{"report_id":"a5a42313-7b3b-4507-8de2-7020e9946d0a","version":6,"status":"done","tags":["dhl","logistics","phishing","suspicious"],"date":"2026-03-31T14:04:23Z","url":{"schema":"http","addr":"maritsabeauty.co.uk/tracking","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":0,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"maritsabeauty.co.uk/tracking/","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"title":"DHL","dom":{"size":62238,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (25062)","md5":"5cdd73a30cac6c94243445beb2c89957","sha1":"e4d938b69561442271027051b57e01b9722bcd01","sha256":"2ed66acec8aeb7fa718443139a0e5352dfd32a5eecc981de0f7a0af0243f2a3c","sha512":"86549f47975394d743e074513d49ccc9f29cab823c4ffa523fb3bd71af0719b433d148a1983405f3d68c1f3e308fe5688e16e18cf9dea1ffdb6960f53ae36af8","ssdeep":"384:f+6rLkrLfxdc0vPaUQUTevXPRwXPRsF7++uTRPRn/nhL9GuVgDP/:f+DteBFMPRn/nhh1VaX","tlshash":"9753d7a6ac720534282bb3db66e7664e23787287df06b885f9df42e11f8a7f13550350","dom_hash":"domhashd1d6f36663f1fa5d1c515fa0b98d041a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"maritsabeauty.co.uk/tracking","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":0,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-05T14:04:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-31","alert":"Detects file containing Telegram Bot API","trigger":"maritsabeauty.co.uk/_nuxt/DpZEe5s6.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"maritsabeauty.co.uk","ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"domain_registered":"2012-07-12","domain_rank":0,"first_seen":"2026-01-30T09:59:47.088017Z","last_seen":"2026-03-31T10:47:41.927685Z","alert_count":86,"request_count":42,"received_data":2000615,"sent_data":22062,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-03-29T22:16:18.281815Z","alert_count":0,"request_count":2,"received_data":98732,"sent_data":1118,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-29T22:20:07.848058Z","alert_count":0,"request_count":1,"received_data":23429,"sent_data":498,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ipwho.is","ip":{"addr":"104.20.44.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-01-29","domain_rank":18239,"first_seen":"2020-06-08T11:52:47Z","last_seen":"2026-03-28T03:44:20.863322Z","alert_count":0,"request_count":1,"received_data":315,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/BeCztP-T.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"c8b84ebcab901b493812c6122a4af050","sha1":"275f6e62cdba61703fac8b1c760f74a043f94c5a","sha256":"b8c78fa171a67e1523455fb47e672dd01193c1289bb55c874aabc56e022b8d23","sha512":"85f545518c2928f0103ecef5e0bfc612b203f9b743afa2a28b24675b0d1917a354b1bf0a2e9a0722ca4c4fd996c1dd8cda4f9295f1e63940ff38b11ec993adb4","ssdeep":"","tlshash":"1ac08045f893e771913646855234c917811579663354bde7514f0817a127075454ef01","size":185,"data":"","first_seen":"2025-10-31T08:51:18.484511Z","last_seen":"2026-03-31T14:33:03.71142Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/tracking/","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"df00ebb4a3175f55ade134c26ded6b28","sha1":"f50ce2891fc6e1ed39e13e45fd68e2267bca2dd4","sha256":"aa00b2257084c0698b4ec6887c5ffdb7dab35c636990ace36fcd44b1c184bb2a","sha512":"8a62dc431ba38815c7ffcd1e98f91778f730159a41d19400909388362fca5511f0506c7e1bd079c202221867a1b705ac9936c2891854d99b5e3e2a1770d54bb8","ssdeep":"","tlshash":"ac31ad9ee037591f45583dce6c2270065100bf18558e3e3af4d6ff6429a5b9f28c2a75","size":1686,"data":"","first_seen":"2026-03-31T10:47:43.379238Z","last_seen":"2026-03-31T14:33:03.72642Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/DfbY27GU.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca6f7ffd9636a6d54ea29f82faf55680","sha1":"d948ed5c3593c4b6d7b1f192a208dc1c97c20061","sha256":"e44fb9f3242b2bfbe14697b2b9399893a4ac04d109b4bbdfc56c4cd75e4f55ab","sha512":"0940be493ca9d956bddd4a2e866179ab0bc3550a588330f786e588e0876613230a057ac0c1d20bc6e2f59620d6d1c64915fbe9256791fbc5d0b3671db5eaefb4","ssdeep":"24576:mlZZ5Cn/lkg5mvdRPgZH+slIi85tBwqXdficDP7/tO2AKbRzYaL0oKeyeG4gMQgV:qZZ5Cn/lkgQvdRPgZH+slIX5tBwqXdft","tlshash":"cc354bc6b157387346d225adc46f1107b2365c49684cc894f6bdd8fb2da9e0922bbf38","size":1077622,"data":"","first_seen":"2025-10-31T08:51:18.494984Z","last_seen":"2026-03-31T14:33:03.729123Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/Ducb0Bc3.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"importedModule","is_inline":false,"md5":"51a74aafe41e80fe2a91cd28e0a88c35","sha1":"b67d44fa4ecb3d8e3b9ec249338e6a8f6d3a3a1f","sha256":"afb9c0e84bd837efb6615c8c91e5dd6a0b79b2747665372826d17cc3efe632ca","sha512":"ab2da06a7f9a834ab2961efe78be37c6b78bbc48b95faa7368d4550b16ba12557a529aa03ca33ceb1bc4e2725d504f8c79c431b2be7d2493b6073cfedb2fd9e7","ssdeep":"","tlshash":"02a002471a5554e285720d85b312e7619c39083e3392db9023488252e947c93c40cd57","size":65,"data":"","first_seen":"2025-10-31T15:11:57.963246Z","last_seen":"2026-03-31T14:33:03.701287Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/DpZEe5s6.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"e5bd77b0340d31b6add3ef415bba8988","sha1":"06c6d8fc28e8b8790da875e16c6d598612e5b6fc","sha256":"8416eac382c3319aa6abc974da08cb837c8423550242e36d117d82806a30ed94","sha512":"118626c2ce5642d1c6e8123aa2bf830b476d34c9a4661edadbd3cff510c46ca1116c2558fa7311e4b8b7c84473a78b3311f99c22d12c48ca99da5b95d485c010","ssdeep":"384:MFTlRLMz1PWqlHUw0kjTMiXPRKXPRRTJd+g95mmGEh0hLCluVx2/:MFfLMz1PWqzj7mGEh0h2sVw/","tlshash":"77a2093e62a0477cd667c3e4faa13610106d8b7be183c4d3dafa4a251e87d7518567b0","size":21312,"data":"","first_seen":"2026-03-31T10:47:43.365974Z","last_seen":"2026-03-31T14:33:03.715412Z","times_seen":3,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-31","alert":"Detects file containing Telegram Bot API","trigger":"maritsabeauty.co.uk/_nuxt/DpZEe5s6.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/Di_gDd_F.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"b13c1dba17312bddcb6174100f22b6c0","sha1":"499f8cda3c16c09b4debd5aa28c69bb4da764472","sha256":"061143d7d8585d02fd41d623e2efe21842d86469586db04e0ad2be7a83bfc96b","sha512":"e6d51c170cb849baf6482bc97bd40bbd21a4bcca17edbaee50b4aec537c5f3274718f243f96d4453e8d0b05d1abfc8f414335a3a6085f8453a8edd9cc76e0c6a","ssdeep":"","tlshash":"c4b02b106c32829fc01808c2240074d1702895d822841540228a3b0d202c204400d1e0","size":125,"data":"","first_seen":"2025-10-01T18:47:32.540715Z","last_seen":"2026-03-31T14:33:03.702708Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/CdeJDJ__.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"108dec327196f42153334e1deb366e5a","sha1":"460156cc201c954b79738bd78baeadaf71b28c1b","sha256":"b02f4661a0b5da56958b347f078b65bfb3c7d85bd8edef0ab8d8710389ebb10e","sha512":"96a4d2255ef51a3c991e552e3215eb10c10d1684aa27863ea08d709de22a8bd7e69051ec2c6851bff0184455a062acd0531ba7de128984373428c2aac6758383","ssdeep":"96:yGgTxuCdZ7vTk01EDNjQ0K771Y944+9kkaaWwBhUYlb+gnI:yNTwB1K7R0lJkazwB/MgI","tlshash":"18d10b479e181c39156207a02fada333519cc03571cb93e59bbf826837794693faa74c","size":6682,"data":"","first_seen":"2025-10-01T18:47:32.548492Z","last_seen":"2026-03-31T14:33:03.703794Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/tracking/","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-14T05:39:11.61765Z","times_seen":655109,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/BHrT3dYJ.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"importedModule","is_inline":false,"md5":"759f574dfbd7710908a0e71d1610c9f7","sha1":"e671a34077e632f71f6eb537fb44b0cc80801ac0","sha256":"bb57f8d6bf463d29087a5132af9630c7ad36bcee17f84af6612ae8df7cac26ee","sha512":"e44c126dbdfb75c447e1a16e77f3175b066d0c77352e8c9656a7660c432fe9ba008af98b4b4e4a6d500197738b624af7603c5225819cc1efcca216bf7c2674ac","ssdeep":"","tlshash":"27b0124ec81009b0c2560fc8d2046815673825bc13ca47d4134812628231082c00ee31","size":101,"data":"","first_seen":"2025-10-31T08:51:18.480943Z","last_seen":"2026-03-31T14:33:03.705939Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/DN3f3Bm2.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"importedModule","is_inline":false,"md5":"6711db0c90faad6817df4cbf8d7dde92","sha1":"043d1ddc5e9ec6b7871becb38199a9df6a86e711","sha256":"c8b05bdbff103ce186329c5d499714b07ad2833b0c95593fd7900824d6d75380","sha512":"919a90e2fa52517ffe89e315d59b0860c218ebd90b0c34a3a06fdd24f5caab53ba48b0a202047856d8f2709df9297d694a550c49b2b6cf9953563c77a52c73ba","ssdeep":"384:3lf5Q+udnQte5hDu2KLMa80/83KeRiVU4QdOhij9z8/xBPgZBTU1dhvqi4xi:Vf5Q+udn2e5hDu2/b0/83KeRi24QdOhf","tlshash":"9f62e7083a69f47eaf76908ce0f99022667c1b8ae555e4e0e0f71d5c2386d84b36177f","size":15301,"data":"","first_seen":"2025-10-31T15:11:57.959768Z","last_seen":"2026-03-31T14:33:03.718413Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/Cw6rffUq.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"introduction_type":"importedModule","is_inline":false,"md5":"e85d086250a9a1ed2671c8b74f4c1112","sha1":"7670b638b1b1bc8b8b97ebec5b49c8d1bc5e3959","sha256":"bfac173fff7b1a15492ea12fe53eea954a2b76f70284fa9a092724ef5ad96f9b","sha512":"450aa22a9f6f31b88990d5827611c37ac0944b307064acc8694af71e6c74af46d5891d776bb6cebc685e0b5412f48c2aba6b6fc4a5b6f6912bfdb861d72dbc0a","ssdeep":"384:qSSJUOb4y1B9MuBOwaMUtEAT4TFpnlPIhaKxutc1m8fqhgksyCP/HRQX9epUos:qdZfznnF5lwhaKwS1Igk63eX9em","tlshash":"c58208c97591f026876720b080af1a0ef23eab54e44cc494f255e4e62dba61dca37fdd","size":17752,"data":"","first_seen":"2025-08-05T12:04:55.541967Z","last_seen":"2026-04-08T07:41:57.897097Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/DN3f3Bm2.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:02.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/DN3f3Bm2.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/_nuxt/DpZEe5s6.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 5089\r\ndate: Tue, 31 Mar 2026 14:04:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":15301,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (15300)","md5":"6711db0c90faad6817df4cbf8d7dde92","sha1":"043d1ddc5e9ec6b7871becb38199a9df6a86e711","sha256":"c8b05bdbff103ce186329c5d499714b07ad2833b0c95593fd7900824d6d75380","sha512":"919a90e2fa52517ffe89e315d59b0860c218ebd90b0c34a3a06fdd24f5caab53ba48b0a202047856d8f2709df9297d694a550c49b2b6cf9953563c77a52c73ba","ssdeep":"384:3lf5Q+udnQte5hDu2KLMa80/83KeRiVU4QdOhij9z8/xBPgZBTU1dhvqi4xi:Vf5Q+udn2e5hDu2/b0/83KeRi24QdOhf","tlshash":"9f62e7083a69f47eaf76908ce0f99022667c1b8ae555e4e0e0f71d5c2386d84b36177f","first_seen":"2025-10-31T15:11:57.959768Z","last_seen":"2026-03-31T14:33:03.718413Z","times_seen":8,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/Di_gDd_F.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/Di_gDd_F.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/_nuxt/DfbY27GU.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-length: 125\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":125,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"b13c1dba17312bddcb6174100f22b6c0","sha1":"499f8cda3c16c09b4debd5aa28c69bb4da764472","sha256":"061143d7d8585d02fd41d623e2efe21842d86469586db04e0ad2be7a83bfc96b","sha512":"e6d51c170cb849baf6482bc97bd40bbd21a4bcca17edbaee50b4aec537c5f3274718f243f96d4453e8d0b05d1abfc8f414335a3a6085f8453a8edd9cc76e0c6a","ssdeep":"","tlshash":"c4b02b106c32829fc01808c2240074d1702895d822841540228a3b0d202c204400d1e0","first_seen":"2025-10-01T18:47:32.540715Z","last_seen":"2026-03-31T14:33:03.702708Z","times_seen":37,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/Di_gDd_F.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/Di_gDd_F.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-length: 125\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":125,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"b13c1dba17312bddcb6174100f22b6c0","sha1":"499f8cda3c16c09b4debd5aa28c69bb4da764472","sha256":"061143d7d8585d02fd41d623e2efe21842d86469586db04e0ad2be7a83bfc96b","sha512":"e6d51c170cb849baf6482bc97bd40bbd21a4bcca17edbaee50b4aec537c5f3274718f243f96d4453e8d0b05d1abfc8f414335a3a6085f8453a8edd9cc76e0c6a","ssdeep":"","tlshash":"c4b02b106c32829fc01808c2240074d1702895d822841540228a3b0d202c204400d1e0","first_seen":"2025-10-01T18:47:32.540715Z","last_seen":"2026-03-31T14:33:03.702708Z","times_seen":37,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:11.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:11.107Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:11 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:13.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:13.107Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:13 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:16.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:16.107Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/entry.DG3s7g91.css","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:01.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/entry.DG3s7g91.css HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 07 Apr 2026 14:04:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 13215\r\ndate: Tue, 31 Mar 2026 14:04:01 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":75679,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"7335b15f8b22f6c9c032315c600be606","sha1":"974b7aab2b23063fa4109a19ba4af7211956abf2","sha256":"0b30c63d8e28bf1d8efa8111cf0dfb964f58d9ccfc57c33196d5d59c0a182d9e","sha512":"b05cd5ffde9a0d862cec8b28f481ef832191d2b948658b830a4a2b2ee8db0bc4c5db4941bcbef5895cabaf9cfbd1b662c228a7f680542fbc2d80bc07e37d7cf2","ssdeep":"768:GHjl44lZNiRxChIj8OUthHYzIjf3mgTe2Fxydy20lKPvEloiA145r2/:GHjW4eCmAhHYzIjf3mDdjih1G","tlshash":"1073d959ea90147fac1bc1b6f1c2f54d911aa4c2ff22dde6f8819da187c63e11d23a07","first_seen":"2025-10-01T18:47:32.552226Z","last_seen":"2026-03-31T14:33:03.704942Z","times_seen":26,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":213,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/DfbY27GU.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:01.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/DfbY27GU.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 316990\r\ndate: Tue, 31 Mar 2026 14:04:01 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1077622,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (42050)","md5":"a2f72d3487893981f4cd4a79f1353a2b","sha1":"70d40cc66c9b702c41d0ef858a712b4361cc0974","sha256":"e153f430caa9587f5e30f455066da57a5543e9dd109a240e147d3221a52d47ea","sha512":"eba0cd57234d79e8934c367c56b539f96bdf7857c607aa063814ea11ec7ce2c533b9887fd61c16b51ce42d502efb7305f325dc4719a4f1a11659138cc051f296","ssdeep":"24576:mlZZ5Cn/lkg5mvdRPgZH+slIi85tBwqXdficDP7/tO2AKbRzYaL0oKeyeG4gMQgH:qZZ5Cn/lkgQvdRPgZH+slIX5tBwqXdff","tlshash":"5f254bc6b197387346d225adc46f1107b2365c49684cc894f67dd8fb2da9e0922bbf38","first_seen":"2025-10-31T08:51:18.4915Z","last_seen":"2026-03-31T14:33:03.723323Z","times_seen":23,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":606,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/CdeJDJ__.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/CdeJDJ__.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/_nuxt/DfbY27GU.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 1990\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6682,"size_decoded":0,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text, with very long lines (6675)","md5":"108dec327196f42153334e1deb366e5a","sha1":"460156cc201c954b79738bd78baeadaf71b28c1b","sha256":"b02f4661a0b5da56958b347f078b65bfb3c7d85bd8edef0ab8d8710389ebb10e","sha512":"96a4d2255ef51a3c991e552e3215eb10c10d1684aa27863ea08d709de22a8bd7e69051ec2c6851bff0184455a062acd0531ba7de128984373428c2aac6758383","ssdeep":"96:yGgTxuCdZ7vTk01EDNjQ0K771Y944+9kkaaWwBhUYlb+gnI:yNTwB1K7R0lJkazwB/MgI","tlshash":"18d10b479e181c39156207a02fada333519cc03571cb93e59bbf826837794693faa74c","first_seen":"2025-10-01T18:47:32.548492Z","last_seen":"2026-03-31T14:33:03.703794Z","times_seen":17,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":151,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/D5gOYdM7.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/D5gOYdM7.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 2241\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5720,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (4252)","md5":"0b267ccd50f6720630d6f6069c3c0da3","sha1":"e807dbdb3d3f080fd9377141a80d408d5d72739d","sha256":"db98026b4bf01b51965d9e63c86fd742f4f92228b088c6fc888e39f20288243e","sha512":"196f8d868d3d7cefa816a2571e5ae57cd224d858330bb214b36e63cc31de93ef824d2bd19c0d076bc091a15a5207d2d4358688dc6e0c6ac1f65450e7ef3564aa","ssdeep":"96:v0QRrpGna8MvmCToPs9VRGJysHnwcO24BR0fTeW6ctvRqAWVtsqSE:vHRri5MeCT2sJGEN24n0XqJsqh","tlshash":"3dc186ccfa95f47a83a3f570f16f950be17b69c084585064e155e8e03cb6605c23bf69","first_seen":"2024-08-01T00:14:45Z","last_seen":"2026-05-03T00:48:16.328236Z","times_seen":121,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":142,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:20.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:20.108Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:20 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/BeCztP-T.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/BeCztP-T.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/_nuxt/DfbY27GU.js\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-length: 185\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":185,"size_decoded":0,"mime_type":"text/javascript","magic":"Java source, ASCII text","md5":"c8b84ebcab901b493812c6122a4af050","sha1":"275f6e62cdba61703fac8b1c760f74a043f94c5a","sha256":"b8c78fa171a67e1523455fb47e672dd01193c1289bb55c874aabc56e022b8d23","sha512":"85f545518c2928f0103ecef5e0bfc612b203f9b743afa2a28b24675b0d1917a354b1bf0a2e9a0722ca4c4fd996c1dd8cda4f9295f1e63940ff38b11ec993adb4","ssdeep":"","tlshash":"1ac08045f893e771913646855234c917811579663354bde7514f0817a127075454ef01","first_seen":"2025-10-31T08:51:18.484511Z","last_seen":"2026-03-31T14:33:03.71142Z","times_seen":23,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:04.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 08:37:39 GMT","end":"Mon, 01 Jun 2026 08:37:38 GMT"},"fingerprint":{"sha1":"31:A8:B5:C1:CD:F5:51:78:A9:8C:E3:B4:73:92:CF:C0:6D:69:48:19","sha256":"81:9A:84:FB:F5:4C:AB:82:DF:C1:27:CC:60:46:A6:23:A8:49:56:99:47:CF:C4:05:3F:0D:87:31:DD:2C:23:A2"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 31 Mar 2026 02:01:49 GMT\r\nexpires: Wed, 31 Mar 2027 02:01:49 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 43335\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-14T05:40:27.72894Z","times_seen":177741,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":56,"dns":1,"connect":7,"send":0,"wait":11,"receive":13,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:14.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:14.107Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:14 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":109,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:17.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:17.107Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:17 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/BHrT3dYJ.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:02.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/BHrT3dYJ.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/_nuxt/DpZEe5s6.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-length: 101\r\ndate: Tue, 31 Mar 2026 14:04:02 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":101,"size_decoded":0,"mime_type":"text/javascript","magic":"Java source, ASCII text","md5":"759f574dfbd7710908a0e71d1610c9f7","sha1":"e671a34077e632f71f6eb537fb44b0cc80801ac0","sha256":"bb57f8d6bf463d29087a5132af9630c7ad36bcee17f84af6612ae8df7cac26ee","sha512":"e44c126dbdfb75c447e1a16e77f3175b066d0c77352e8c9656a7660c432fe9ba008af98b4b4e4a6d500197738b624af7603c5225819cc1efcca216bf7c2674ac","ssdeep":"","tlshash":"27b0124ec81009b0c2560fc8d2046815673825bc13ca47d4134812628231082c00ee31","first_seen":"2025-10-31T08:51:18.480943Z","last_seen":"2026-03-31T14:33:03.705939Z","times_seen":23,"resource_available":true,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":142,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/builds/meta/dafab8a6-dc85-48e6-891a-0890c90e2921.json","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/builds/meta/dafab8a6-dc85-48e6-891a-0890c90e2921.json HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/json\r\nlast-modified: Tue, 21 Oct 2025 21:54:52 GMT\r\naccept-ranges: bytes\r\ncontent-length: 139\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":139,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3e26de9980fa977a19cf4f5ecb955178","sha1":"e4c98f82de101aa1a123f669ece7cfb23bfb96d4","sha256":"f65fed339bd94064123f153b0334cbed9619668d1d5dc385045b551e79d1e37d","sha512":"222fc888a467ff25103c979689e438e34b8b97ce49f9133e0662831ed596f9acf313d7916a2f736e6bd9d84824231041530d348dd41a074d0ff9765e8a710f47","ssdeep":"","tlshash":"50c08c22388100abad60896888143422d8ea0a62a4b8885d46ac4d3d091c47cb258813","first_seen":"2025-10-31T08:51:18.477652Z","last_seen":"2026-03-31T14:33:03.706947Z","times_seen":23,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 08:37:40 GMT","end":"Mon, 01 Jun 2026 08:37:39 GMT"},"fingerprint":{"sha1":"5F:99:6E:26:2A:3A:DA:FF:7F:0D:EE:C5:8B:2A:01:AE:28:26:AD:C4","sha256":"2B:88:E7:79:70:E5:E9:DE:0E:A9:0A:B8:F1:F5:C6:D6:10:77:F0:C9:0F:E6:2A:13:A3:D6:08:F9:89:A3:60:E8"}}},"request":{"raw":"GET /css2?family=Inter:wght@100;200;300;400;500;600;700;800;900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 31 Mar 2026 14:04:03 GMT\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22743,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"03d386d3d51356518f1c932bd7d1f021","sha1":"f20bdaa14bb1dba0ae6b28e1c455976bcc6e0081","sha256":"e833d17f31411e640714d4c41bd3d264b7c2b48b4740ce7ea6d7988f50e58d69","sha512":"dcbd99af933cbe40c84ba846643ac9e9e5b070e391a04d2d608a0f89f470b31aea8bee06ba7048fb2e7140eaeb75ce1c990d32444736469826bee4c96ffb2dc5","ssdeep":"192:WpNmp9pKpO3tp3pxYp5NnWjO3GAxRKNA1cO3lnxirNNIxO34OxDENOPCO3/Nx8NP:WLmXoKtZIB1OKYXuM0p2+g7GQK","tlshash":"d5a28992002ba400ab971dc233cf7f3aaece10856085d1b96ffd0dc59cead66436876d","first_seen":"2025-09-10T18:54:49.359958Z","last_seen":"2026-05-14T05:02:16.583171Z","times_seen":6556,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":64,"dns":1,"connect":7,"send":0,"wait":19,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/GetTelegram.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:04.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/GetTelegram.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 8\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:04 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"37a6259cc0c1dae299a7866489dff0bd","sha1":"2be88ca4242c76e8253ac62474851065032d6833","sha256":"74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b","sha512":"04f8ff2682604862e405bf88de102ed7710ac45c1205957625e4ee3e5f5a2241e453614acc451345b91bafc88f38804019c7492444595674e94e8cf4be53817f","ssdeep":"","tlshash":"b9300000000000000000000000000000000300000000000000000000000c0000000000","first_seen":"2023-03-07T01:02:14Z","last_seen":"2026-05-14T05:23:26.751124Z","times_seen":240753,"resource_available":true,"data":null}},"time_used":185,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:12.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:12.107Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:12 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:18.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:18.107Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:18 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/VRow.roRTqlN3.css","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:02.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/VRow.roRTqlN3.css HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 07 Apr 2026 14:04:02 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 1868\r\ndate: Tue, 31 Mar 2026 14:04:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9669,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (9668)","md5":"30c82f6c76a3cf7a75e1f63a10bffdf2","sha1":"02cbe4574f0f29e70974b7937ee11d66dedd7f28","sha256":"418ff08f588c365d1dd039e15601d9d3cb2e0298647c7acce7e2bb35570d2a1a","sha512":"289be4047689f5eeabcfb5900198a6f1f7fae479fcac37e9712bff60c0798d64a235e2bd75e91876c1cc7bb2975804146bf88cb7bf124ba149d8b9650b16f542","ssdeep":"192:eZFX/hFWQlBG3uMSeKKS9bwJP5K0yOKkEwKJEcKKEun8KJVk41WnQIZWsW2X7b05:evPhFWQE3ufenJP5K05KkhKJ/KKnn8YZ","tlshash":"0d1220745b446438dc1ef5b6eb9afb6dd236b2c8df210045ecca7aa582c63f52c4221c","first_seen":"2025-08-08T10:04:59.343427Z","last_seen":"2026-03-31T14:33:03.699927Z","times_seen":32,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/favicon.ico","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:02.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 07 Apr 2026 14:04:02 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Mon, 14 Apr 2025 22:12:30 GMT\r\naccept-ranges: bytes\r\ncontent-length: 152126\r\ndate: Tue, 31 Mar 2026 14:04:02 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":152126,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, -64x-64, 32 bits/pixel","md5":"05f3fb9967b4ed60e910e4f8cd1b75ec","sha1":"081496d5bdcb916987b2a1da043a259c883ed1a3","sha256":"366e6f569077c8eaa694fe55519e8d7c911779fbd3db57962c99a8155a6f46aa","sha512":"358d832a5be343f46f2a90bbca498858184ac5e9d84fa40f465216646724e94689f81bb13690165d38bb4ca26d3f18c6048fab5bc6d4193087828d222d77182e","ssdeep":"384:dWlymMBQ6LHMJjJZXEJIer8+enWj/4ZDDLwl/CGJH8wfRwM8mqFJjAwagqVT5iJg:SF70usmpQ0d","tlshash":"6fe3b7c71b808a8df8adb83aecc1621500d9af678d353ae715913f61f66f61508b3d1e","first_seen":"2025-08-08T10:04:59.310701Z","last_seen":"2026-04-17T10:10:59.913901Z","times_seen":51,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":114,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:06.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:06.105Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:06 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:07.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:07.106Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/tracking","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-31T14:04:01.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /tracking HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-type: text/html\r\ncontent-length: 795\r\ndate: Tue, 31 Mar 2026 14:04:01 GMT\r\nserver: LiteSpeed\r\nlocation: https://maritsabeauty.co.uk/tracking/\r\nvary: User-Agent\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2808,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T05:48:33.701861Z","times_seen":15152152,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":125,"dns":47,"connect":29,"send":0,"wait":36,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/Cw6rffUq.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:02.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/Cw6rffUq.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/_nuxt/DpZEe5s6.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 6822\r\ndate: Tue, 31 Mar 2026 14:04:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":17752,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (12306)","md5":"e85d086250a9a1ed2671c8b74f4c1112","sha1":"7670b638b1b1bc8b8b97ebec5b49c8d1bc5e3959","sha256":"bfac173fff7b1a15492ea12fe53eea954a2b76f70284fa9a092724ef5ad96f9b","sha512":"450aa22a9f6f31b88990d5827611c37ac0944b307064acc8694af71e6c74af46d5891d776bb6cebc685e0b5412f48c2aba6b6fc4a5b6f6912bfdb861d72dbc0a","ssdeep":"384:qSSJUOb4y1B9MuBOwaMUtEAT4TFpnlPIhaKxutc1m8fqhgksyCP/HRQX9epUos:qdZfznnF5lwhaKwS1Igk63eX9em","tlshash":"c58208c97591f026876720b080af1a0ef23eab54e44cc494f255e4e62dba61dca37fdd","first_seen":"2025-08-05T12:04:55.541967Z","last_seen":"2026-04-08T07:41:57.897097Z","times_seen":63,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/no-global.KYL9AcJr.css","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/no-global.KYL9AcJr.css HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 07 Apr 2026 14:04:03 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 25917\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":299723,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"cdbc26a0c12b18cb2e92a38c2db8a5c2","sha1":"79291733b9a42122761564790985f11f2ed92c00","sha256":"21565b2a9258c1141d3a6551d6631bfeb5d2b1c04816eb3cbc3a41989927740c","sha512":"33ecf619393c92ce4304eb6a2b2ea90eb5926e6830076a2495e031ae1188a711324cd791525a0567b63b0fe04cda1eecaa431d88ca5033ce46701d84961ac4d6","ssdeep":"1536:sxsx2sdZskpglBVJIKPyLNJyyw5wc0NBkbpbTeBMoBFEL1BDV0BuLznORAhH+PS3:3yZFyLNJyyw5w1BkbpbTsPBFEL1f0e04","tlshash":"0854cae3f6d61018a026d356c191bb7c7d3fe9d6ab06ace7eb06773183842db291051e","first_seen":"2025-08-05T12:04:55.538484Z","last_seen":"2026-04-08T07:41:57.900802Z","times_seen":63,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/BeCztP-T.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/BeCztP-T.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-length: 185\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":185,"size_decoded":0,"mime_type":"text/javascript","magic":"Java source, ASCII text","md5":"c8b84ebcab901b493812c6122a4af050","sha1":"275f6e62cdba61703fac8b1c760f74a043f94c5a","sha256":"b8c78fa171a67e1523455fb47e672dd01193c1289bb55c874aabc56e022b8d23","sha512":"85f545518c2928f0103ecef5e0bfc612b203f9b743afa2a28b24675b0d1917a354b1bf0a2e9a0722ca4c4fd996c1dd8cda4f9295f1e63940ff38b11ec993adb4","ssdeep":"","tlshash":"1ac08045f893e771913646855234c917811579663354bde7514f0817a127075454ef01","first_seen":"2025-10-31T08:51:18.484511Z","last_seen":"2026-03-31T14:33:03.71142Z","times_seen":23,"resource_available":true,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changeCurentPage.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:04.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changeCurentPage.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 19\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":19,"data":"{\"page\":\"tracking\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:04 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:15.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:15.107Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:15 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/tracking.DxzYw5xM.css","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:02.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/tracking.DxzYw5xM.css HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 07 Apr 2026 14:04:02 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-length: 278\r\ndate: Tue, 31 Mar 2026 14:04:02 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":278,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"81610c8d1bd750b9d7d570f4c7eeefa4","sha1":"6d2b9c4484e16a91065a12fff3ace3a4aed59f7c","sha256":"ea369e07184b67c1c9a2ccb33dc5f44329f3ab7d3757237b71d755890501faf5","sha512":"6481f6bab01e8d70047643c369b5a1e973850ca3d85b3a8744a16e0fc04b65650a89c0a0c61d4c53eced635a9ec1e9a2b26fdab14c5b34b9841b199e48b6b7c8","ssdeep":"","tlshash":"0dd0c225c9440000cb728a86bbc45eac20345b67ae27094bf7b9712891da56c2a6aa6a","first_seen":"2025-10-31T15:11:57.955884Z","last_seen":"2026-03-31T14:33:03.725466Z","times_seen":8,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/DpZEe5s6.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:02.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/DpZEe5s6.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/_nuxt/DfbY27GU.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 6756\r\ndate: Tue, 31 Mar 2026 14:04:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":21312,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (15874)","md5":"e5bd77b0340d31b6add3ef415bba8988","sha1":"06c6d8fc28e8b8790da875e16c6d598612e5b6fc","sha256":"8416eac382c3319aa6abc974da08cb837c8423550242e36d117d82806a30ed94","sha512":"118626c2ce5642d1c6e8123aa2bf830b476d34c9a4661edadbd3cff510c46ca1116c2558fa7311e4b8b7c84473a78b3311f99c22d12c48ca99da5b95d485c010","ssdeep":"384:MFTlRLMz1PWqlHUw0kjTMiXPRKXPRRTJd+g95mmGEh0hLCluVx2/:MFfLMz1PWqzj7mGEh0h2sVw/","tlshash":"77a2093e62a0477cd667c3e4faa13610106d8b7be183c4d3dafa4a251e87d7518567b0","first_seen":"2026-03-31T10:47:43.365974Z","last_seen":"2026-03-31T14:33:03.715412Z","times_seen":3,"resource_available":true,"data":null}},"time_used":190,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":186,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-31","alert":"Detects file containing Telegram Bot API","trigger":"maritsabeauty.co.uk/_nuxt/DpZEe5s6.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/BC0VnHqV.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/BC0VnHqV.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-length: 240\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":240,"size_decoded":0,"mime_type":"text/javascript","magic":"Java source, ASCII text","md5":"ec198eae7f22c0ae62cb32224c1f95df","sha1":"aff21a7673cfb4c691c2568ecda2b0437f5d5b5d","sha256":"e2471bd9d13b01ddb9b97742953a260dc465bb6da62dc721265ebb8d06102104","sha512":"20f170eb99c6e0100a7f16f255747906e7f2b0a29ded8a2dbc05539812e2290fe969259531d19a782e1dd206fd9eb6df3c1f1fe60744b41825821e1814ec52ce","ssdeep":"","tlshash":"69d023c03c40e3b932532340602098025021fdbc3f0738d8219bc046920323c81de711","first_seen":"2025-10-31T08:51:18.479162Z","last_seen":"2026-03-31T14:33:03.710319Z","times_seen":23,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/no-global.KYL9AcJr.css","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.565Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/no-global.KYL9AcJr.css HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 07 Apr 2026 14:04:03 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 25917\r\ndate: Tue, 31 Mar 2026 14:04:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":299723,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"cdbc26a0c12b18cb2e92a38c2db8a5c2","sha1":"79291733b9a42122761564790985f11f2ed92c00","sha256":"21565b2a9258c1141d3a6551d6631bfeb5d2b1c04816eb3cbc3a41989927740c","sha512":"33ecf619393c92ce4304eb6a2b2ea90eb5926e6830076a2495e031ae1188a711324cd791525a0567b63b0fe04cda1eecaa431d88ca5033ce46701d84961ac4d6","ssdeep":"1536:sxsx2sdZskpglBVJIKPyLNJyyw5wc0NBkbpbTeBMoBFEL1BDV0BuLznORAhH+PS3:3yZFyLNJyyw5w1BkbpbTsPBFEL1f0e04","tlshash":"0854cae3f6d61018a026d356c191bb7c7d3fe9d6ab06ace7eb06773183842db291051e","first_seen":"2025-08-05T12:04:55.538484Z","last_seen":"2026-04-08T07:41:57.900802Z","times_seen":63,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":105,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/create-user.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:04.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/create-user.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 2\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 48\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:04 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":44,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c5b5786f141b7f6ad67d8da2928ed85b","sha1":"3b74c7c3a192d47e496aca263724f80ed0b9bf1e","sha256":"27d7b2456b817c5461977533177a963c1dc8033267e708c084ccf045b6fee1b5","sha512":"9bc101f9837340d6d5457a331a6d53ffa4d3ef6cfdb43376ca71647f9abd90d1a232a40d2eb09210e61e107d68a53a9ce932e2a7a40b8a7b14121550b5ef6aaf","ssdeep":"","tlshash":"c1900400010d1c147fd105c77d113414155cd571c4d750d3c05c50550f04ccc451d145","first_seen":"2024-10-13T19:41:55.779631Z","last_seen":"2026-03-31T14:33:03.714225Z","times_seen":23,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":187,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/GetTrack.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:04.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/GetTrack.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 8\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:04 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"37a6259cc0c1dae299a7866489dff0bd","sha1":"2be88ca4242c76e8253ac62474851065032d6833","sha256":"74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b","sha512":"04f8ff2682604862e405bf88de102ed7710ac45c1205957625e4ee3e5f5a2241e453614acc451345b91bafc88f38804019c7492444595674e94e8cf4be53817f","ssdeep":"","tlshash":"b9300000000000000000000000000000000300000000000000000000000c0000000000","first_seen":"2023-03-07T01:02:14Z","last_seen":"2026-05-14T05:23:26.751124Z","times_seen":240753,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:05.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:05.106Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:08.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:08.106Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:08 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/_nuxt/Ducb0Bc3.js","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:02.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /_nuxt/Ducb0Bc3.js HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/_nuxt/DpZEe5s6.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 21 Oct 2025 21:54:50 GMT\r\naccept-ranges: bytes\r\ncontent-length: 65\r\ndate: Tue, 31 Mar 2026 14:04:02 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":65,"size_decoded":0,"mime_type":"text/javascript","magic":"Java source, ASCII text","md5":"51a74aafe41e80fe2a91cd28e0a88c35","sha1":"b67d44fa4ecb3d8e3b9ec249338e6a8f6d3a3a1f","sha256":"afb9c0e84bd837efb6615c8c91e5dd6a0b79b2747665372826d17cc3efe632ca","sha512":"ab2da06a7f9a834ab2961efe78be37c6b78bbc48b95faa7368d4550b16ba12557a529aa03ca33ceb1bc4e2725d504f8c79c431b2be7d2493b6073cfedb2fd9e7","ssdeep":"","tlshash":"02a002471a5554e285720d85b312e7619c39083e3392db9023488252e947c93c40cd57","first_seen":"2025-10-31T15:11:57.963246Z","last_seen":"2026-03-31T14:33:03.701287Z","times_seen":12,"resource_available":true,"data":null}},"time_used":143,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":143,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"ipwho.is/","fqdn":"ipwho.is","domain":"ipwho.is","tld":"is"},"ip":{"addr":"104.20.44.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:03.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipwho.is","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 02:54:08 GMT","end":"Sat, 09 May 2026 03:54:02 GMT"},"fingerprint":{"sha1":"8D:92:FC:3A:95:FA:D5:B9:07:80:8D:11:7D:02:D9:48:6E:31:E9:BD","sha256":"5E:6C:D7:C3:E3:38:C8:D3:F1:BC:74:0B:00:E0:3F:84:F6:19:53:45:CD:82:18:8C:91:90:73:53:8C:57:40:D6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ipwho.is\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://maritsabeauty.co.uk/\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Tue, 31 Mar 2026 14:04:04 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9e4fe6ad0a41b515-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0c803446e75fb294408787c6c64ee800","sha1":"0962274e1fa925799e2d324dcaa1b173a2bbed98","sha256":"ae8d49b8344fca5c61af3aff17d9b1d3f272d198edf935f94b322463b15b57e2","sha512":"fcc0c8057e91b44bda5b3a4e976b202ee97a7127074e4a30026b291cbb5ebe9c0c8d1a626453b2fccccfa46eb67be4bd37dcd855671bdb064e1eeaf262a18276","ssdeep":"","tlshash":"0da0220f2300383a02022e8330080a8002e302f0e0c0230aa00c030e3200cc020e3008","first_seen":"2026-02-12T02:06:55.383473Z","last_seen":"2026-05-14T04:05:05.348679Z","times_seen":975,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":51,"dns":35,"connect":1,"send":0,"wait":6,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:04.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 08:37:39 GMT","end":"Mon, 01 Jun 2026 08:37:38 GMT"},"fingerprint":{"sha1":"31:A8:B5:C1:CD:F5:51:78:A9:8C:E3:B4:73:92:CF:C0:6D:69:48:19","sha256":"81:9A:84:FB:F5:4C:AB:82:DF:C1:27:CC:60:46:A6:23:A8:49:56:99:47:CF:C4:05:3F:0D:87:31:DD:2C:23:A2"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 31 Mar 2026 02:01:49 GMT\r\nexpires: Wed, 31 Mar 2027 02:01:49 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 43335\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-14T05:40:27.72894Z","times_seen":177741,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":104,"dns":0,"connect":9,"send":0,"wait":8,"receive":7,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:09.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:09.106Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:09 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:10.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:10.107Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:10 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/dashApi/auth/auth-file/changePen.php","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://maritsabeauty.co.uk/tracking/","date":"2026-03-31T14:04:19.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"POST /dashApi/auth/auth-file/changePen.php HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 33\r\nOrigin: https://maritsabeauty.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://maritsabeauty.co.uk/tracking/\r\nCookie: i18n_redirected=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":33,"data":"{\"op\":\"2026-03-31T14:04:19.107Z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: *\r\ncontent-type: application/json\r\ncontent-length: 43\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Tue, 31 Mar 2026 14:04:19 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b522d3d06dd04ba60b3e0eb391721b19","sha1":"a7eae9f5b0d965ebeb6eb9c18f14e19c0f3ad922","sha256":"4515a569e857734d463732cc1bf7434c570e89c897d74dc567c31b658ae5f104","sha512":"b62ed5aea74684e891981881557e9018c925dd0a33a983edcc5b7a6e93c4e7bb0c325dcdb48f2929b86de0b01d75fabd91ca976f8aedd25ee0e44afb3756c4e4","ssdeep":"","tlshash":"9790040303003d541f450515f4411054177037445c4510d1c31c40171745cd04717100","first_seen":"2026-03-31T10:47:43.333866Z","last_seen":"2026-03-31T14:33:03.695833Z","times_seen":3,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"maritsabeauty.co.uk/tracking/","fqdn":"maritsabeauty.co.uk","domain":"maritsabeauty.co.uk","tld":"co.uk"},"ip":{"addr":"185.194.90.23","port":443,"asn":12488,"as":"Krystal Hosting Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-31T14:04:01.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"maritsabeauty.co.uk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 05:54:11 GMT","end":"Sun, 24 May 2026 05:54:10 GMT"},"fingerprint":{"sha1":"6A:F3:62:00:87:D7:D9:30:5C:31:32:75:72:E4:7F:90:71:C2:EC:CB","sha256":"25:DB:BD:CB:EA:2D:07:6A:9E:C6:44:0A:2D:13:F8:64:7C:65:5E:70:61:4E:5B:7C:98:7D:5C:E6:68:7B:81:A9"}}},"request":{"raw":"GET /tracking/ HTTP/1.1\r\nHost: maritsabeauty.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Tue, 18 Nov 2025 19:53:16 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 948\r\ndate: Tue, 31 Mar 2026 14:04:01 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}],"data":{"size":2808,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1717), with CRLF line terminators","md5":"01ef3b3f290663ced096d15566605413","sha1":"aa2e49eb1f1980f90cd8626e1374a59b30526c6e","sha256":"1f1971bb5fb01edcfbf2ff2a6642fc3864e3b044cad018299fa37747df3691ec","sha512":"9532e530e22482f393a76a677c7ac4f5809ad453b1fe9c3821af5078e6501bbc641f5d79af88de60adee0a00c3e32e1abee81cb93e6f43dcf197a1a70f7e9e91","ssdeep":"","tlshash":"2351419db8368c4f46183eddb8a2b0099005bf08528e7e25f5d6bfb64d5079f1cc2976","first_seen":"2026-03-31T10:47:43.362244Z","last_seen":"2026-03-31T14:33:03.71293Z","times_seen":3,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-31","alert":"Sinkholed","trigger":"maritsabeauty.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}}]}