firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 19:07:48 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pXd-GRvTa4NKJW9m-Liu1K_ced4dW1McZGL1M1mIORhkTe1TXgrvUQ==
Age: 799
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8860
Expires: Sun, 11 Sep 2022 21:48:47 GMT
Date: Sun, 11 Sep 2022 19:21:07 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ZosVOzou6heispJvjGy23JM4HpmwuMMuVaJ3vQNtR29zKRA84MPF8g==
age: 43435
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
rinbowfish.lol/cl/567_md/4/89/1162/37/776884
78.135.85.242302 Found 163 B URL HTTP/1.1 rinbowfish.lol/cl/567_md/4/89/1162/37/776884
IP 78.135.85.242:0
File type HTML document, ASCII text, with no line terminators
Hash 12f9b624d99d45656640c5f0fec799a5
749b1d1cadf459042f7d93d33f69ce74be9ab7a1
fa2359745066ef5d6e2a823ef0952ebcab8353c162150d8d5084b01434e03183
Analyzer Verdict Alert fortinet Phishing
GET /cl/567_md/4/89/1162/37/776884 HTTP/1.1
Host: rinbowfish.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sun, 11 Sep 2022 19:21:07 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
X-Powered-By: PHP/7.1.33
Location: https://www.br2ghatrk.com/85SPX7/L43QWG/?sub1=4&sub2=567_6&sub3=37_776884_89_160979_md
Content-Length: 163
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 11 Sep 2022 18:56:07 GMT
Cache-Control: max-age=3600
Expires: Sun, 11 Sep 2022 19:19:38 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QDtPlIfIm6lh565oE5tWK6b5_VAXhcptTQXrVaQ2tLVq2GhilMhsag==
Age: 1501
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 26e829ba5f754918e20cbd316dc4348e
ba198501da0812dd11ca3b38a51325b5de6cfa60
4352c25d4af7637a8435b0df6d042fc606d37a348e966b99fecce8a853b8ebc0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1074
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:21:08 GMT
Last-Modified: Sun, 11 Sep 2022 19:03:14 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.27.12.161101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.27.12.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AWxO0soeICERZF/zBG0tjw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2O73UPC2TKwU5H/OFX2rwaGg5dc=
www.br2ghatrk.com/85SPX7/L43QWG/?sub1=4&sub2=567_6&sub3=37_776884_89_160979_md
34.95.111.143302 Found 239 B URL HTTP/2 www.br2ghatrk.com/85SPX7/L43QWG/?sub1=4&sub2=567_6&sub3=37_776884_89_160979_md
IP 34.95.111.143:0
File type HTML document, ASCII text
Hash 163343d65ae0cdf56837e0a551a577cc
c7fd7592d1e29097139535bba1b5b1c58cdb2ef5
13f8734f4c2c909d1b95be8d1d44986cb004bd6e883e057e12544e0838934222
GET /85SPX7/L43QWG/?sub1=4&sub2=567_6&sub3=37_776884_89_160979_md HTTP/1.1
Host: www.br2ghatrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sun, 11 Sep 2022 19:21:09 GMT
content-type: text/html; charset=utf-8
content-length: 239
location: https://www.dateukrainianbeauty.com/index.php/promote/click?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
set-cookie: uniqueClick_L43QWG=4703762d-1773-49c3-a144-7c2327c625bb:1662924069; Path=/; Expires=Sun, 11 Sep 2022 20:21:09 GMT; Secure; SameSite=None
transaction_id=0b055dd7c66a4a14b4a98368eab6ebde; Path=/; Expires=Sat, 10 Dec 2022 19:21:09 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 221a5858-5e20-4c46-99f9-355cb976cdde
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 1ef8f92f15334e68a2f9451e00b728b2
6da32ae32e12f2229e27359d6545d3b8f13089b4
10e01741ed9f089a6c35a7dea05714df98272cafd4a1391883648b23741ae5b7
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Sep 2022 19:21:10 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Sep 2022 18:31:44 GMT
Expires: Mon, 12 Sep 2022 18:31:44 GMT
ETag: "6da32ae32e12f2229e27359d6545d3b8f13089b4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6164
Expires: Sun, 11 Sep 2022 21:03:54 GMT
Date: Sun, 11 Sep 2022 19:21:10 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6164
Expires: Sun, 11 Sep 2022 21:03:54 GMT
Date: Sun, 11 Sep 2022 19:21:10 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6164
Expires: Sun, 11 Sep 2022 21:03:54 GMT
Date: Sun, 11 Sep 2022 19:21:10 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6164
Expires: Sun, 11 Sep 2022 21:03:54 GMT
Date: Sun, 11 Sep 2022 19:21:10 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6164
Expires: Sun, 11 Sep 2022 21:03:54 GMT
Date: Sun, 11 Sep 2022 19:21:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fea5dfc4a6a5093fd81899ee4a79d446
c893d7475856809a59486e0bcebd6d662d1fc56f
915fb97690be97d97cb298fc60ceb4cf7c3ed8fb437836beb2d590a8e238363c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7017
x-amzn-requestid: df5e57d7-e54c-4b5a-aa1b-a9aee889842e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_Et0oAMFSjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-50d15bba03579a935342e22f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YRgmbTGaMvU9Kf47U90cPYhgpXaYgoNVA8ut6LOUStK4UfWahpSqVA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:41:08 GMT
age: 78002
etag: "c893d7475856809a59486e0bcebd6d662d1fc56f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:57:28 GMT
age: 77022
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bb1a86dcf94db0a29a6ebe21866766d4
b3491a6f12c97c8e1848a206a185fae29213c1e5
d05619e519fed6c0b6c0616cf540908006a68f127b25e38fb9d041dfe2546df4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7519
x-amzn-requestid: bef8445b-1f8b-4c00-a9ad-b32fdefe3d13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3zXoHOhIAMFfNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312ff63-1a6c3ef64362a4d052a761ae;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:16:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Pzv2DSpqnXB0UP3C5EF-YUzRmveFwmal_8YyRfEuHuhZ1FcUWgHocg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 10:22:00 GMT
age: 32350
etag: "b3491a6f12c97c8e1848a206a185fae29213c1e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ec2646c56c4c522f0744768ad20342b
ad1d9eee90556a359547dc7cbb6758aee2c804cd
0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7635
x-amzn-requestid: dbd07cc7-d0f6-4500-83c6-b19fa9fa2e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt5xDEfUIAMFYXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f09a0-3771b23118f3711e5caca699;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ILut4hEDJbs6jNr3wpPST1HgAYMabIT7cdZebRFETn8lL_QfS92KBA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 00:50:01 GMT
age: 66669
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8625e0707046e7a3715a8dbb40b1cae2
0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78
abc4c12561be08897341d9c8104c30a289357c0907e55c46895f7fb6afb2f75d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13568
x-amzn-requestid: ad06f499-3e04-414a-8a3f-6daa9e0124ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3yN1F2BIAMFoqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312fd8b-3a17f11440d2f37b23ac7f6a;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:08:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iNRnq8nMhoTo9oY379Ynb6uPW0vNyf3dNufU_HpXNfzxvhrAEKEzJQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 14:06:07 GMT
age: 18903
etag: "0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57d797a1c3f6589746a1135bdb19f54f
7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BPWrjstB3xKeYzHK9eQoJL8ORgRFsqjmNxu0j10epBANBtZCRU-m2g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:43:06 GMT
age: 77884
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/index.php/promote/click?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
52.52.22.249302 Found 20 B URL HTTP/2 www.dateukrainianbeauty.com/index.php/promote/click?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
IP 52.52.22.249:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /index.php/promote/click?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663847006; qpid_click_id=c7fd52cdbcc8457a9618f1849696d3b2; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%22c7fd52cdbcc8457a9618f1849696d3b2%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sun, 11 Sep 2022 19:21:10 GMT
content-type: text/html; charset=UTF-8
content-length: 20
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
p3p: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
set-cookie: PHPSESSID=4lu04lpoff679gld8tt1l5sm31; path=/
owner_id=CP284062; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
adv_id=2211; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
adv_type=1; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
subaffid=158; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
source_id=4___src%3Abdmg; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
adv_ldp_id=CD385005; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
qpid_offer_id=DUB_831752TEEEI; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
website_id=189; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
referer=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
adv_click_history_id=663851682; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; expires=Sat, 10-Dec-2022 19:21:10 GMT; path=/
location: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
52.52.22.249200 OK 28 kB URL HTTP/2 www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
IP 52.52.22.249:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (22671), with CRLF line terminators
Hash e9c0935896b39c7c304fc982bfc8bf78
f067ba25ff9075f96476ee7aaee047d432e8db56
421ca88cdd33a2880627962f080d59476f512c790742db2c9ec0b01343f948da
GET /qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:11 GMT
content-type: text/html; charset=UTF-8
content-length: 28395
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 507f2c4eaa235a1e89766d9ce398d830
374ab23b87df7043098ee1f46888a8448329293d
0f0e834890b4706e35bb63b666019b33cbb81cb11eb4dac969653022ff93b09f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F0E834890B4706E35BB63B666019B33CBB81CB11EB4DAC969653022FF93B09F"
Last-Modified: Sun, 11 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12294
Expires: Sun, 11 Sep 2022 22:46:05 GMT
Date: Sun, 11 Sep 2022 19:21:11 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 57b75ea93de540716c45f1397781431a
431cc2c684385c4e46facd7210b5ac49b9dd09cc
4581d7dd422dc110fa7cfe667297cdb75d92a02ce7226db6db89448befa5b780
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:21:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-133277878-78
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-133277878-78
IP 142.250.74.72:0
File type ASCII text, with very long lines (1615)
Hash fd2e261d345ad109b6c5b8884bef137e
4ffbc2eaa2b1e837d69b5e930cefa7bb8c283a4d
b2cebb0d70e857ef3cd927fd653ea36e4c5e0244997dcb8a61cea61f1dc51447
GET /gtag/js?id=UA-133277878-78 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Sep 2022 19:21:11 GMT
expires: Sun, 11 Sep 2022 19:21:11 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41883
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 57b75ea93de540716c45f1397781431a
431cc2c684385c4e46facd7210b5ac49b9dd09cc
4581d7dd422dc110fa7cfe667297cdb75d92a02ce7226db6db89448befa5b780
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:21:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.dateukrainianbeauty.com/qa/register05/images/logo.png
52.52.22.249200 OK 13 kB URL HTTP/2 www.dateukrainianbeauty.com/qa/register05/images/logo.png
IP 52.52.22.249:0
File type PNG image data, 600 x 100, 8-bit/color RGBA, interlaced\012- data
Hash 177fa2bf1a5ae1cabee719d13ee2ed2f
d6245c55a3042129da9b36c022b15afdbd6ece34
1737e31f8e3d46ad631690f3fa40e2514031400370d505f23ca72a0a61a10b8d
GET /qa/register05/images/logo.png HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:11 GMT
content-type: image/png
content-length: 13232
last-modified: Wed, 29 Jun 2022 01:56:19 GMT
etag: "33b0-5e28c758cca78"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/qa/register05/css/layout.css?1.0
52.52.22.249200 OK 5.3 kB URL HTTP/2 www.dateukrainianbeauty.com/qa/register05/css/layout.css?1.0
IP 52.52.22.249:0
File type assembler source, Unicode text, UTF-8 text, with CRLF line terminators
Hash df1b6531807e7bfbd34dd5b7f88c0b48
ac72eafb7bcba8019f0a70c92058a4710986b9fe
61031dd7aa1150b948298fe493c5f031bd079a892d0fe20aefe27ec5abd2e871
GET /qa/register05/css/layout.css?1.0 HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:12 GMT
content-type: text/css
content-length: 5337
last-modified: Wed, 29 Jun 2022 01:56:10 GMT
etag: "5bde-5e28c750a5020"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/qa/register05/css/animate.css
52.52.22.249200 OK 3.2 kB URL HTTP/2 www.dateukrainianbeauty.com/qa/register05/css/animate.css
IP 52.52.22.249:0
File type ASCII text, with CRLF line terminators
Hash b9e822d04327966698ecba09db570ea1
809819095f0e6cc40a38d2c6a3a6d649c2c6baee
894944d96ed5e3dacdacb72b56a98675caf8fda1fa298d1a434470b69e799e17
GET /qa/register05/css/animate.css HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:12 GMT
content-type: text/css
content-length: 3204
last-modified: Wed, 29 Jun 2022 01:56:10 GMT
etag: "6356-5e28c7507b810"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/common/js/auto_email/jquery.autoComplete.js
52.52.22.249200 OK 1.0 kB URL HTTP/2 www.dateukrainianbeauty.com/common/js/auto_email/jquery.autoComplete.js
IP 52.52.22.249:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash d4b600f68461a491b71e88dc6f0173e1
7e20eb3d42dfec881deb87d3c2d6aad1c40aca0f
c5dc9fb6467bc20ff42141ea247397131baf1e1d6240d0dd66eb62f2cf87c74a
Analyzer Verdict Alert fortinet Phishing
GET /common/js/auto_email/jquery.autoComplete.js HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 1046
last-modified: Fri, 09 Oct 2020 08:24:18 GMT
etag: "c56-5b138acbfdc33"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/common/js/jquery.cookie.js
52.52.22.249200 OK 1.4 kB URL HTTP/2 www.dateukrainianbeauty.com/common/js/jquery.cookie.js
IP 52.52.22.249:0
Hash 00cfb5c8c7ec0b51b1dfb190279d570f
468f6fe01079afbcf53594f1065847f04165e249
0585e143aba785df6fb525229dd5e3466227cecc87e913459f0444e732fbf15c
Analyzer Verdict Alert fortinet Phishing
GET /common/js/jquery.cookie.js HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 1378
last-modified: Fri, 09 Oct 2020 08:24:18 GMT
etag: "c31-5b138acc863cb"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/common/js/auto_email/autoComplete.css
52.52.22.249200 OK 376 B URL HTTP/2 www.dateukrainianbeauty.com/common/js/auto_email/autoComplete.css
IP 52.52.22.249:0
File type ASCII text, with CRLF line terminators
Hash fa161ac586a052c4476ed190ac1571e0
95bf7bc6541743739aa6d9f185d398e36dc9ce6c
f514e2d195768146c7b6453b788d6fdeb1df19ee6e5b017e0e9a1003a8e5c662
GET /common/js/auto_email/autoComplete.css HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:12 GMT
content-type: text/css
content-length: 376
last-modified: Fri, 09 Oct 2020 08:24:17 GMT
etag: "27d-5b138acba794b"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/common/js/my_validate_index2.js
52.52.22.249200 OK 2.9 kB URL HTTP/2 www.dateukrainianbeauty.com/common/js/my_validate_index2.js
IP 52.52.22.249:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash f1e757f7e2374c7b7162906a20688af2
ca928406b98b3611e9f23ac3157c8a116eb332a6
4cc7f63506663396d396c9e81fdda9310abfe101cfa63e57411b1263c0d1f803
Analyzer Verdict Alert fortinet Phishing
GET /common/js/my_validate_index2.js HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 2851
last-modified: Fri, 09 Oct 2020 08:24:18 GMT
etag: "2560-5b138acc60a3b"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/qa/register05/images/lady-gif.gif
52.52.22.249200 OK 1.3 MB URL HTTP/2 www.dateukrainianbeauty.com/qa/register05/images/lady-gif.gif
IP 52.52.22.249:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 1.3 MB (1344883 bytes)
Hash 5be23ed7d47817820903feae84f60a40
b9cfa1753c908aef14ec8719124c408680312acb
06a70099aac1dc1fcc5227279097af15d74dfa5f171b944a3bd69b2a64aaa9a1
GET /qa/register05/images/lady-gif.gif HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:11 GMT
content-type: image/gif
content-length: 1344883
last-modified: Wed, 29 Jun 2022 01:56:18 GMT
etag: "148573-5e28c758a8858"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/common/js/jquery.min.js
52.52.22.249200 OK 35 kB URL HTTP/2 www.dateukrainianbeauty.com/common/js/jquery.min.js
IP 52.52.22.249:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 28ca33b476a0e86fa59725bdb38c7f2f
120531fc57923e78104a0aacee05c53cecbfd61f
ffbc181a3d82af401ee3645d08b10d739c12222da179cd5ec2dc67016d7c93a3
Analyzer Verdict Alert fortinet Phishing
GET /common/js/jquery.min.js HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 34763
last-modified: Fri, 09 Oct 2020 08:24:18 GMT
etag: "17278-5b138accbfdab"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 507f2c4eaa235a1e89766d9ce398d830
374ab23b87df7043098ee1f46888a8448329293d
0f0e834890b4706e35bb63b666019b33cbb81cb11eb4dac969653022ff93b09f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F0E834890B4706E35BB63B666019B33CBB81CB11EB4DAC969653022FF93B09F"
Last-Modified: Sun, 11 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12291
Expires: Sun, 11 Sep 2022 22:46:05 GMT
Date: Sun, 11 Sep 2022 19:21:14 GMT
Connection: keep-alive
cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
35.190.36.172200 OK 90 kB URL HTTP/2 cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
IP 35.190.36.172:0
File type ASCII text, with very long lines (31986)
Hash e0eff30579598f76147c9ea12f490d21
f0bf2ef576db440b275bdae3d6abac35e59a33b2
e70a34c5f232fa80328a361630a994cf847c54deb926f13d40be4807291b657b
GET /1.27.339-ccfb11a/pixel.js HTTP/1.1
Host: cdn.fqtag.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdtbxgzmB3DarfoT9bfLebi56fXrjDgDv-lVjGmzJAsqky5iI-n9-DOffMIC-kjiaWBPzoLwYa29ZGuTFDOJ4fPET8Ysgf1y
x-goog-generation: 1611776924905378
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89647
content-language: en
x-goog-hash: crc32c=YwE4YA==, md5=4O/zBXlZj3YUfJ6hL0kNIQ==
x-goog-expiration: Sun, 11 Nov 2294 19:48:44 GMT
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
server: UploadServer
date: Sun, 11 Sep 2022 19:05:49 GMT
expires: Sun, 11 Sep 2022 20:05:49 GMT
cache-control: public, max-age=3600
age: 925
last-modified: Wed, 27 Jan 2021 19:48:44 GMT
etag: "e0eff30579598f76147c9ea12f490d21"
content-type: application/javascript
content-length: 89647
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/qa/register05/images/bgpure.jpg
52.52.22.249200 OK 58 kB URL HTTP/2 www.dateukrainianbeauty.com/qa/register05/images/bgpure.jpg
IP 52.52.22.249:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x962, components 3\012- data
Hash def13ed9b16f6052458968a2ea61697c
dbbd9859cb89ed82a9992bb08650bfb4004a70a1
c0ad0318ff7805e13dd4a7eb10380a3023f7eeceda004e3f1f1063145d8baf7a
GET /qa/register05/images/bgpure.jpg HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05/css/layout.css?1.0
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:14 GMT
content-type: image/jpeg
content-length: 58054
last-modified: Wed, 29 Jun 2022 01:56:15 GMT
etag: "e2c6-5e28c75557280"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 524854480658dbd37de4fe43ba617a91
d0d2914657b4c827c12c61c7e283bde7f9a4c77d
94846980e3ff5e444f51075841a47ccfe153684e42d0f1e34fdb1f74e0616346
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Sep 2022 19:21:14 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Sep 2022 10:52:19 GMT
Expires: Mon, 12 Sep 2022 10:52:19 GMT
ETag: "d0d2914657b4c827c12c61c7e283bde7f9a4c77d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 1ef8f92f15334e68a2f9451e00b728b2
6da32ae32e12f2229e27359d6545d3b8f13089b4
10e01741ed9f089a6c35a7dea05714df98272cafd4a1391883648b23741ae5b7
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Sep 2022 19:21:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Sep 2022 18:31:44 GMT
Expires: Mon, 12 Sep 2022 18:31:44 GMT
ETag: "6da32ae32e12f2229e27359d6545d3b8f13089b4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
flx808.lporirxe.com/flp/ncvp.js?c=808&i=1662924063
104.18.155.225200 OK 11 kB URL HTTP/2 flx808.lporirxe.com/flp/ncvp.js?c=808&i=1662924063
IP 104.18.155.225:0
Hash e6a30d4ef5eaccb5d35d0eb5dc740052
42740eec442f77afdb474126b88300330ef2473a
b962548be39783badbf3c462775ada9eddb95b9bc6e4e5c0c313c54fb6e524aa
GET /flp/ncvp.js?c=808&i=1662924063 HTTP/1.1
Host: flx808.lporirxe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 19:21:14 GMT
content-type: application/javascript
content-length: 11218
last-modified: Fri, 26 Aug 2022 17:37:34 GMT
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1458
expires: Mon, 12 Sep 2022 19:21:14 GMT
cache-control: public, max-age=86400
accept-ranges: bytes
server: cloudflare
cf-ray: 7492c3ea1d4d0b31-OSL
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/qa/register05/images/bg-lady-1.png
52.52.22.249200 OK 231 kB URL HTTP/2 www.dateukrainianbeauty.com/qa/register05/images/bg-lady-1.png
IP 52.52.22.249:0
File type PNG image data, 392 x 805, 8-bit/color RGBA, non-interlaced\012- data
Size 231 kB (231386 bytes)
Hash fd4e8837dad0f7a300f412df09678d44
f22ce247c3247cc392d036b774cf29296862a52a
7b0d68de874c5d4d40046c617b1801cd1d596e13c29830d781b61205543718ef
GET /qa/register05/images/bg-lady-1.png HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05/css/layout.css?1.0
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:14 GMT
content-type: image/png
content-length: 231386
last-modified: Wed, 29 Jun 2022 01:56:14 GMT
etag: "387da-5e28c75482440"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/qa/register05/images/bg-lady-2.png
52.52.22.249200 OK 244 kB URL HTTP/2 www.dateukrainianbeauty.com/qa/register05/images/bg-lady-2.png
IP 52.52.22.249:0
File type PNG image data, 336 x 819, 8-bit/color RGBA, non-interlaced\012- data
Size 244 kB (243543 bytes)
Hash 109d3860578dee79c38fe3460cdc7663
2fa60ae016cb6176c84d2631f7009d07444cb161
ad4d986681c233d2b22a4bc3eab573b8a5351b0b3603ee2e296ef782d8a65258
GET /qa/register05/images/bg-lady-2.png HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05/css/layout.css?1.0
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:14 GMT
content-type: image/png
content-length: 243543
last-modified: Wed, 29 Jun 2022 01:56:15 GMT
etag: "3b757-5e28c75519638"
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sun, 11 Sep 2022 18:41:12 GMT
expires: Sun, 11 Sep 2022 20:41:12 GMT
cache-control: public, max-age=7200
age: 2402
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j96&a=838150357&t=pageview&_s=1&dl=https%3A%2F%2Fwww.dateukrainianbeauty.com%2Fqa%2Fregister05.php%3Faid%3D2211%26oid%3DCP284062%26qpid_offer_id%3DDUB_831752TEEEI%26qpid_subid%3D158%26qpid_clickid%3D0b055dd7c66a4a14b4a98368eab6ebde%26source_tag%3D4___src%3Abdmg&ul=en-us&de=UTF-8&dt=Ukrainian%20Dating%20Service%20for%20Singles%20to%20Meet%20Ukrainian%20Women%2C%20Ukrainian%20Girls.%20-%20DateUkrainianBeauty.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAUABAAAAAC~&jid=1527278643&gjid=836301618&cid=1388955317.1662921278&tid=UA-133277878-78&_gid=402210028.1662921278&_r=1>m=2ou970&z=1278940806
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j96&a=838150357&t=pageview&_s=1&dl=https%3A%2F%2Fwww.dateukrainianbeauty.com%2Fqa%2Fregister05.php%3Faid%3D2211%26oid%3DCP284062%26qpid_offer_id%3DDUB_831752TEEEI%26qpid_subid%3D158%26qpid_clickid%3D0b055dd7c66a4a14b4a98368eab6ebde%26source_tag%3D4___src%3Abdmg&ul=en-us&de=UTF-8&dt=Ukrainian%20Dating%20Service%20for%20Singles%20to%20Meet%20Ukrainian%20Women%2C%20Ukrainian%20Girls.%20-%20DateUkrainianBeauty.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAUABAAAAAC~&jid=1527278643&gjid=836301618&cid=1388955317.1662921278&tid=UA-133277878-78&_gid=402210028.1662921278&_r=1>m=2ou970&z=1278940806
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j96&a=838150357&t=pageview&_s=1&dl=https%3A%2F%2Fwww.dateukrainianbeauty.com%2Fqa%2Fregister05.php%3Faid%3D2211%26oid%3DCP284062%26qpid_offer_id%3DDUB_831752TEEEI%26qpid_subid%3D158%26qpid_clickid%3D0b055dd7c66a4a14b4a98368eab6ebde%26source_tag%3D4___src%3Abdmg&ul=en-us&de=UTF-8&dt=Ukrainian%20Dating%20Service%20for%20Singles%20to%20Meet%20Ukrainian%20Women%2C%20Ukrainian%20Girls.%20-%20DateUkrainianBeauty.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAUABAAAAAC~&jid=1527278643&gjid=836301618&cid=1388955317.1662921278&tid=UA-133277878-78&_gid=402210028.1662921278&_r=1>m=2ou970&z=1278940806 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.dateukrainianbeauty.com
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.dateukrainianbeauty.com
date: Sun, 11 Sep 2022 19:21:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
aux.fqtag.com/aux/d
35.190.13.203204 No Content 0 B IP 35.190.13.203:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /aux/d HTTP/1.1
Host: aux.fqtag.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 230
Origin: https://www.dateukrainianbeauty.com
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sun, 11 Sep 2022 19:21:14 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/qa/register05/fonts/LibreBaskervilleBold.woff2
52.52.22.249200 OK 24 kB URL HTTP/2 www.dateukrainianbeauty.com/qa/register05/fonts/LibreBaskervilleBold.woff2
IP 52.52.22.249:0
File type Web Open Font Format (Version 2), TrueType, length 24100, version 1.0\012- data
Hash 7a685efb2ad9204d732487aa258fa060
da165b5a99d6489bfe4df6bbd5c2fba1c0d7aeee
d5b28bb34833549f8ac8340f0a13a26a438ac08cd3deb9dbdc01564cd97b1dc0
Analyzer Verdict Alert fortinet Phishing
GET /qa/register05/fonts/LibreBaskervilleBold.woff2 HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05/css/layout.css?1.0
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:21:14 GMT
content-type: text/plain; charset=UTF-8
content-length: 24100
last-modified: Wed, 29 Jun 2022 01:56:13 GMT
etag: "5e24-5e28c75362e98"
accept-ranges: bytes
strict-transport-security: max-age=17280000; includeSubDomains
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
www.dateukrainianbeauty.com/favicon.ico
52.52.22.249404 Not Found 248 B URL HTTP/2 www.dateukrainianbeauty.com/favicon.ico
IP 52.52.22.249:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3a9517a7c8fe53b530774de5bcbc2d08
047f957093d7e46663e15d75e8a61400de65ee79
6db0df27d5a024b372dc02921a086ee997070e6c9b4b7bbcd552b66fd330836b
GET /favicon.ico HTTP/1.1
Host: www.dateukrainianbeauty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/qa/register05.php?aid=2211&oid=CP284062&qpid_offer_id=DUB_831752TEEEI&qpid_subid=158&qpid_clickid=0b055dd7c66a4a14b4a98368eab6ebde&source_tag=4___src:bdmg
Cookie: owner_id=CP284062; adv_id=2211; adv_type=1; subaffid=158; source_id=4___src%3Abdmg; adv_ldp_id=CD385005; qpid_offer_id=DUB_831752TEEEI; website_id=189; adv_click_history_id=663851682; qpid_click_id=0b055dd7c66a4a14b4a98368eab6ebde; owner_argv=a%3A6%3A%7Bs%3A3%3A%22aid%22%3Bs%3A4%3A%222211%22%3Bs%3A3%3A%22oid%22%3Bs%3A8%3A%22CP284062%22%3Bs%3A13%3A%22qpid_offer_id%22%3Bs%3A15%3A%22DUB_831752TEEEI%22%3Bs%3A10%3A%22qpid_subid%22%3Bs%3A3%3A%22158%22%3Bs%3A12%3A%22qpid_clickid%22%3Bs%3A32%3A%220b055dd7c66a4a14b4a98368eab6ebde%22%3Bs%3A10%3A%22source_tag%22%3Bs%3A12%3A%224___src%3Abdmg%22%3B%7D; flv=21BHkSkaLTTABpRpXDFZ1; _ga=GA1.2.1388955317.1662921278; _gid=GA1.2.402210028.1662921278; PHPSESSID=4lu04lpoff679gld8tt1l5sm31
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sun, 11 Sep 2022 19:21:15 GMT
content-type: text/html; charset=iso-8859-1
content-length: 248
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
aux.fqtag.com/aux/p
35.190.13.203204 No Content 0 B IP 35.190.13.203:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /aux/p HTTP/1.1
Host: aux.fqtag.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 269
Origin: https://www.dateukrainianbeauty.com
Connection: keep-alive
Referer: https://www.dateukrainianbeauty.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sun, 11 Sep 2022 19:21:15 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12666d69f9af3ceb23fdfc2100bd3226
c4d17e3ea44ef6dee9819c1586424e5f056f149c
054236a4d1f88a486f48b8f3a8ac01d21ec2179d5b1f3fc9791d0982d07a88a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5752
x-amzn-requestid: 622ffff0-1bd5-4eb4-a9ff-eb54c5ae44a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBrqiFiToAMF0tA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f310-49efdcc572b4fad3543f857d;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:13:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VKsU4S6tKOso216JLUWn7b1bKDyfruIVukt98JooNCjwaXDT9bkPYQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 19:50:13 GMT
age: 84663
etag: "c4d17e3ea44ef6dee9819c1586424e5f056f149c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2