
        var _flrfst = 0;
        var _flbtn = "";
        var _ltfl = 0;
        var _fllv = "";
        var flf = ''
        var rmbc = gvid('rmbc');
        var flch = gvid('flch');
        var flvsn = gvid('flvsn');
        if (flch == undefined || flch == "") {
            flch = history.length;
        }
        if (flvsn == undefined || flvsn == "") {
            flvsn = "old";
        }
        var oldref = "";
        var newref = "";
        if (fl_cp != "") {
            fl_cp = dblbt2p(fl_cp);
        }
        var hasoo = 0;
        if (flooc.indexOf('n5Rr8') != -1) {
            hasoo = 1;
        }
        if (_flooc.indexOf('n5Rr8') != -1) {
            hasoo = 1;
        }
        var FLctr = 0;
        var FLctrs = 0;
        var FLtrk;
        var FLtimer_is_on = 0;
        var flvtm = FLDoTZ();
        var ag = 0;
        flch += '';
        rmbc += '';
        var scriptext = "php";
        var isRMBC = false;
        var hitfnd = "";
    } else {
        flobj.urlinit = "(1): Terminated!";
        flobj.urlstat = "(2): Terminated!";
        flobj.statpx = "OK";
        this.initurl = flobj.urlinit;
        this.staturl = flobj.urlstat;
        this.pxstatus = flobj.statpx;
    }
    return {
        procinit: function(Args) {
            if (isDNT !== true) {} else {
                this.initurl = flobj.urlinit;
                this.staturl = flobj.urlstat;
                this.pxstatus = flobj.statpx;
                return;
            }
            _args = Args;
            if (Args) {
                if (_args[0] && _args[1]) {
                    tci = 'flx' + _args[0];
                    flxcid = _args[0];;
                    flxpid = _args[1];;
                }
            }
            if (flxcid == "" || flxpid == "") {
                DoFLobj(1);
                DoFLobj(2);
                this.initurl = flobj.urlinit;
                this.staturl = flobj.urlstat;
                this.pxstatus = flobj.statpx;
                return;
            }
            var vid = cvid(1);
            var imgp = (document.location.protocol == "https:") ? "https" : "http";
            if (typeof window["_flsvr"] != "undefined") {
                _flsvr = window["_flsvr"];
            }
            if (typeof window["_flbtn"] != "undefined") {
                _flbtn = window["_flbtn"];
            }
            if (typeof window["_flxdotnet"] != "undefined") {
                _flxdotnet = window["_flxdotnet"];
            }
            if (typeof window["_ltfl"] != "undefined") {
                _ltfl = window["_ltfl"];
            }
            if (typeof window["_flbtn"] != "undefined") {
                _flbtn = window["_flbtn"];
            }
            if (typeof window["_flrfst"] != "undefined") {
                _flrfst = window["_flrfst"];
            }
            if (typeof window["_fllv_" + flxcid] != "undefined") {
                _fllv = window["_fllv_" + flxcid];
            }
            if (_fllv == "") {
                if (typeof window["_fllv"] != "undefined") {
                    _fllv = window["_fllv"];
                }
            }
            if (flxcid == 171) {
                _flxdotnet = 1;
            }
            flapptype = getflapp(flxcid);
            fltrx = findfltrx();
            for (var x = 0; x < allfrms.length; x++) {
                if (typeof allfrms[x].name === "string" && allfrms[x].name.substring(0, 7) == 'flgxfrm') {
                    flgxlist++;
                    if (flgxlist > 1) {
                        flgxlm = flgxlm + ',';
                    }
                    flgxlm = flgxlm + allfrms[x].name.replace(/flgxfrm/gi, '');
                }
            }
            for (var x = 0; x < allfrms.length; x++) {
                if (typeof allfrms[x].name === "string" && allfrms[x].name == 'flgxfrm_' + flxcid) {
                    flgxfnd = allfrms[x];
                    break;
                }
            }
            if (flgxfnd == '') {
                for (var x = 0; x < allfrms.length; x++) {
                    if (typeof allfrms[x].name === "string" && allfrms[x].name == 'flgxfrm') {
                        flgxfnd = allfrms[x];
                        break;
                    }
                }
            }
            if (typeof window["_fltrf"] != "undefined") {
                _fltrf = window["_fltrf"];
                setFLUID();
            }
            flf = pflf(_flxdotnet);
            if (_fltrf > 0) {
                rp = gvid('flvuf');
                fl_frm = getflREF();
                if (rp != "") {
                    oldref = getHostname(unescape(rp));
                }
                if (fl_frm != "") {
                    newref = getHostname(unescape(fl_frm));
                }
                cpg = getHostname(unescape(fl_cp));
                if (newref !== cpg) {
                    if (oldref != "") {
                        fl_frm = rp;
                    }
                }
            } else {
                fl_frm = gvid('flvuf');
                if (fl_frm == undefined || fl_frm == "") {
                    fl_frm = getflREF();
                    if (fl_frm != "") {
                        fl_frm = dblbt2p(fl_frm);
                    }
                }
            }
            if (flxcid == 171) {
                dvfflx();
            }
            if (_flbtn == "") {
                if (_ltfl > 1) {
                    WaitForIt();
                } else {
                    SendIt();
                }
            }
            document.body.onmousedown = function(e) {
                var isRMBC = false;
                e = e || window.event;
                if ("which" in e) {
                    isRMBC = e.which == 3;
                } else if ("button" in e) {
                    isRMBC = e.button == 2;
                }
                if (isRMBC == false) {} else {
                    document.cookie = "rmbc=1";
                }
                if (e.target) targ = e.target;
                else if (e.srcElement) targ = e.srcElement;
                if (targ.nodeType == 3) targ = targ.parentNode;
                hitfnd = "";
                if (targ.src != undefined && targ.src != "") {
                    hitfnd = targ.src;
                } else if (targ.id != undefined && targ.id != "") {
                    hitfnd = targ.id;
                } else if (targ.name != undefined && targ.name != "") {
                    hitfnd = targ.name;
                }
                if (hitfnd.indexOf(_flbtn) != -1 && _flbtn != "") {
                    if (_ltfl > 0) {
                        WaitForIt();
                    } else {
                        flf = pflf(_flxdotnet);
                        SendIt();
                    }
                }
            }
            this.initurl = flobj.urlinit;
            this.staturl = flobj.urlstat;
            DoFLobj(3);
            this.pxstatus = flobj.statpx;
        }
    }

    function getflREF() {
        try {
            if (parent !== window) {
                return escape(parent.document.referrer);
            } else {
                return escape(document.referrer);
            }
        } catch (err) {
            return escape(document.referrer);
        }
    }

    function setFLUID() {
        if (_fltrf > 0) {
            var IsFLuid = 0;
            if (flgxfnd) {
                for (i = 0; i < flgxfnd.elements.length; i++) {
                    if (flgxfnd.elements[i].name.toLowerCase() == 'uniqueid') {
                        IsFLuid = 1;
                        break;
                    }
                }
            }
            if (IsFLuid == 0) {
                var nflele = document.createElement('input');
                nflele.type = "hidden";
                nflele.name = "uniqueID";
                flgxfnd.appendChild(nflele);
            }
        }
    }

    function wrtc(id, val) {
        if (fl_cp.indexOf('/flifc.php') != -1) {
            var dc = 0;
            var pa = fl_cp.split("?").pop().split("&");
            for (var ij = 0; ij < pa.length; ij++) {
                var ikv = pa[ij].split("=");
                if (ikv[0] == 'co' && ikv.length == 2) {
                    var dc = ikv[1];
                    break;
                };
            }
            if (dc == 1) {
                return;
            }
        }
        var vdate = new Date();
        var numdays = 30;
        domain = GCliD();
        vdate.setDate(vdate.getDate() + numdays);
        document.cookie = id + "=" + escape(val) + "; path=/" + ((numdays == null) ? "" : ";expires=" + vdate.toGMTString()) + ((domain) ? "; domain=." + domain : "");
    }

    function WaitForIt() {
        var egtc = 0;
        var rtg = setInterval(function() {
            egtc++;
            var _ltuid = "";
            var chkfld = "";
            if (flgxfnd) {
                for (i = 0; i < flgxfnd.elements.length; i++) {
                    if (flgxfnd.elements[i].name.toLowerCase() == 'uniqueid') {
                        _ltuid = flgxfnd.elements[i].value;
                    }
                    if (_ltfl > 1) {
                        if (flgxfnd.elements[i].name.toLowerCase() == allnewfields[_ltfl]) {
                            chkfld = flgxfnd.elements[i].value;
                        }
                    }
                }
            } else {
                var allelems = document.forms;
                for (var x = 0; x < allelems.length; x++) {
                    for (i = 0; i < allelems[x].elements.length; i++) {
                        if (allelems[x].elements[i].name.toLowerCase() == 'uniqueid') {
                            _ltuid = allelems[x].elements[i].value;
                        }
                        if (_ltfl > 1) {
                            if (allelems[x].elements[i].name.toLowerCase() == allnewfields[_ltfl]) {
                                chkfld = allelems[x].elements[i].value;
                            }
                        }
                    }
                    if (chkfld != "" && _ltuid != "") {
                        break;
                    }
                }
            }
            if (_ltfl > 1) {
                if (chkfld != "" || egtc > 100) {
                    clearInterval(rtg);
                    flf = pflf(_flxdotnet);
                    SendIt();
                }
            } else if (_ltfl == 1) {
                if (_ltuid.match(/_TransID/g) == null || egtc > 100) {
                    clearInterval(rtg);
                    flf = pflf(_flxdotnet);
                    SendIt();
                }
            }
        }, 50);
    }

    function SendIt() {
        var newhpu = "";
        if (hpu != "") {
            newhpu = s2x(f3d(vid, hpu, 1, 0));
        }
        if (fl_cp != "") {
            fl_cp = fl_cp.replace(/#/gi, "THEPNDVL");
        }
        if (fl_frm != "") {
            fl_frm = fl_frm.replace(/#/gi, "THEPNDVL");
        }
        var spfstr1 = '',
            spfstr2 = '';
        try {
            var spfsp = (isUaSpoofed(true) ? 1 : 0);
        } catch (err) {
            flerr += '-16'
        }
        try {
            var spfsnp = (isUaSpoofed(false) ? 1 : 0);
        } catch (err) {
            flerr += '-18'
        }
        var fspf = "&spfp=" + spfsp + "&spfnp=" + spfsnp + "&sp1=" + spfstr1 + "&sp2=" + spfstr2;
        var ndom = "flprocv1_56.";
        if ((ag == 0 && gvid("_u") != newhpu) || flxcid == 211) {
            var img = imgp + "://" + tci + "." + flapptype + ndom + scriptext + "?";
            if (hasoo == 0) {
                var initbase = "&5=" + fl_cp + "&6=" + s2x(f3d(vid, vset, 1, 0)) + "&7=" + s2x(vid) + "&8=" + s2x(f3d(vid, us, 1, 0)) + "&9=" + s2x(f3d(vid, pi, 1, 0)) + "&10=" + fl_frm + "&15=1&11=" + s2x(f3d(vid, flch, 1, 0)) + "&12=" + fltrx + "&13=" + s2x(f3d(vid, rmbc, 1, 0)) + "&17=" + s2x(f3d(vid, flvtm, 1, 0)) + "&18=" + s2x(f3d(vid, _fllv + "", 1, 0)) + "&19=" + s2x(f3d(vid, _fltrf + "", 1, 0)) + "&21=" + _flsvr + "&WPr4y=" + s2x(f3d(vid, getflct() + "", 1, 0)) + "&14f5fl=" + s2x(f3d(vid, flf, 1, 0));
            } else {
                var initbase = "&5=" + fl_cp + "&6=&7=" + s2x(vid) + "&8=&9=&10=" + fl_frm + "&15=1&11=&12=&13=&17=&18=&19=&20=1&21=&WPr4y=" + s2x(f3d(vid, getflct() + "", 1, 0)) + "&14f5fl=" + s2x(f3d(vid, flf, 1, 0));
            }
            url_init = "1=" + flversion + "&2=" + s2x(f3d(vid, flvsn, 1, 0)) + "&3=" + flxcid + "&4=" + flxpid + initbase + fspf;
            img = img + url_init;
            DoFLobj(1);
            if (_flsvr == "") {
                forceimg(img);
            }
            dostaturl();
            if (flxcid == 171) {
                if (document.getElementById('gsrfrm171') != null) {
                    var hpturl = rstat.replace(/amp;/gi, "");
                    var hpturl = hpturl.replace("rptstat", "gsr") + "&r=" + _cdv;
                    document.getElementById('gsrfrm171').setAttribute("src", hpturl);
                } else {
                    loadewj(1);
                    loadewj(2);
                }
            }
            ag = 1;
            wrtc("_u", s2x(f3d(vid, hpu, 1, 0)));
        } else if (_flrfst == 1) {
            dostaturl();
        }
    }

    function dostaturl() {
        if (fl_cp.indexOf('/flifc.php') != -1) {
            url_stat = "";
        } else {
            var statdom = imgp + "://" + tci + "." + flapptype + "rptstat." + scriptext + "?";
            var statdata = "v=" + flversion + "&1xk7g36=" + s2x(f3d(vid, flxcid, 1, 0)) + "&Mm0y351=" + s2x(f3d(vid, flxpid, 1, 0)) + "&WPr4y=" + s2x(f3d(vid, getflct() + "", 1, 0)) + "&1=" + s2x(vid) + "&2=" + s2x(f3d(vid, flstatid, 1, 0)) + "&3=" + s2x(f3d(vid, flstatsid, 1, 0)) + "&4=" + s2x(f3d(vid, hpu, 1, 0)) + "&5=" + fl_cp + "&10=" + fl_frm + "&12=" + _flsvr;
            rstat = statdom + statdata;
            url_stat = statdata.replace(/amp;/gi, "");
            DoFLobj(2);
            var thediv = 'flpx_' + flxcid + '_' + flxpid;
            var ele = document.getElementById(thediv);
            if (ele) {
                ele.style.display = "none";
                if (_flsvr == "") {
                    ele.innerHTML = url_stat;
                }
            }
        }
    }

    function forceimg(img) {
        setTimeout(function() {
            var imgready = false;
            var FLimg = new Image(0, 0);
            FLimg.src = img;
        }, 0);
    }

    function findfltrx() {
        var divs, i, trx;
        divs = document.getElementsByTagName('div');
        for (i = 0; i < divs.length; i++) {
            if (divs[i].id == "fltrax") {
                trx = document.getElementById("fltrax").innerHTML;
            }
        }
        return trx;
    }

    function cvid(t) {
        var tmpsu, suseq;
        var su = gvid('flv');
        if (su != null && su != "") {
            vset = "n";
            if (t == 0) {
                if (su.length == 20) {
                    su = su + '1';
                } else if (su.length > 20) {
                    tmpsu = su.substr(0, 20);
                    suseq = su.substr(20);
                    suseq = (suseq * 1) + 1;
                    su = tmpsu + suseq;
                }
                wrtc('flv', su);
            }
        } else {
            su = doflid();
            wrtc('flv', su);
            vset = "y";
        }
        return su;
    }

    function GCliD() {
        var url = location.href;
        var domfound = false;
        var dom_array = new Array('lporirxe', 'fraudlogix', 'yabidos');
        for (var i = 0; i < dom_array.length - 1; i++) {
            if (url.indexOf(dom_array[i]) != -1) {
                domfound = true;
                break;
            }
        }
        if (!domfound) {
            return (url.match(/:\/\/(.[^/]+)/)[1]).replace('www.', '');
        } else {
            var parts = location.hostname.split('.');
            if (parts.length > 2) {
                var subdomain = parts.shift();
                var upperleveldomain = parts.join('.');
                return upperleveldomain;
            } else {
                return location.hostname;
            }
        }
    }

    function gvid(flu) {
        if (document.cookie.length > 0) {
            var sl = document.cookie.indexOf(flu + "=");
            if (sl != -1) {
                sl = sl + flu.length + 1;
                var el = document.cookie.indexOf(";", sl);
                if (el == -1) el = document.cookie.length;
                return unescape(document.cookie.substring(sl, el));
            }
        }
        return "";
    }

    function doflid() {
        var chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz";
        var string_length = 20;
        var flrval = '';
        for (var i = 0; i < string_length; i++) {
            var rnum = Math.floor(Math.random() * chars.length);
            flrval += chars.substring(rnum, rnum + 1);
        }
        return flrval;
    }

    function GP() {
        var flpi = "";
        if (navigator.plugins && navigator.plugins.length > 0) {
            flpi = "";
            for (i = 0; i < navigator.plugins.length; i++) {
                thisPlugin = navigator.plugins[i];
                flpi = flpi + thisPlugin.name + "<br>";
            }
        }
        return flpi;
    }

    function GFLS() {
        if (screen.width == '0') {
            if (window.devicePixelRatio > 0) {
                var dpi = window.devicePixelRatio;
            } else {
                var dpi = 2;
            }
            var scrnW = (dpi * document.documentElement.clientWidth);
            var scrnH = (dpi * document.documentElement.clientHeight);
            var scrnAw = (scrnW - 32);
            var scrnAh = (scrnH - 32);
            var flpi = "sh: " + scrnH + "~";
            flpi = flpi + "sw: " + scrnW + "~";
            flpi = flpi + "sah: " + scrnAh + "~";
            flpi = flpi + "saw: " + scrnAw + "~";
        } else {
            var flpi = "sh: " + screen.height + "~";
            flpi = flpi + "sw: " + screen.width + "~";
            flpi = flpi + "sah: " + screen.availHeight + "~";
            flpi = flpi + "saw: " + screen.availWidth + "~";
        }
        flpi = flpi + "scd: " + screen.colorDepth + "~";
        flpi = flpi + "spd: " + screen.pixelDepth;
        return flpi;
    }

    function pflf(_flxdotnet) {
        var nlf = "";
        if (flgxfnd) {
            for (i = 0; i < flgxfnd.elements.length; i++) {
                if (flgxfnd.elements[i].name.toLowerCase() == 'uniqueid') {
                    if (flgxfnd.elements[i].value == "") {
                        var strflusid = "";
                        if (flxcid == 213 || flxcid == 218) {
                            if (typeof this.recordid == "undefined") {
                                strflusid = "";
                            } else {
                                strflusid = this.recordid;
                            }
                        }
                        if (strflusid == "") {
                            var flusid = Math.round((new Date()).getTime());
                            strflusid = vid.substr(0, 9) + flusid;
                        }
                        flgxfnd.elements[i].value = strflusid;
                        break;
                    }
                }
            }
        } else {
            var allelems = document.forms;
            for (var x = 0; x < allelems.length; x++) {
                for (i = 0; i < allelems[x].elements.length; i++) {
                    if (allelems[x].elements[i].name.toLowerCase() == 'uniqueid') {
                        if (allelems[x].elements[i].value == "") {
                            var strflusid = "";
                            if (flxcid == 213 || flxcid == 218) {
                                if (typeof this.recordid == "undefined") {
                                    strflusid = "";
                                } else {
                                    strflusid = this.recordid;
                                }
                            }
                            if (strflusid == "") {
                                var flusid = Math.round((new Date()).getTime());
                                strflusid = vid.substr(0, 9) + flusid;
                            }
                            allelems[x].elements[i].value = strflusid;
                            break;
                        }
                    }
                }
            }
        }
        var allelems = document.forms;
        var fi = "sending:" + allelems.length + "~";
        if (flgxfnd) {
            var ff = flgxfnd;
            fi = "sending:1~" + "_2fdm" + "1=" + "flgxfrm";
            for (var x = 0; x < ff.length; x++) {
                nlf = ff[x].name.toLowerCase();
                fi = fi + "~_2fdd";
                fi = fi + "=" + ff[x].name;
                fi = fi + "=" + ff[x].value;
                if (nlf == "id") {
                    flstatid = ff[x].value;
                }
                if (nlf == "sid") {
                    flstatsid = ff[x].value;
                }
                if (nlf == "uniqueid") {
                    hpu = ff[x].value;
                }
            }
        } else {
            for (var x = 0; x < allelems.length; x++) {
                if (allelems[x].name == "[object HTMLInputElement]") {
                    fi = fi + "_2fdm" + (x + 1) + "=" + allelems[x].name + "~";
                } else {
                    fi = fi + "_2fdm" + (x + 1) + "=" + allelems[x].name + "~";
                }
                var elem = document.forms[x].elements;
                for (var i = 0; i < elem.length; i++) {
                    nlf = elem[i].name.toLowerCase();
                    if (isFLfld(elem[i].name)) {
                        fi = fi + "_2fdd=" + elem[i].name + "=" + elem[i].value + "~";
                    }
                    if (nlf == "id") {
                        flstatid = elem[i].value;
                    }
                    if (nlf == "sid") {
                        flstatsid = elem[i].value;
                    }
                    if (nlf == "uniqueid") {
                        hpu = elem[i].value;
                    }
                }
            }
        }
        if (fi.length > 0) {
            if (fi.substr(fi.length - 1, 1) == "~") {
                fi = fi.substr(0, fi.length - 1);
            }
        }
        var ox = fi.replace(/_2fdd/gi, _ff(2));
        var ox2 = ox.replace(/_2fdm/gi, _ff(1));
        return ox2;
    }

    function _ff(x) {
        var s = "";
        for (i = 0; i < 11; i++) {
            if (i == 0 || i == 1) s = s.concat("9");
            if (i == 4) s = s.concat("s");
            if (i == 3) s = s.concat("i");
            if (i == 5) s = s.concat("h");
            if (i == 6 || i == 2) s = s.concat("f");
            if (i > 6) {
                if (x == 2) {
                    if (i == 9) s = s.concat("l");
                    if (i == 7) s = s.concat("i");
                    if (i == 10) {
                        s = s.concat("d");
                        break;
                    }
                    if (i == 8) s = s.concat("e");
                } else {
                    if (i == 7) s = s.concat("o");
                    if (i == 9) {
                        s = s.concat("m");
                        break;
                    }
                    if (i == 8) s = s.concat("r");
                }
            }
        }
        return s;
    }

    function getflapp(flxcid) {
        var domext = "com";
        var domdir = "flp";
        var sep = "/";
        var retval = "";
        if (flxcid == "") {
            retval = "lporirxe";
        }
        var fldom = new Array(26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 37, 38, 39, 40);
        if (in_array(flxcid, fldom) == true) {
            retval = "fraudlogix" + "." + domext + sep + domdir + sep;
        } else {
            retval = "lporirxe" + "." + domext + sep + domdir + sep;
        }
        return retval;
    }

    function in_array(needle, haystack, argStrict) {
        var key = '',
            strict = !!argStrict;
        if (strict) {
            for (key in haystack) {
                if (haystack[key] === needle) {
                    return true;
                }
            }
        } else {
            for (key in haystack) {
                if (haystack[key] == needle) {
                    return true;
                }
            }
        }
        return false;
    }

    function genflds() {
        var result = new Array("id", "sid", "offerID", "uniqueID", "fullname", "address1", "address2", "city", "state", "postalcode", "country", "email", "phone", "vertical", "offertype", "other1", "other2", "lastfld");
        return result;
    }

    function isFLfld(fld) {
        var found = false;
        var all_new_fields = new Array("id", "sid", "offerID", "uniqueID", "vertical", "offertype", "lastfld");
        if (flxcid != 171) {
            for (var i = 0; i < allnewfields.length - 1; i++) {
                if (allnewfields[i].toLowerCase() == fld.toLowerCase()) {
                    found = true;
                    break;
                }
            }
        } else {
            for (var i = 0; i < all_new_fields.length - 1; i++) {
                if (all_new_fields[i].toLowerCase() == fld.toLowerCase()) {
                    found = true;
                    break;
                }
            }
        }
        return found;
    }

    function FLDoTZ() {
        var now = new Date();
        var later = new Date();
        var tzo = now.getTimezoneOffset() / 60 * (-1);
        var d1 = new Date();
        var d2 = new Date();
        d1.setDate(1);
        d1.setMonth(1);
        d2.setDate(1);
        d2.setMonth(7);
        if (parseInt(d1.getTimezoneOffset()) == parseInt(d2.getTimezoneOffset())) {
            var tzd = 0;
        } else {
            var hemisphere = parseInt(d1.getTimezoneOffset()) - parseInt(d2.getTimezoneOffset());
            if ((hemisphere > 0 && parseInt(d1.getTimezoneOffset()) == parseInt(now.getTimezoneOffset())) || (hemisphere < 0 && parseInt(d2.getTimezoneOffset()) == parseInt(now.getTimezoneOffset()))) {
                var tzd = 0;
            } else {
                var tzd = 1;
            }
        }
        return tzo + "." + tzd;
    }

    function loadewj(t) {
        var ewji = "isrd" + flxcid;
        var ewjn = "isrn" + flxcid;
        if (t == 1) {
            if (document.getElementById(ewji) == null) {
                var url = rstat.replace(/amp;/gi, "");
                url = url.replace("rptstat", "gsr") + "&r=" + _cdv;
                var i = document.createElement('iframe');
                i.setAttribute("src", url);
                i.setAttribute("height", "0");
                i.setAttribute("width", "0");
                i.id = ewji;
                i.name = ewjn;
                try {
                    setTimeout(function() {
                        document.getElementById(_cdv).appendChild(i);
                    }, 0);
                } catch (err) {
                    ifw = "w: " + err.description;
                }
            }
        } else {
            if (document.getElementById(ewji) == null) {
                if (flxnav.indexOf("MSIE 6") > 0 || flxnav.indexOf("MSIE 7") > 0 || flxnav.indexOf("MSIE 8") > 0) {
                    var url = rstat.replace(/amp;/gi, "");
                    url = url.replace("rptstat", "gsr") + "&r=" + _cdv;
                    var i = document.createElement('<iframe name="' + ewjn + '">');
                    i.setAttribute("src", url);
                    i.setAttribute("height", "0");
                    i.setAttribute("width", "0");
                    i.id = ewji;
                    i.name = ewjn;
                    try {
                        setTimeout(function() {
                            document.getElementById(_cdv).appendChild(i);
                        }, 0);
                    } catch (err) {
                        ifw = "w: " + err.description;
                    }
                }
            }
        }
    }

    function microtime(get_as_float) {
        var unixtime_ms = new Date().getTime();
        var sec = parseInt(unixtime_ms / 1000);
        return get_as_float ? (unixtime_ms / 1000) : (unixtime_ms - (sec * 1000)) / 1000;
    }

    function dvfflx() {
        var i = document.createElement('div');
        i.setAttribute("display", "none");
        i.setAttribute("height", "1px");
        i.setAttribute("width", "1px");
        i.id = _cdv;
        setTimeout(function() {
            document.body.appendChild(i);
        }, 0);
    }

    function dblbt2p(str) {
        var response = str;
        var prtcl = '';
        if (/[\u0100-\uffff]/.test(str)) {
            if (str.substring(0, 4) == 'http') {
                prtcl = 'http';
            }
            if (str.substring(0, 5) == 'https') {
                prtcl = 'https';
            }
            var hstnm = getHostname(unescape(str));
            response = escape(prtcl + "://" + dblbytecnv.ToASCII(hstnm));
        }
        return response;
    }

    function getHostname(str) {
        var re = new RegExp('^(?:f|ht)tp(?:s)?\://([^/]+)', 'im');
        return str.match(re)[1].toString();
    }

    function GetThisScript(scripts) {
        var resp = "";
        for (var i = scripts.length - 1; i > -1; i--) {
            var tsrc = scripts[i].src;
            if (tsrc && tsrc.match(/cvp\.js/g)) {
                var resp = getHostname(tsrc);
                break;
            }
        }
        if (resp && resp.substring(0, 3) == 'flx') {} else {
            resp = "";
        }
        return resp;
    }

    function gettci(shn) {
        shnp = shn.split(".");
        return shnp[0];
    }

    function getflct() {
        var flct2 = Math.round((new Date()).getTime() / 1000);
        return flct2;
    }

    function DoFLobj(ut) {
        if (ut == 1) {
            flobj.urlinit = url_init;
        } else if (ut == 2) {
            flobj.urlstat = url_stat;
        } else if (ut == 3) {
            flobj.statpx = 'OK';
        }
    }

    function f3d(key, message, encrypt, mode, iv, padding) {
        if (navigator.appVersion.indexOf("NetFront/4") > 0 || navigator.appVersion.indexOf("NetFront4") > 0) {
            return escape(message);
        }
        var spfunction1 = new Array(0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004);
        var spfunction2 = new Array(-0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, -0x7fef7fe0, 0x108000);
        var spfunction3 = new Array(0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200);
        var spfunction4 = new Array(0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080);
        var spfunction5 = new Array(0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, 0x40080000, 0x2080100, 0x40000100);
        var spfunction6 = new Array(0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010);
        var spfunction7 = new Array(0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002);
        var spfunction8 = new Array(0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000);
        var keys = f3d_createKeys(key);
        var m = 0,
            i, j, temp, temp2, right1, right2, left, right, looping;
        var cbcleft, cbcleft2, cbcright, cbcright2
        var endloop, loopinc;
        var len = message.length;
        var chunk = 0;
        var iterations = keys.length == 32 ? 3 : 9;
        if (iterations == 3) {
            looping = encrypt ? new Array(0, 32, 2) : new Array(30, -2, -2);
        } else {
            looping = encrypt ? new Array(0, 32, 2, 62, 30, -2, 64, 96, 2) : new Array(94, 62, -2, 32, 64, 2, 30, -2, -2);
        }
        if (padding == 2) message += "        ";
        else if (padding == 1) {
            temp = 8 - (len % 8);
            message += String.fromCharCode(temp, temp, temp, temp, temp, temp, temp, temp);
            if (temp == 8) len += 8;
        } else if (!padding) message += "\0\0\0\0\0\0\0\0";
        result = "";
        tempresult = "";
        if (mode == 1) {
            cbcleft = (iv.charCodeAt(m++) << 24) | (iv.charCodeAt(m++) << 16) | (iv.charCodeAt(m++) << 8) | iv.charCodeAt(m++);
            cbcright = (iv.charCodeAt(m++) << 24) | (iv.charCodeAt(m++) << 16) | (iv.charCodeAt(m++) << 8) | iv.charCodeAt(m++);
            m = 0;
        }
        while (m < len) {
            left = (message.charCodeAt(m++) << 24) | (message.charCodeAt(m++) << 16) | (message.charCodeAt(m++) << 8) | message.charCodeAt(m++);
            right = (message.charCodeAt(m++) << 24) | (message.charCodeAt(m++) << 16) | (message.charCodeAt(m++) << 8) | message.charCodeAt(m++);
            if (mode == 1) {
                if (encrypt) {
                    left ^= cbcleft;
                    right ^= cbcright;
                } else {
                    cbcleft2 = cbcleft;
                    cbcright2 = cbcright;
                    cbcleft = left;
                    cbcright = right;
                }
            }
            temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;
            right ^= temp;
            left ^= (temp << 4);
            temp = ((left >>> 16) ^ right) & 0x0000ffff;
            right ^= temp;
            left ^= (temp << 16);
            temp = ((right >>> 2) ^ left) & 0x33333333;
            left ^= temp;
            right ^= (temp << 2);
            temp = ((right >>> 8) ^ left) & 0x00ff00ff;
            left ^= temp;
            right ^= (temp << 8);
            temp = ((left >>> 1) ^ right) & 0x55555555;
            right ^= temp;
            left ^= (temp << 1);
            left = ((left << 1) | (left >>> 31));
            right = ((right << 1) | (right >>> 31));
            for (j = 0; j < iterations; j += 3) {
                endloop = looping[j + 1];
                loopinc = looping[j + 2];
                for (i = looping[j]; i != endloop; i += loopinc) {
                    right1 = right ^ keys[i];
                    right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];
                    temp = left;
                    left = right;
                    right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);
                }
                temp = left;
                left = right;
                right = temp;
            }
            left = ((left >>> 1) | (left << 31));
            right = ((right >>> 1) | (right << 31));
            temp = ((left >>> 1) ^ right) & 0x55555555;
            right ^= temp;
            left ^= (temp << 1);
            temp = ((right >>> 8) ^ left) & 0x00ff00ff;
            left ^= temp;
            right ^= (temp << 8);
            temp = ((right >>> 2) ^ left) & 0x33333333;
            left ^= temp;
            right ^= (temp << 2);
            temp = ((left >>> 16) ^ right) & 0x0000ffff;
            right ^= temp;
            left ^= (temp << 16);
            temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;
            right ^= temp;
            left ^= (temp << 4);
            if (mode == 1) {
                if (encrypt) {
                    cbcleft = left;
                    cbcright = right;
                } else {
                    left ^= cbcleft2;
                    right ^= cbcright2;
                }
            }
            tempresult += String.fromCharCode((left >>> 24), ((left >>> 16) & 0xff), ((left >>> 8) & 0xff), (left & 0xff), (right >>> 24), ((right >>> 16) & 0xff), ((right >>> 8) & 0xff), (right & 0xff));
            chunk += 8;
            if (chunk == 512) {
                result += tempresult;
                tempresult = "";
                chunk = 0;
            }
        }
        return result + tempresult;
    }

    function f3d_createKeys(key) {
        pc2bytes0 = new Array(0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204);
        pc2bytes1 = new Array(0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101);
        pc2bytes2 = new Array(0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808);
        pc2bytes3 = new Array(0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000);
        pc2bytes4 = new Array(0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, 0x41000, 0x1010, 0x41010);
        pc2bytes5 = new Array(0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, 0x2000000, 0x2000400, 0x2000020, 0x2000420);
        pc2bytes6 = new Array(0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002);
        pc2bytes7 = new Array(0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800);
        pc2bytes8 = new Array(0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, 0x2000002, 0x2040002, 0x2000002, 0x2040002);
        pc2bytes9 = new Array(0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408);
        pc2bytes10 = new Array(0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, 0x102000, 0x102020, 0x102000, 0x102020);
        pc2bytes11 = new Array(0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200);
        pc2bytes12 = new Array(0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010);
        pc2bytes13 = new Array(0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105);
        var iterations = key.length > 8 ? 3 : 1;
        var keys = new Array(32 * iterations);
        var shifts = new Array(0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0);
        var left, right, lefttemp, righttemp, m = 0,
            n = 0,
            temp;
        for (var j = 0; j < iterations; j++) {
            left = (key.charCodeAt(m++) << 24) | (key.charCodeAt(m++) << 16) | (key.charCodeAt(m++) << 8) | key.charCodeAt(m++);
            right = (key.charCodeAt(m++) << 24) | (key.charCodeAt(m++) << 16) | (key.charCodeAt(m++) << 8) | key.charCodeAt(m++);
            temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;
            right ^= temp;
            left ^= (temp << 4);
            temp = ((right >>> -16) ^ left) & 0x0000ffff;
            left ^= temp;
            right ^= (temp << -16);
            temp = ((left >>> 2) ^ right) & 0x33333333;
            right ^= temp;
            left ^= (temp << 2);
            temp = ((right >>> -16) ^ left) & 0x0000ffff;
            left ^= temp;
            right ^= (temp << -16);
            temp = ((left >>> 1) ^ right) & 0x55555555;
            right ^= temp;
            left ^= (temp << 1);
            temp = ((right >>> 8) ^ left) & 0x00ff00ff;
            left ^= temp;
            right ^= (temp << 8);
            temp = ((left >>> 1) ^ right) & 0x55555555;
            right ^= temp;
            left ^= (temp << 1);
            temp = (left << 8) | ((right >>> 20) & 0x000000f0);
            left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);
            right = temp;
            for (var i = 0; i < shifts.length; i++) {
                if (shifts[i]) {
                    left = (left << 2) | (left >>> 26);
                    right = (right << 2) | (right >>> 26);
                } else {
                    left = (left << 1) | (left >>> 27);
                    right = (right << 1) | (right >>> 27);
                }
                left &= -0xf;
                right &= -0xf;
                lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & 0xf];
                righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | pc2bytes13[(right >>> 4) & 0xf];
                temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;
                keys[n++] = lefttemp ^ temp;
                keys[n++] = righttemp ^ (temp << 16);
            }
        }
        return keys;
    }

    function s2x(s) {
        if (navigator.appVersion.indexOf("NetFront/4") > 0 || navigator.appVersion.indexOf("NetFront4") > 0) {
            return s;
        }
        var r = "0x";
        r = "";
        var hexes = new Array("0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f");
        for (var i = 0; i < s.length; i++) {
            r += hexes[s.charCodeAt(i) >> 4] + hexes[s.charCodeAt(i) & 0xf];
        }
        return r;
    }

    function x2s(h) {
        var r = "";
        for (var i = (h.substr(0, 2) == "0x") ? 2 : 0; i < h.length; i += 2) {
            r += String.fromCharCode(parseInt(h.substr(i, 2), 16));
        }
        return r;
    }

    function getUaBrowser(sUsrAg) {
        var sBrowser;
        if (!sUsrAg && typeof navigator !== 'undefined') sUsrAg = navigator.userAgent;
        if (sUsrAg.indexOf("OPR") > -1) {
            sBrowser = "Opera";
        } else if (sUsrAg.indexOf("MSIE") > -1) {
            sBrowser = "MSIE";
        } else if (sUsrAg.indexOf("Trident") > -1) {
            sBrowser = "MSIE";
        } else if (sUsrAg.indexOf("IEMobile") > -1) {
            sBrowser = "MSIE";
        } else if (sUsrAg.indexOf("Edge") > -1) {
            sBrowser = "Edge";
        } else if (sUsrAg.indexOf("Chrome") > -1) {
            sBrowser = "Chrome";
        } else if (sUsrAg.indexOf("CriOS/") > -1) {
            sBrowser = "Chrome";
        } else if (sUsrAg.indexOf("Safari") > -1) {
            sBrowser = "Safari";
        } else if (sUsrAg.indexOf("Firefox") > -1) {
            sBrowser = "Firefox";
        } else if (sUsrAg.indexOf("Opera Mini") > -1) {
            sBrowser = "Opera Mini";
        } else if (sUsrAg.indexOf("Opera") > -1) {
            sBrowser = "Opera Legacy";
        } else {
            reg = /^mozilla\/5\.0.*\(iphone.*cpu iphone os .* like mac os x.*\).*applewebkit\/.*\(.*khtml.* like gecko.*\).*mobile.*$/;
            if (sUsrAg.toLowerCase().match(reg)) {
                sBrowser = 'Safari';
            }
        }
        return sBrowser;
    }

    function getUaPlatform(sUsrAg) {
        var sPlatform = 'unknown';
        if (!sUsrAg && typeof navigator !== 'undefined') sUsrAg = navigator.userAgent;
        if (sUsrAg.indexOf("Windows Phone") > -1) {
            sPlatform = "Windows Phone";
        } else if (sUsrAg.indexOf("Windows Mobile") > -1) {
            sPlatform = "Windows Phone";
        } else if (sUsrAg.indexOf("X11") > -1) {
            sPlatform = "Linux";
        } else if (sUsrAg.indexOf("iPad") > -1) {
            sPlatform = "iPad";
        } else if (sUsrAg.indexOf("iPhone") > -1) {
            sPlatform = "iPhone";
        } else if (sUsrAg.indexOf("Android") > -1) {
            sPlatform = "Android";
        } else if (sUsrAg.indexOf("Macintosh") > -1) {
            sPlatform = "MacIntel";
        } else if (sUsrAg.indexOf("Intel Mac OS X") > -1) {
            sPlatform = "MacIntel";
        } else if (sUsrAg.indexOf("Windows NT") > -1) {
            sPlatform = "Windows";
        } else if (sUsrAg.indexOf("Linux") > -1) {
            sPlatform = "Linux";
        }
        return sPlatform;
    }

    function getDomBrowser() {
        var dBrowser;
        try {
            if (typeof window.navigator.msPointerEnabled != 'undefined') dBrowser = 'MSIE';
            else if (!!(Object.prototype.toString.call(window.operamini) === "[object OperaMini]")) dBrowser = 'Opera Mini';
            else if (typeof window.opera != 'undefined') dBrowser = 'Opera Legacy';
            else if (typeof window.opr != 'undefined') dBrowser = 'Opera';
            else if (typeof window.msManipulationViewsEnabled != 'undefined') dBrowser = 'Edge';
            else if (typeof window.msCredentials != 'undefined') dBrowser = 'Edge';
            else if (typeof window.navigator.systemLanguage != 'undefined') dBrowser = 'MSIE';
            else if (typeof window.navigator.appName != 'undefined' && window.navigator.appName == 'Microsoft Internet Explorer') dBrowser = 'MSIE';
            else if (typeof window.navigator.vendor != 'undefined' && window.navigator.vendor == 'Google Inc.') dBrowser = 'Chrome';
            else if (typeof window.mozInnerScreenX != 'undefined') dBrowser = 'Firefox';
            else if (typeof window.navigator.vendor != 'undefined' && window.navigator.vendor == 'Apple Computer, Inc.') dBrowser = 'Safari';
            else if (typeof window.navigator.webkitTemporaryStorage != 'undefined') dBrowser = 'Chrome';
            else if (typeof window.navigator.webkitAnimationEvent != 'undefined') dBrowser = 'Chrome';
            else if (typeof window.WebKitCSSMatrix != 'undefined') dBrowser = 'Safari';
            else if (typeof window.navigator.vendor != 'undefined') dBrowser = 'vendor:' + window.navigator.vendor;
            else dBrowser = 'undef:no_navigator_vendor';
        } catch (e) {
            dBrowser = 'undef:exception';
        }
        return dBrowser;
    }

    function getDomPlatform() {
        var dPlatform = 'unknown';
        try {
            if (typeof window.navigator.platform != 'undefined') {
                var p = window.navigator.platform;
                if (p == 'MacIntel') dPlatform = 'MacIntel';
                else if (p == 'Linux armv7l') dPlatform = 'Android';
                else if (p == 'Linux armv8l') dPlatform = 'Android';
                else if (p == 'Linux aarch64') dPlatform = 'Android';
                else if (p == 'Linux i686') dPlatform = 'Android';
                else if (p == 'Linux') dPlatform = 'Linux';
                else if (p == 'Linux x86_64') dPlatform = 'Linux';
                else if (p == 'Linux x86') dPlatform = 'Linux';
                else if (p == 'Win32') dPlatform = 'Windows';
                else if (p == 'Win64') dPlatform = 'Windows';
                else if (p == 'iPhone') dPlatform = 'iPhone';
                else if (p == 'iPad') dPlatform = 'iPad';
                else if (p == 'iPod touch') dPlatform = 'iPod touch';
                else if (p == 'ARM') dPlatform = 'Windows Phone';
                else dPlatform = window.navigator.platform;
            }
        } catch (e) {}
        return dPlatform;
    }

    function isUaSpoofed(comparePlatform) {
        comparePlatform = !!comparePlatform;
        var domBrowser = getDomBrowser();
        var uaBrowser = getUaBrowser();
        var uaPlatform = getUaPlatform();
        var domPlatform = getDomPlatform();
        spfstr1 = domBrowser + "fl_and" + domPlatform;
        spfstr2 = uaBrowser + "fl_and" + uaPlatform;
        if (uaBrowser != domBrowser) {
            if (domPlatform == 'iPhone' || domPlatform == 'iPad' || domPlatform == 'iPod touch') return false;
            if (uaBrowser === 'Opera' && domBrowser === 'Chrome') {
                if (domPlatform !== 'Windows' && domPlatform !== 'MacIntel') return false;
            }
            return true;
        }
        if (comparePlatform) {
            if (uaPlatform === 'Windows Phone' && domPlatform === 'Windows') {
                return false;
            }
            if (uaPlatform === 'Android' && domPlatform === 'Linux') {
                return false;
            }
            if (uaPlatform === 'Linux' && domPlatform === 'Android') {
                return false;
            }
            if (uaPlatform != domPlatform) {
                return true;
            }
        }
        return false;
    }
}());
(function() {
    isDNT = navigator.doNotTrack == "yes" || navigator.doNotTrack == "1" || navigator.msDoNotTrack == "1";
    if (isDNT !== true) {
        var cid = "",
            pid = "";
        var ldvs = document.getElementsByTagName("div");
        for (var i = 0; i < ldvs.length; i++) {
            if (ldvs[i].id) {
                var dve = ldvs[i].id.split('_');
                if (dve.length == 3 && dve[0] == "flpx") {
                    FLPXobj.procinit([cid, pid]);
                }
            }
        }
    }
})();

Executed Writes (1)
#1 JavaScript::Write (size: 126) - SHA256: f11999b85afe4444a92e3649127fea7e61ff78b64c780b3c3ce54645ad968a7b
< script src = 'https://flx808.lporirxe.com/flp/ncvp.js?c=808&i=1669961806'
type = 'text/javascript'
charset = 'ISO-8859-1' > < /script>


HTTP Transactions (70)


Request Response
                                        
                                            GET /index.php/promote/click?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         44.208.76.17
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 02 Dec 2022 06:16:44 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.bestukrainiangirl.com/index.php/promote/click?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7966
Expires: Fri, 02 Dec 2022 08:29:30 GMT
Date: Fri, 02 Dec 2022 06:16:44 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1479
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 06:16:44 GMT
Last-Modified: Fri, 02 Dec 2022 05:52:05 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 05:19:51 GMT
cache-control: public,max-age=3600
age: 3413
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5706
Expires: Fri, 02 Dec 2022 07:51:50 GMT
Date: Fri, 02 Dec 2022 06:16:44 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 2ueBz1+LerjhxvggbYrke4VYQdgJ5CH8dzI7pUp6fSbR5O9DGuAsySLYpajDwG3qoKPy9yXNDHY=
x-amz-request-id: K2Q1KA16ZMNEZW0K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 05:46:35 GMT
age: 1809
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:44 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 06:11:15 GMT
cache-control: public,max-age=3600
age: 330
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1482
Cache-Control: max-age=98086
Date: Fri, 02 Dec 2022 06:16:45 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:31:31 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /index.php/promote/click?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         44.208.76.17
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:45 GMT
content-length: 20
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
p3p: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
set-cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; path=/ owner_id=CP283597; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/ adv_id=2216; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/ adv_type=1; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/ subaffid=100304; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/ source_id=xferryx; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/ adv_ldp_id=CD387001; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/ qpid_offer_id=BUG_830762TEEKE; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/ website_id=192; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/ referer=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ adv_click_history_id=673494354; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/ qpid_click_id=2be4d5cb49824736bbbb914706116576; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/ owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D; expires=Thu, 02-Mar-2023 06:16:45 GMT; path=/
location: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tCkF4+O7njwDXaf8Ap2I9w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.218.164.174
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: h/tK4DXA1gZN35Dq+hFH2OQkCAE=

                                        
                                            GET /qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 28819
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (22671), with CRLF line terminators
Size:   28819
Md5:    058b1ec80f4027947dbfd10df2e80a30
Sha1:   0a4520dc16dce50fed0d6a3f509504fb492a0782
Sha256: 7f8605c831b99c83655e021072eab727ee6bf15c73e5a48a66b38a27961da718
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0DB9D4AECC91335DA8E7B0D67E37C5A1ACBCED952C085487492754AE207FF6F2"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2994
Expires: Fri, 02 Dec 2022 07:06:40 GMT
Date: Fri, 02 Dec 2022 06:16:46 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 06:16:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 06:16:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /js/implement-r.js?org=B30kwnm0BOePk19pEhOI&s=7e5496c228a2663bfc11cd0e065719f2&rt=click&p=CP283597&a=100304&cmp=BUG_830762TEEKE&rf= HTTP/1.1 
Host: fqtag.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         35.190.72.161
HTTP/2 200 OK
content-type: application/javascript
                                        
expires: 0
cache-control: no-cache, no-store, must-revalidate
x-xss-protection: 0
pragma: no-cache
date: Fri, 02 Dec 2022 06:16:46 GMT
access-control-allow-origin: *
content-length: 2714
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2714), with no line terminators
Size:   2714
Md5:    286cc6315692cb9ac60cfa6e5fd4a13e
Sha1:   da70607e0ef2130988bc39880150ba822886b1d5
Sha256: c3dd491e90597b05571a88a7d0ac6c2fceb5dc778ac46cd1f29e65663a97b214
                                        
                                            GET /gtag/js?id=UA-133277878-80 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 06:16:46 GMT
expires: Fri, 02 Dec 2022 06:16:46 GMT
cache-control: private, max-age=900
last-modified: Fri, 02 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43564
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43564
Md5:    0cc3516c4ebc9d0587990dc11f594f4d
Sha1:   8137caa208b7ac4f1a0bd4fa41653b4e2b02d3a2
Sha256: e058c8f26e79931019f6779222f004fe69249ac88fe752d97b40b9d868c32c0e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0DB9D4AECC91335DA8E7B0D67E37C5A1ACBCED952C085487492754AE207FF6F2"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2994
Expires: Fri, 02 Dec 2022 07:06:40 GMT
Date: Fri, 02 Dec 2022 06:16:46 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 06:16:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 06:16:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2583
Expires: Fri, 02 Dec 2022 06:59:49 GMT
Date: Fri, 02 Dec 2022 06:16:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2583
Expires: Fri, 02 Dec 2022 06:59:49 GMT
Date: Fri, 02 Dec 2022 06:16:46 GMT
Connection: keep-alive

                                        
                                            GET /css2?family=DM+Sans:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Dec 2022 06:16:46 GMT
date: Fri, 02 Dec 2022 06:16:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:20:09 GMT
age: 82597
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6174
Md5:    b986f9fcbeca91ed5c8d58fbfaf47d19
Sha1:   6e6c8bd2bce144cc4da1cd7be375b046b60dca79
Sha256: 07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
age: 30313
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11402
Md5:    1c80b8025242ddfcc816ec612456b99e
Sha1:   aa944d10fe4a44b790b01ef62edc0f85a6d558e3
Sha256: a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 30410
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   2942
Md5:    b47431190f34eccf0a6efb98e2a32b7d
Sha1:   9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
Sha256: 08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4834
x-amzn-requestid: 63a0b8b5-5cb3-4a1f-aa46-47c84abe726f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQrjEeAIAMF3sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7e3-0032799009f893ba79f314db;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:02:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 02EF3QEVKmEB2ikbGk9gzQq7_VMi00ufHUNRFTL8MpwJKaXQwdT8HA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 03:42:27 GMT
age: 9259
etag: "0de97f3a4964038222bd751e043e413113e6db9d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4834
Md5:    cd8ad22c2eb1eb91c76970fa449f1bc4
Sha1:   0de97f3a4964038222bd751e043e413113e6db9d
Sha256: 668f805815aede3bc04f8564bd6aefd56029362bb0aa8a794673eb78ab2d4643
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mwGAEu-gPXY5Opwd972VbBA6l33dNk7bPFSyZmciaplQKj2ZuTkQSg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 31319
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6564
Md5:    58a28fc1cbcacdb07b3ca175281982b5
Sha1:   9bc47ee49fc070d0997e49a719bd9758685ad583
Sha256: d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 30475
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4840
Md5:    60ccdde4ce64b4a3fe6fc2a059b3bde1
Sha1:   5ce119089f4a4cd139b523889b6cd84cd79191f4
Sha256: 2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b
                                        
                                            GET /qa/register01/images/kiss.png HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 18006
last-modified: Tue, 05 Jul 2022 01:49:13 GMT
etag: "4656-5e3050f3d537c"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size:   18006
Md5:    037850482d89101d0264b5c2a51cbaf3
Sha1:   c4442a41d1d0e4636c8a74148addcd56cb75481a
Sha256: 19999e0045128216c252678c74b4665a22df1c8bf2d28c4327fc754552df41a5
                                        
                                            GET /qa/register01/images/hand-over.png HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 6400
last-modified: Tue, 05 Jul 2022 01:49:12 GMT
etag: "1900-5e3050f314974"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit colormap, non-interlaced\012- data
Size:   6400
Md5:    6aee23bc1b43706192ce1201a49d9332
Sha1:   ec823936f540d613872d1e357ece45090b8525d0
Sha256: 3061a325961a761690be7ad3d93eb014eeaafeef26f2444e60c83e69e7ce998b
                                        
                                            GET /qa/register01/images/hugging.png HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 7083
last-modified: Tue, 05 Jul 2022 01:49:13 GMT
etag: "1bab-5e3050f38429c"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit colormap, non-interlaced\012- data
Size:   7083
Md5:    cafaf8a226ac7acff1c63c868a09d3ab
Sha1:   b9f3b25f2cd777ff131b68f4ee8764606fe18431
Sha256: 70cf55594627c61fa3e87944b193de1e17407080cd51603d2f0f204f9004dafd
                                        
                                            GET /qa/register01/images/thinking-face.png HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 6450
last-modified: Tue, 05 Jul 2022 01:49:22 GMT
etag: "1932-5e3050fcc7034"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit colormap, non-interlaced\012- data
Size:   6450
Md5:    e01b80cb5cfa195d670204261013c05e
Sha1:   9c857c7142dcff223625099b59adf780d06685d2
Sha256: e2544c89ce253853e2a8bb9aeba8a576a303e43104438e485a3b92428197833a
                                        
                                            GET /qa/register01/images/loading.gif HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 49082
last-modified: Tue, 05 Jul 2022 01:49:21 GMT
etag: "bfba-5e3050fba8644"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 107 x 90\012- data
Size:   49082
Md5:    351e1e7e896617f7dae0f19f436fee41
Sha1:   b2c3a4a978b90a8e8f5b1dba12230d624752f4aa
Sha256: 573c8107d16f18962e3dbc4c61c0621abb11dda26f9fea6cea3c1855dddee66a
                                        
                                            GET /qa/register01/images/female.png HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 8669
last-modified: Tue, 05 Jul 2022 01:49:12 GMT
etag: "21dd-5e3050f2f49bc"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit colormap, non-interlaced\012- data
Size:   8669
Md5:    07fdb9ed61590d2777892f83ffd6ed9d
Sha1:   a5bd944f99e7157565bb9fb6549c470e13dc8fc5
Sha256: c20f443c04ee371f3fcd1cd6683027bb9c7931f10a1b9ec8d7382ab38483e230
                                        
                                            GET /qa/register01/images/male.png HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 6589
last-modified: Tue, 05 Jul 2022 01:49:22 GMT
etag: "19bd-5e3050fc6c314"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit colormap, non-interlaced\012- data
Size:   6589
Md5:    e2106577efb42fd2cb110b8e098ca175
Sha1:   f40221d394693958100e89f2101e89f4ddca64d9
Sha256: eae7588fbcb76482b9d205d2bcb68db86b2876b8ffe5e186a47b1f1e44f8a6cc
                                        
                                            GET /qa/register01/images/lady01.jpg HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 23902
last-modified: Tue, 05 Jul 2022 01:49:16 GMT
etag: "5d5e-5e3050f6716e4"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 240x240, components 3\012- data
Size:   23902
Md5:    81f6a4ea8a56cf44bc1e14ef336daeeb
Sha1:   11f83ac03d35e86fce1193f04cfd688e3d9d1964
Sha256: 5b398b2553b46305d1394a4447dd1ae86f8d4f7ac4b0b19fde1a333e78d0df5f
                                        
                                            GET /qa/register01/images/lady02.jpg HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 25013
last-modified: Tue, 05 Jul 2022 01:49:18 GMT
etag: "61b5-5e3050f8bb1fc"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 240x240, components 3\012- data
Size:   25013
Md5:    401f7a56a912ebb527b5021cdb755d1d
Sha1:   eb31fb11adf40403fa0ffa305375566db9ab33fb
Sha256: 77618413cacf9729ba63a65b312205b57321c3e68501563275ec0c8501de1bad
                                        
                                            GET /qa/register01/images/lady03.jpg HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 26264
last-modified: Tue, 05 Jul 2022 01:49:20 GMT
etag: "6698-5e3050fa78ecc"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 240x240, components 3\012- data
Size:   26264
Md5:    5e7bd5777f4721fcde7893454128f85e
Sha1:   cdf30b7c9f9b54460bcb02974822a20e5878f1f2
Sha256: 23fc407e4d46c5e6d361d9b388b397237982ac37e83020219fb126c757fccc03
                                        
                                            GET /qa/register01/images/lady04.jpg HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 25763
last-modified: Tue, 05 Jul 2022 01:49:20 GMT
etag: "64a3-5e3050faa55bc"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 240x240, components 3\012- data
Size:   25763
Md5:    73a65ebbd26a1f14b638accb8eb22139
Sha1:   ebdba3afa2ff5835c9bc18efe0cfe2ded770f879
Sha256: f71f42e93861c4831da5f03dcb728c0b1dc828e31b522a1665fd4b466a6de01e
                                        
                                            GET /qa/register01/images/lady05.jpg HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 25428
last-modified: Tue, 05 Jul 2022 01:49:20 GMT
etag: "6354-5e3050facfd6c"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 240x240, components 3\012- data
Size:   25428
Md5:    ab95e189516a844fa011e3977e969c10
Sha1:   0a0bd7456713bba855d20bc9441fefbbcc71a9b6
Sha256: c5b1e494f0fba445b2fda9555f3c00b7eaa5e016a03a45f564169d01bc708fee
                                        
                                            GET /qa/register01/images/lady06.jpg HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 32238
last-modified: Tue, 05 Jul 2022 01:49:21 GMT
etag: "7dee-5e3050fafe39c"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 240x240, components 3\012- data
Size:   32238
Md5:    771ab354397841df3e9021586cbd4021
Sha1:   281334da3d5adafaaf4a527948e60c0c22415d6c
Sha256: 4947a3cb8fb7bc66ff25236500ef63e68ee2f7b676e1bda4aea191d64bb222ac
                                        
                                            GET /qa/register01/images/lady02.gif HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 718441
last-modified: Tue, 05 Jul 2022 01:49:18 GMT
etag: "af669-5e3050f884ecc"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 300 x 240\012- data
Size:   718441
Md5:    051f1406010ef328737da88e9049440f
Sha1:   15196dc7689e407c041af15fc888535ad2593955
Sha256: c95dacca221f7f0aac7d59f3a9397c9672c1b33b6735afcb6641a2d4cd9b886c
                                        
                                            GET /qa/register01/images/lady01.gif HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 944238
last-modified: Tue, 05 Jul 2022 01:49:16 GMT
etag: "e686e-5e3050f64a5e4"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 460 x 275\012- data
Size:   944238
Md5:    1378661a79051ba4c99d6ffa6b4937ff
Sha1:   43f23e1d895fb4b5aaf3528856c12a695fac345a
Sha256: 50ad5be435107232d2145cac9ac72d0a1445f08bdbe78d75a03917315dcc31d8
                                        
                                            GET /qa/register01/css/main.min.css HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 3894
last-modified: Tue, 05 Jul 2022 01:49:11 GMT
etag: "40fa-5e3050f18d7a4"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (16632), with CRLF line terminators
Size:   3894
Md5:    850d5db4ec0135777c1ecf1d54fd5646
Sha1:   5ecdf6b778856d6b02dbb8689694fae0357a0216
Sha256: bfd0401830620cfb73b83daf5c767fa66f334c2a5c0d244cae36e6583083500e
                                        
                                            GET /qa/register01/css/swiper.min.css HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 3249
last-modified: Tue, 05 Jul 2022 01:49:11 GMT
etag: "4d49-5e3050f1e984c"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (19512), with CRLF line terminators
Size:   3249
Md5:    1f22e27f428e6d4d24d6aa917703b1c8
Sha1:   9d44b75150712e0f3cebca70087869a65fa4e1bc
Sha256: 49e9aaed89ca14e41b5da380090d3fbb10e173ec265c37bbc3d1b8baed469980
                                        
                                            GET /qa/register01/css/layout.css?v1.0 HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 4540
last-modified: Tue, 05 Jul 2022 01:49:10 GMT
etag: "421f-5e3050f13de34"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (331), with CRLF line terminators
Size:   4540
Md5:    2c6ae66330701466614da360562e59f2
Sha1:   b1f91e2993caf9434b8aadc2a3ce484c49fb81a5
Sha256: ddc2263c9fd0c283d9d45fd55e90c1c8483a95c360e7e3d85c16ef432d4f5088

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /common/js/my_validate_index2.js HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:47 GMT
content-length: 2851
last-modified: Fri, 09 Oct 2020 08:24:18 GMT
etag: "2560-5b138acc60a3b"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with CRLF line terminators
Size:   2851
Md5:    f1e757f7e2374c7b7162906a20688af2
Sha1:   ca928406b98b3611e9f23ac3157c8a116eb332a6
Sha256: 4cc7f63506663396d396c9e81fdda9310abfe101cfa63e57411b1263c0d1f803

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /common/js/jquery.cookie.js HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:47 GMT
content-length: 1378
last-modified: Fri, 09 Oct 2020 08:24:18 GMT
etag: "c31-5b138acc863cb"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1378
Md5:    00cfb5c8c7ec0b51b1dfb190279d570f
Sha1:   468f6fe01079afbcf53594f1065847f04165e249
Sha256: 0585e143aba785df6fb525229dd5e3466227cecc87e913459f0444e732fbf15c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /qa/register01/images/logo.svg HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 5575
last-modified: Tue, 05 Jul 2022 01:49:22 GMT
etag: "15c7-5e3050fbf3964"
accept-ranges: bytes
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, Unicode text, UTF-8 text, with very long lines (2439)
Size:   5575
Md5:    75534473b7cc351b43537cb62d0667a0
Sha1:   3b2adfec31ebccf863049d752675149cbcef3326
Sha256: b83e143afb1973738d8c298f6985b0bca831a97ab43fd8dfabc29c559f6a95e1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /qa/register01/images/lady03.gif HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:46 GMT
content-length: 422678
last-modified: Tue, 05 Jul 2022 01:49:20 GMT
etag: "67316-5e3050fa4c00c"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 250 x 187\012- data
Size:   422678
Md5:    8da23666859a0dd50c5f414a0afcb964
Sha1:   457c6e6572dd3af1f51aa40da02fae92614af8cc
Sha256: d56bcb35ef49c519e093ed771ced5af6fd7ddcf02a6bbfd6c33425598070125b
                                        
                                            GET /common/js/auto_email/jquery.autoComplete.js HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:47 GMT
content-length: 1046
last-modified: Fri, 09 Oct 2020 08:24:18 GMT
etag: "c56-5b138acbfdc33"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with CRLF line terminators
Size:   1046
Md5:    d4b600f68461a491b71e88dc6f0173e1
Sha1:   7e20eb3d42dfec881deb87d3c2d6aad1c40aca0f
Sha256: c5dc9fb6467bc20ff42141ea247397131baf1e1d6240d0dd66eb62f2cf87c74a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /qa/register01/js/parallax.min.js HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:47 GMT
content-length: 5438
last-modified: Tue, 05 Jul 2022 01:49:23 GMT
etag: "43a4-5e3050fd6575c"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (17272), with CRLF line terminators
Size:   5438
Md5:    d05c86f40c1021162f5eface92f32750
Sha1:   3bb8c13a8d0af38771996de06ce099308e8d1fad
Sha256: a7f7d4d2cdc4a5f36a4ff11790a5c1b0f32ded52f196d7f42459b509e12fc624

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /common/js/auto_email/autoComplete.css HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:47 GMT
content-length: 376
last-modified: Fri, 09 Oct 2020 08:24:17 GMT
etag: "27d-5b138acba794b"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   376
Md5:    fa161ac586a052c4476ed190ac1571e0
Sha1:   95bf7bc6541743739aa6d9f185d398e36dc9ce6c
Sha256: f514e2d195768146c7b6453b788d6fdeb1df19ee6e5b017e0e9a1003a8e5c662
                                        
                                            GET /common/js/jquery.min.js HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:47 GMT
content-length: 34763
last-modified: Fri, 09 Oct 2020 08:24:18 GMT
etag: "17278-5b138accbfdab"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Size:   34763
Md5:    28ca33b476a0e86fa59725bdb38c7f2f
Sha1:   120531fc57923e78104a0aacee05c53cecbfd61f
Sha256: ffbc181a3d82af401ee3645d08b10d739c12222da179cd5ec2dc67016d7c93a3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /qa/register01/js/swiper.min.js HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:47 GMT
content-length: 33064
last-modified: Tue, 05 Jul 2022 01:49:23 GMT
etag: "1d7b5-5e3050fdba6bc"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65263), with CRLF line terminators
Size:   33064
Md5:    9919d9d97c932c232298137ba2021d30
Sha1:   d8ce5b6985d28a7342e16274de07bf90d2b0591b
Sha256: eceb9fc78096f2c0ded07f04804c83af4ec93d7e6eb14f4322cf592aa640ade3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 06:16:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 06:16:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/dmsans/v11/rP2Hp2ywxg089UriCZOIHQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.bestukrainiangirl.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18096
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 22:11:26 GMT
expires: Fri, 01 Dec 2023 22:11:26 GMT
cache-control: public, max-age=31536000
age: 29121
last-modified: Thu, 21 Apr 2022 16:54:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 18096, version 1.0\012- data
Size:   18096
Md5:    f29503a1895affee5ed85d0246238af8
Sha1:   f474c6e8a3e4e28fb68cf7fb29bd448cdfeb0278
Sha256: 7164a212fb4df27bf1e006342d1686badcba58f5a5d301772c14cc7adf1d4821
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 06:16:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/dmsans/v11/rP2Fp2ywxg089UriCZa4Hz-D.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.bestukrainiangirl.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19004
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 22:34:39 GMT
expires: Fri, 01 Dec 2023 22:34:39 GMT
cache-control: public, max-age=31536000
age: 27728
last-modified: Thu, 21 Apr 2022 16:57:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 19004, version 1.0\012- data
Size:   19004
Md5:    be2a14878eb61d7c95d5970ff1912539
Sha1:   237450c08a36de2b7d3e4d20b74a062ca2fce816
Sha256: 1e235540dffb208599faa7434fad4050331fcd6916bf44fad58a5d1d65b8d360
                                        
                                            GET /s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.bestukrainiangirl.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18212
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 22:11:50 GMT
expires: Fri, 01 Dec 2023 22:11:50 GMT
cache-control: public, max-age=31536000
age: 29097
last-modified: Thu, 21 Apr 2022 16:54:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 18212, version 1.0\012- data
Size:   18212
Md5:    ca72fb4e277e59be50b8850190822581
Sha1:   159b97b22006fe2a483da0a13d33cfb3cc5aa031
Sha256: f3c0fa2cd71bb91d0e3acf5d77b93c49a184e9ad941532ca8c07c82eb0bd6a6c
                                        
                                            GET /1.27.339-ccfb11a/pixel.js HTTP/1.1 
Host: cdn.fqtag.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         35.190.36.172
HTTP/2 200 OK
content-type: application/javascript
                                        
x-guploader-uploadid: ADPycds5OuNEv-JtB1ZdJ0StwmHkuK8-Ix4i18EFSlIefpCelFnJJ_tlHUKvpsSqtXPE5tZL3Uf3J94YcOvbgojWAg7XbA
x-goog-generation: 1611776924905378
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89647
content-language: en
x-goog-hash: crc32c=YwE4YA==, md5=4O/zBXlZj3YUfJ6hL0kNIQ==
x-goog-expiration: Sun, 11 Nov 2294 19:48:44 GMT
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 89647
server: UploadServer
date: Fri, 02 Dec 2022 05:30:44 GMT
expires: Fri, 02 Dec 2022 06:30:44 GMT
cache-control: public, max-age=3600
age: 2763
last-modified: Wed, 27 Jan 2021 19:48:44 GMT
etag: "e0eff30579598f76147c9ea12f490d21"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (31986)
Size:   89647
Md5:    e0eff30579598f76147c9ea12f490d21
Sha1:   f0bf2ef576db440b275bdae3d6abac35e59a33b2
Sha256: e70a34c5f232fa80328a361630a994cf847c54deb926f13d40be4807291b657b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 06:16:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.41
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 06:16:47 GMT
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 02 Dec 2022 03:52:09 GMT
Expires: Sat, 03 Dec 2022 03:52:09 GMT
ETag: "d5f89a035aa627b7f98e2b9b97796c5ea9b12a32"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1777
Md5:    5a506ad998b9c59e872f0fa269607791
Sha1:   d5f89a035aa627b7f98e2b9b97796c5ea9b12a32
Sha256: 25ec4a0dfafc38e8a7b8d428f0af4310e09707e35c0fd29fccf628d033ad2d10
                                        
                                            GET /flp/ncvp.js?c=808&i=1669961806 HTTP/1.1 
Host: flx808.lporirxe.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.18.156.225
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 02 Dec 2022 06:16:47 GMT
content-length: 11218
last-modified: Wed, 30 Nov 2022 23:31:48 GMT
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 5014
expires: Sat, 03 Dec 2022 06:16:47 GMT
cache-control: public, max-age=86400
accept-ranges: bytes
server: cloudflare
cf-ray: 7731ef91bbe31bfa-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   11218
Md5:    e6a30d4ef5eaccb5d35d0eb5dc740052
Sha1:   42740eec442f77afdb474126b88300330ef2473a
Sha256: b962548be39783badbf3c462775ada9eddb95b9bc6e4e5c0c313c54fb6e524aa
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.110
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 02 Dec 2022 04:41:08 GMT
expires: Fri, 02 Dec 2022 06:41:08 GMT
cache-control: public, max-age=7200
age: 5739
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /qa/register01/images/favicon.png HTTP/1.1 
Host: www.bestukrainiangirl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/qa/register01.php?aid=2216&oid=CP283597&qpid_offer_id=BUG_830762TEEKE&qpid_clickid=2be4d5cb49824736bbbb914706116576&qpid_subid=100304&source_tag=xferryx
Cookie: PHPSESSID=ftcj05pn50i5n5hbhbg6bcilp3; owner_id=CP283597; adv_id=2216; adv_type=1; subaffid=100304; source_id=xferryx; adv_ldp_id=CD387001; qpid_offer_id=BUG_830762TEEKE; website_id=192; adv_click_history_id=673494354; qpid_click_id=2be4d5cb49824736bbbb914706116576; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222216%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP283597%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22BUG_830762TEEKE%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%222be4d5cb49824736bbbb914706116576%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A6%3A%22100304%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A7%3A%22xferryx%22%3B%7D; flv=xeN5c3aTrqGE0r9iLS3s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         44.208.76.17
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 02 Dec 2022 06:16:47 GMT
content-length: 4538
last-modified: Tue, 05 Jul 2022 01:49:12 GMT
etag: "11ba-5e3050f2ce85c"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 72 x 72, 8-bit colormap, interlaced\012- data
Size:   4538
Md5:    ab3a78d3c6e73eece0baa64e3f106b98
Sha1:   6c2ba310202ac729b114b08a7e3cb3ff9294973a
Sha256: 2439de2640827cda6582ee71937879741cee8fcb73402559ac217477814d00ec
                                        
                                            POST /aux/d HTTP/1.1 
Host: aux.fqtag.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 233
Origin: https://www.bestukrainiangirl.com
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.190.13.203
HTTP/2 204 No Content
                                        
access-control-allow-origin: *
date: Fri, 02 Dec 2022 06:16:47 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            POST /aux/p HTTP/1.1 
Host: aux.fqtag.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 272
Origin: https://www.bestukrainiangirl.com
Connection: keep-alive
Referer: https://www.bestukrainiangirl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         35.190.13.203
HTTP/2 204 No Content
                                        
access-control-allow-origin: *
date: Fri, 02 Dec 2022 06:16:48 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2