{"report_id":"251f56c8-637a-41b2-b9af-28561b4aa45f","version":6,"status":"done","tags":[],"date":"2026-04-29T10:35:38Z","url":{"schema":"http","addr":"url-go.ru/","fqdn":"url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"103.224.182.253","port":0,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"ww38.url-go.ru/","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"title":"url-go.ru","dom":{"size":163,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"df22c5db0a6a9aaa866a6486fa155326","sha1":"a981b74eb34b496314a9100b313bd2383059ee26","sha256":"a8dee9e3e2e50bd27f2758b1b74475976b47558a0fe788c9629250b417b2a12e","sha512":"76eb7718caa9d3325ca7076059e3a19d64ddb6bd94378d306ddfffece05a46c256e5a03f4262fb15fc4535f0d0b5207fbb42c9484db41228302980b302bc402f","ssdeep":"","tlshash":"a7c08c7c9040400e989268803dc20f4baa5ed30845ac96440aa6807da28e2efec8b248","dom_hash":"domhashd17e0d6bdacd6f0a302c72ef41251af7","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"url-go.ru/","fqdn":"url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"103.224.182.253","port":0,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-03T10:35:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-29T10:35:22Z","timestamp":1777458922,"ip_dst":{"addr":"Client IP","port":44362,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2026-04-29T10:35:22.426954+0000\",\"flow_id\":1602984319042844,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.251.101.162\",\"src_port\":443,\"dest_ip\":\"172.18.0.22\",\"dest_port\":44362,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.northwavepoint.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"00:E6:53:DC:0A:2E:DB:12:0B:31:67:F5:D9:D6:8E:E2:CD\",\"fingerprint\":\"63:01:a7:5f:69:c9:f4:ca:14:e8:31:c9:db:15:7b:8a:1f:a6:cc:71\",\"sni\":\"obseu.northwavepoint.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-03-20T00:00:00\",\"notafter\":\"2026-06-18T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"80d47c47e3ce91bc3bd0a026dbd1664d\",\"string\":\"771,49196,5-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1217,\"bytes_toclient\":3919,\"start\":\"2026-04-29T10:35:22.312604+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"url-go.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"ww38.url-go.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"euob.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"ww38.url-go.ru","ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"domain_registered":"2022-12-20","domain_rank":0,"first_seen":"2026-04-29T10:35:38.610332Z","last_seen":"2026-04-29T10:35:38.610332Z","alert_count":4,"request_count":4,"received_data":16924,"sent_data":1971,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"obseu.northwavepoint.com","ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2026-01-28","domain_rank":0,"first_seen":"2026-04-16T09:06:21.210986Z","last_seen":"2026-04-23T09:08:27.231319Z","alert_count":6,"request_count":6,"received_data":6078,"sent_data":5188,"comment":"","tags":null,"fingerprints":null},{"fqdn":"yfdpco4.com","ip":{"addr":"208.91.196.46","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2025-03-20","domain_rank":0,"first_seen":"2026-04-02T14:19:52.929311Z","last_seen":"2026-04-23T15:35:48.58101Z","alert_count":0,"request_count":1,"received_data":335,"sent_data":631,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"euob.northwavepoint.com","ip":{"addr":"52.84.50.75","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2026-01-28","domain_rank":0,"first_seen":"2026-04-16T09:06:21.216693Z","last_seen":"2026-04-23T09:08:27.122904Z","alert_count":1,"request_count":1,"received_data":132708,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"url-go.ru","ip":{"addr":"103.224.182.253","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"domain_registered":"2022-12-20","domain_rank":0,"first_seen":"2017-06-19T14:58:52Z","last_seen":"2025-11-03T00:58:46.81565Z","alert_count":4,"request_count":4,"received_data":36003,"sent_data":1899,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"ww38.url-go.ru/","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"484d7a7333124b016a7f419fe5679132","sha1":"c7289ca6f0b3a7a3faf933e46153ce1a1913998f","sha256":"9fa476cbd7c24646e1dbd5e0a6628dc5deb5eb6d42be892bb491d6d9d879d4c8","sha512":"eefa4bf9f0f2fcf6a7411b354db4c9bb4858028e554ed2beb3a74e8c6f2c70b8bd4d40cddcdae3bc0b4cf9225e128161be52966e1542440f1ffe5121a20c1d05","ssdeep":"","tlshash":"c421bbda18e6001a5ba7209e4f1e44097535285fa29ace06bd4c11403f2ca6ada76be9","size":1258,"data":"","first_seen":"2026-04-29T10:35:42.046556Z","last_seen":"2026-04-29T10:35:42.046556Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.url-go.ru/","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4b525cf8ebd962811007b8d5664ed332","sha1":"3d6e339a2e51071280db0f7e0e72f4beff1b7e3f","sha256":"9a2fc2de09ddd5dbe83a33b037c4519972a252103614203019dec30522301fdd","sha512":"b8a7dfd8f65660c948daea9a5177f217a66dc3246bcc7acfefadf6c35c761208f9a99c73cd960e6081e0765b370ffbb178151bf792784c05de5c822b56ebb936","ssdeep":"","tlshash":"79c08c7b3c8220304edf725e281c93883860c206a883a202fc2c08ed4ff1e47323ab58","size":164,"data":"","first_seen":"2025-10-01T08:32:45.366407Z","last_seen":"2026-04-29T12:35:19.741138Z","times_seen":67616,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.url-go.ru/","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"b326b5062b2f0e69046810717534cb09","sha1":"5ffe533b830f08a0326348a9160afafc8ada44db","sha256":"b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b","sha512":"9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de","ssdeep":"","tlshash":"5430000000000000000000000000300c00000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:44Z","last_seen":"2026-04-29T12:35:19.748669Z","times_seen":375653,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"euob.northwavepoint.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js","fqdn":"euob.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"52.84.50.75","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0585c04eaa7bcbec6d8795915c767918","sha1":"0b3e745c74d977b49f6dfdf02f824c26e87ca0e1","sha256":"aff0f8385b16c99711455f61ef1334a69af6c6637ee92f580a997d7819eca0e6","sha512":"7c6eab5d932a4416b9f643867c7ad7b749bfd2361bedc957bef68f3b0a26ebc4185af1cee1125126c8e7fb3bf7ac172e1f11fbe51ee60aabf2c714bdedd1fe41","ssdeep":"1536:BYHWmBtxKcH/SVr1usdNU4Rdwxyc7YtGqlwIrIHp1ZcaS3Mx014LonW7xGj1NQD6:iBtjrs04RdPGuIJ1Zc53MZGj1qqY+V3","tlshash":"6fd3d6edb2e27035439324a5157f410ae27b5e513c4f8290d57ae9d4ac78e8e813bfac","size":132182,"data":"","first_seen":"2026-04-27T07:21:04.259157Z","last_seen":"2026-04-29T12:35:19.717089Z","times_seen":535,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.url-go.ru/","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"889ca9e2c79a3ce7aaadbcdfd0ce4ef5","sha1":"b05c2c051bae71f80cb8c289e5a42d4f96d323fa","sha256":"6477acf082d26199b6ce8346b93149b1b999233d9fe76b0340ebf43317cf98f8","sha512":"122a494d50a5e8077cdda40e8d6edb442bb9d89fff078852aad7f84fe24f1c58fe693f0388ca6c9453d1b33036da0b9c4e9fb394a18268e254d306ffc2ca57a3","ssdeep":"","tlshash":"46a002d4b4ed8125564583390104d91cf936c934c0d5701873f0466ca6e700a53610b2","size":62,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-29T12:35:19.743353Z","times_seen":352094,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"url-go.ru/","fqdn":"url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"103.224.182.253","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3b7be536e6cccff88cc3be58e7f3d6ac","sha1":"35e79bb6582709199be5dc56caa99c4682f0fdbb","sha256":"62ede1985eef3dc724fbe052e6c0d08b126514b09566a8e052bff3059e605ff1","sha512":"c33fceb225158b5e6e53f77d5ac8153f0d4d0a3f4e00641c7e6d58785cbc8cb777e18f64ecd087d7a57dbe95dcc51457325a7c2a3e68243d4320afd151d16d20","ssdeep":"","tlshash":"f3f0dc49f4ea39637538107f8ef4000ec1bf0184148da8bcd006671cad4116bf068eeb","size":505,"data":"","first_seen":"2026-04-29T10:35:42.051433Z","last_seen":"2026-04-29T10:35:42.051433Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"url-go.ru/js/fingerprint/iife.min.js","fqdn":"url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"103.224.182.253","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"63f9fd621d1fbd53b7c5856e58c11ccd","sha1":"a46973c2fbdbfeb159e0d717a90f88307e274012","sha256":"c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089","sha512":"d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b","ssdeep":"384:XhQYTcHRx9vfQxcuK83ERxXYxMvtTpIBNwBUZXLew5gc+RW7+5ERNFaqE8E0QI+V:XSbHRTArOGSoyISuNwxJzZbPePKe9y","tlshash":"6cf207d8b2c3b02d227378ba497f6006b63abd55641c4803d57be5c178a4e5a813bfb8","size":34240,"data":"","first_seen":"2023-05-01T16:20:27Z","last_seen":"2026-04-29T12:18:08.275607Z","times_seen":47666,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.url-go.ru/","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6559111e4eae643ce013ce0821e91a02","sha1":"fa1086c9aa2cb2d14f5c13bceefe21511bcdae5a","sha256":"d72255f7e5ea4dfdf9821df800356367d0bc7df07ecd103bb660018cb1e4f400","sha512":"a6e3e096076dc152b69e95709dad8925c9c2799c23ad226b9ce7b6ee78936bea7300b66c92821ea0728ce7433d4f53787f27f5e7101f97e4d882be0a461fc051","ssdeep":"","tlshash":"407000000380020020c80233a200882af228003c00030200c008888800a808002080c2","size":25,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-29T12:35:19.741827Z","times_seen":352069,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.url-go.ru/","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"e5d8c139688b25ef77b263d88ea99150","sha1":"7abc9c61c4966543f66d150c0155bfac575f86a7","sha256":"53e5f34ac520035c7f124076d1e68c70a85c83cf68a339fa713b872b54126148","sha512":"1cd4eb192d987ea1b21f3b553eea3881c807f8bf4a5299982675d57314a0eaa084db1722c38d02eb73178660ecb1ca3667a795a512527f843f2526dc0a99dc20","ssdeep":"","tlshash":"7440000000003000033c0000000000c0000c00000000000000000c00030000000c0000","size":7,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-29T12:35:19.749479Z","times_seen":352102,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"url-go.ru/?tr_uuid=20260429-2035-16f9-9db8-bfd700186bcc\u0026fp=faed01b113cfb270c624ee1aa793ad6c","fqdn":"url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"103.224.182.253","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-29T10:35:17.756Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?tr_uuid=20260429-2035-16f9-9db8-bfd700186bcc\u0026fp=faed01b113cfb270c624ee1aa793ad6c HTTP/1.1\r\nHost: url-go.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __tad=1777458916.2234294\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\ndate: Wed, 29 Apr 2026 10:35:17 GMT\r\nserver: Apache\r\nlocation: http://ww38.url-go.ru/\r\ncontent-length: 0\r\ncontent-type: text/html; charset=UTF-8\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-29T12:35:16.046159Z","times_seen":14375289,"resource_available":true,"data":null}},"time_used":500,"timings":{"blocked":159,"dns":0,"connect":158,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"url-go.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww38.url-go.ru/chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.JBOKAaUVd7eBAHbNSBSwrr35bbtn5w1GLxL0SRwhoH1AclOwZ-wNBQ.BzV_V85230UGOrIxyB1kMg.q8ikP_38mS3ZVuWzHPLN-vYcvzOS3mwz9hkQc3xdzE5qLg5xTuAdEESVEY9LF-MBquz7Nr3xYtWXgNSQ_7Ir2B3bPcAuB-nR90l4p73kn2PEYS0ZcnfdZ1-r3Hk-sIox3GQ4f86an0VMofAE0YyfwT6jOcAprfK8cUzMDqlp458JhVy4popxixs96EPVymVg._qk1fVl4RUvyXLuBHK8d2w\u0026t=69f1dee9\u0026token=647694833e30920256bd10124a1a688df0f9b459","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://ww38.url-go.ru/","date":"2026-04-29T10:35:21.708Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.JBOKAaUVd7eBAHbNSBSwrr35bbtn5w1GLxL0SRwhoH1AclOwZ-wNBQ.BzV_V85230UGOrIxyB1kMg.q8ikP_38mS3ZVuWzHPLN-vYcvzOS3mwz9hkQc3xdzE5qLg5xTuAdEESVEY9LF-MBquz7Nr3xYtWXgNSQ_7Ir2B3bPcAuB-nR90l4p73kn2PEYS0ZcnfdZ1-r3Hk-sIox3GQ4f86an0VMofAE0YyfwT6jOcAprfK8cUzMDqlp458JhVy4popxixs96EPVymVg._qk1fVl4RUvyXLuBHK8d2w\u0026t=69f1dee9\u0026token=647694833e30920256bd10124a1a688df0f9b459 HTTP/1.1\r\nHost: ww38.url-go.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://ww38.url-go.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Wed, 29 Apr 2026 10:35:21 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"9fe3cb2b7313dc79bb477bc8fde184a7","sha1":"4d7b3cb41e90618358d0ee066c45c76227a13747","sha256":"32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864","sha512":"c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db","ssdeep":"","tlshash":"2cc08c26351e2c0c96a322b402c36a50d092c3304c5a19004600420371c31168ac3315","first_seen":"2023-04-05T07:27:09Z","last_seen":"2026-04-29T12:35:19.729235Z","times_seen":85640,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"ww38.url-go.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/ct","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.url-go.ru/","date":"2026-04-29T10:35:22.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 20 Mar 2026 00:00:00 GMT","end":"Thu, 18 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"63:01:A7:5F:69:C9:F4:CA:14:E8:31:C9:DB:15:7B:8A:1F:A6:CC:71","sha256":"59:47:6E:B3:83:61:0A:EE:D7:C8:81:85:BA:89:F4:49:9F:B7:84:93:0C:2E:A3:FA:3E:45:AD:38:0C:AA:9C:D7"}}},"request":{"raw":"POST /ct HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 4480\r\nOrigin: http://ww38.url-go.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.url-go.ru/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":4480,"data":"id=92098\u0026url=http%3A%2F%2Fww38.url-go.ru%2F\u0026sf=0\u0026tpi=\u0026ch=AdsDeli%20-%20iFrame\u0026uvid=647694833e30920256bd10124a1a688df0f9b459\u0026tsf=0\u0026tsfmi=\u0026tsfu=\u0026cb=1777458922285\u0026hl=3\u0026op=0\u0026ag=2881387774\u0026rand=04710275752065259779279501785502670900092287599219675051089001210617111759890145206019762060\u0026fs=1280x1024\u0026fst=1280x1024\u0026np=win32\u0026nv=\u0026ref=\u0026ss=1280x1024\u0026nc=0\u0026at=\u0026di=W1siZWYiLDgwNzddLFsiYWJuY2giLDEwXSxbLTEyLCJcIjFcIiJdLFstMjQsIltdIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstMSwiTGludXggeDg2XzY0Il0sWy01NSwiMCJdLFstNjIsIjU4Il0sWy02NywiLSJdLFstNzIsIkV4VT0iXSxbLTcsIi0iXSxbLTgsIi0iXSxbLTEzLCItIl0sWy0yNSwiLSJdLFstMjcsIi0iXSxbLTQ4LCJbXCItXCIsXCItXCIsXCItXCIsXCItXCIsXCItXCJdIl0sWy01MSwiLSJdLFstNzQsIi0iXSxbLTksIi0iXSxbLTM3LCItIl0sWy00LCItIl0sWy01MywiMDAxIl0sWy03MCwiLSJdLFstMTAsIi0iXSxbLTMxLCJmYWxzZSJdLFstMzMsIi0iXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDAxMTEwMDEwMDAwMDEwMDAwMDAwMDAwMDEwIl0sWy00NiwiMCJdLFstNSwiLSJdLFstNTgsIi0iXSxbLTU5LCItIl0sWy02NiwiLSJdLFstNjgsIi0iXSxbLTY5LCJXaW4zMnx8fDQ4fC18LSJdLFstMzksIltcIjIwMTAwMTAxXCIsMixcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLFwiMjAxODEwMDEwMDAwMDBcIixudWxsLGZhbHNlLG51bGwsZmFsc2UsbnVsbCw1LHRydWUsZmFsc2UsbnVsbCwwLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlXSJdLFstNDEsIi0iXSxbLTUwLCItIl0sWy01NCwie1wiaFwiOltcIjMyOTk3Mjg0NTJcIixcIjgyMjgyMzExOVwiLFwiOTgzMjI2MjkwXCIsXCIyODcyODk5MzIwXCIsXCJfM1wiLFwiMjg3Mjg5OTMyMFwiXSxcImRcIjpbXSxcImJcIjpbXSxcInNcIjoxfSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy02NCwiLSJdLFstMjMsIisiXSxbLTM1LCJbMTc3NzQ1ODkyMjA1MSwwXSJdLFstNDksIi0iXSxbLTc1LCIoaW50ZXJtZWRpYXRlIHZhbHVlKS5zb21lRnVuYyBpcyBub3QgYSBmdW5jdGlvbiJdLFstMzgsImksLTEsLTEsMSwwLDE4LDAsMSwxMDIsMjE5LC0xLDAsLDUyMSw4NDYsODQ2Il0sWy03MywiRWhRPSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6MzYsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwibGx2bXBpcGVcIixcInNlZlwiOjQ5NDE5NTA0MyxcInNlY1wiOlwiXCJ9Il0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwib25SVEJGYWlsdXJlXCIsXCJvblJUQlN1Y2Nlc3NcIixcIk5vdGlmeVBhaW50RXZlbnRcIixcIl9fY3RjZ19jdF85MjA5OF9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstNDAsIjM3Il0sWy00NCwiMCw1LDAsNSJdLFstMiwiNyxJc045bkduV2JBWUFJeE5mUWFPcUdFMENGQVFzY0cwMEluaE9iWUJBS1lVT3pRTzZFWDAyMEltR0xjdTYydXJkUC9jMmQycE5tVlpBd2YzLy84ejc5R3JIYTFXdTNPbVhQUHZlIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy01NywiUzNsUlRVMUpTZ01XRmx4TVZsc1hWMVpMVFZGT1dFOWNTVlpRVjAwWFdsWlVGa3BCU1JaUUZnOEtEMThCV3dFTUFWOFBBUWhZV2xzT1cxOVlEMThNQVFwWUFBOFBDZ2xZRjFOS0F3Z0REd0VMQ0E4VkRnZ0FGazBYWEVGSlZrdE5TaFlGZVZGTlRVbEtBeFlXWEV4V1d4ZFhWa3ROVVU1WVQxeEpWbEJYVFJkYVZsUVdTa0ZKRmxBV0R3b1BYd0ZiQVF3Qlh3OEJDRmhhV3c1YlgxZ1BYd3dCQ2xnQUR3OEtDVmdYVTBvRENBTVBBUTBJQ2hWS1hFMXRVRlJjVmt4TkdWRllWMTFWWEVzVERnZ0FGazBYWEVGSlZrdE5TaFlGZVZGTlRVbEtBeFlXWEV4V1d4ZFhWa3ROVVU1WVQxeEpWbEJYVFJkYVZsUVdTa0ZKRmxBV0R3PT0iXSxbLTYxLCItIl0sWy02NSwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCJdfSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDEyODAsMTAyNCwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwwLDAsMCwwLFwiLVwiLFwiLVwiLDEyODAsMTAyNCxudWxsXSJdLFstMjAsIi0iXSxbLTI5LCItIl0sWy0zMCwiW1widlwiLDBdIl0sWy0zMiwiMCJdLFstMzQsIi0iXSxbLTQ1LCI3NTIsMCwwLDcxOSwwLDAsNzYxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTcxLCJhMDEwMDEwMTEwMDEwMDEwMTAwMDEwMTAwMTEwMTEwMDAwMDAxMCJdLFstMTQsIi0iXSxbLTE1LCItIl0sWyJibmNoIiwzNDVdLFstMTgsIlsxLDAsMCwwXSJdLFstMjYsIi0iXSxbLTQyLCI4ODMzOTkwMTYiXSxbLTUyLCItIl0sWy02MCwiLSJdLFstNjMsIi0iXSxbLTE2LCIwIl0sWy0xNywiNDgiXSxbLTIxLCItIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTc2LCItIl0sWyJkZGIiLCIwLDgsMCwxLDEsMywwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwyLDIsMCwwLDEsMywwLDEsMCwwLDAsMCwxLDQsNDIsMCwyNCwxLDEsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMSwxLDAsMCwwLDEiXSxbImNiIiwiMCwwLDAsMCwwLDAsMCwwLDAsMyw3LDEsMzksMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwxLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDEsMywwLDAsMCwxLDAsMCwwLDAsMCJdXQ%3D%3D\u0026dep=0\u0026pre=0\u0026sdd=\u0026cri=wlelDpuJN6\u0026pto=1077\u0026ver=65\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1777458922.5KWykGQdY31d6TBA\u0026suid=1.1777458922.UNOgPmJk0BTJ7tTu\u0026tuid=1.1777458922.yqrb7UKTK1h1u3nI\u0026sid=1.1777458922287.zlrfS3NlzSHlehLb\u0026fbc=-\u0026gtm=-\u0026it=5%2C480%2C72\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=\u0026sck=-\u0026io=aGA2Oi15fzZz"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.url-go.ru\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Wed, 29 Apr 2026 10:35:22 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\nset-cookie: cg_uuid=2e155a30509556d7f2b2454e0a75e8e4; Max-Age=29030400; Path=/; Expires=Wed, 31 Mar 2027 10:35:22 GMT; HttpOnly; Secure; SameSite=None\r\ntiming-allow-origin: http://ww38.url-go.ru\r\ncontent-length: 1391\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4078,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"a8a4b2b89ffc6a8f585971c15cb3454c","sha1":"44c560bdd3eb7aca72a705aeeb70c89b255bf269","sha256":"c5581b946c8f1f75999331f8fe8029da196a737262568882cd8d921ee59040a2","sha512":"d777d2e53117221bdb133615e996f3cd3aecc3753b84dd6e9cb4441acdb7f7ae2a4fd6e583bb313b5a36f487c171def05902012291b97604c8498637b7a97375","ssdeep":"","tlshash":"b581f9707eddaf6089aa68bac513fd9226c54467e6f55c9cd4e8834356d3780ef53400","first_seen":"2026-04-29T10:35:42.03316Z","last_seen":"2026-04-29T10:35:42.03316Z","times_seen":1,"resource_available":false,"data":null}},"time_used":311,"timings":{"blocked":127,"dns":14,"connect":36,"send":0,"wait":55,"receive":0,"ssl":76},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126de9c330e24e889f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd163250229657515c35015fcfbb6e4931a562e037db4df5976ef00368a958252f15c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e77b96b408731929abf4f7c5ce76ba8c8d0bbd03cd5f6b61c4ecc9bdf265918fe6798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d13a866428c1c6399a208fc0f4e1dbbaf1132bea3df4eeab6a0e6aaed96290b440bb595452c55748fbafc38681fcc56898649089b6c820b8323b24837c2c8484965e6788a833e541e6990dce378c7b536d53c23dfd429ecc8a6fbb883f8752a783dfcf6c8b5a5266f052540b3e453e89ec66b764dac78028b3b563bdc86c95c2a7be798f91e95461729ec2580483f7461a4cb4fcec74ae519bea5cede832b660bd389552d408caa13cc61b3bf9a792673d237d0a2a0a5f0bb7e88c6dd61eaa4c4e422ce4a946df991e10e3b1dfbbbb70dfece6f49ae5acf94c5321f84182aa446881437906d0625c6d71f17aab6a04c4ebc00e96728360d2ff3ec7aa0c877a08262706791b95c2e6c5390032d34332f487b0b8b19e5561ecc1af61848c36228cc0182e68e790de5126b3228d569d18fd5ae56d8ca84e82e13290fff2d5dc2327fdfc2927c72ff29fbab917826d331102906d4b59b3a141c6ad56989efeb330b686df324b3419c72fb717e815e49363fd5f5f33037e246deb5a92936704fd3ebcf8a6649d9612d21626f84823728de2d31648ba24b79c1adb07310242a0296cdffec562ca4b2cdad846e3cdd7fe8042d855493055af3537589c8c1e03f96fb6eccb2d93c1b34d0e29e0782a150dcf1650fa8bb15b42d2707bd2978741ced4a6dd0074ef22b10676449d0d3175d0d007418fcaf194a6eb55f330f82b8979dd9d5a97fff23933e7945cd0ccfdeb93e1dc86261dcf94670adc7cc7488f54f38372f69b929232c4df97adad193386fdf4b9169303d4401c704e348ccd796f9c30b70896db24b10570b32f0a8961f1db0c2bfb34355307c9aa8b6497d14c26715561cccd9ee9c97d841fbbb02067d5fb567a571e3a6266bd74a1f12d06a2e48588\u0026cri=wlelDpuJN6\u0026ts=241\u0026cb=1777458922526","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww38.url-go.ru/","date":"2026-04-29T10:35:22.562Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 20 Mar 2026 00:00:00 GMT","end":"Thu, 18 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"63:01:A7:5F:69:C9:F4:CA:14:E8:31:C9:DB:15:7B:8A:1F:A6:CC:71","sha256":"59:47:6E:B3:83:61:0A:EE:D7:C8:81:85:BA:89:F4:49:9F:B7:84:93:0C:2E:A3:FA:3E:45:AD:38:0C:AA:9C:D7"}}},"request":{"raw":"GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126de9c330e24e889f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd163250229657515c35015fcfbb6e4931a562e037db4df5976ef00368a958252f15c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e77b96b408731929abf4f7c5ce76ba8c8d0bbd03cd5f6b61c4ecc9bdf265918fe6798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d13a866428c1c6399a208fc0f4e1dbbaf1132bea3df4eeab6a0e6aaed96290b440bb595452c55748fbafc38681fcc56898649089b6c820b8323b24837c2c8484965e6788a833e541e6990dce378c7b536d53c23dfd429ecc8a6fbb883f8752a783dfcf6c8b5a5266f052540b3e453e89ec66b764dac78028b3b563bdc86c95c2a7be798f91e95461729ec2580483f7461a4cb4fcec74ae519bea5cede832b660bd389552d408caa13cc61b3bf9a792673d237d0a2a0a5f0bb7e88c6dd61eaa4c4e422ce4a946df991e10e3b1dfbbbb70dfece6f49ae5acf94c5321f84182aa446881437906d0625c6d71f17aab6a04c4ebc00e96728360d2ff3ec7aa0c877a08262706791b95c2e6c5390032d34332f487b0b8b19e5561ecc1af61848c36228cc0182e68e790de5126b3228d569d18fd5ae56d8ca84e82e13290fff2d5dc2327fdfc2927c72ff29fbab917826d331102906d4b59b3a141c6ad56989efeb330b686df324b3419c72fb717e815e49363fd5f5f33037e246deb5a92936704fd3ebcf8a6649d9612d21626f84823728de2d31648ba24b79c1adb07310242a0296cdffec562ca4b2cdad846e3cdd7fe8042d855493055af3537589c8c1e03f96fb6eccb2d93c1b34d0e29e0782a150dcf1650fa8bb15b42d2707bd2978741ced4a6dd0074ef22b10676449d0d3175d0d007418fcaf194a6eb55f330f82b8979dd9d5a97fff23933e7945cd0ccfdeb93e1dc86261dcf94670adc7cc7488f54f38372f69b929232c4df97adad193386fdf4b9169303d4401c704e348ccd796f9c30b70896db24b10570b32f0a8961f1db0c2bfb34355307c9aa8b6497d14c26715561cccd9ee9c97d841fbbb02067d5fb567a571e3a6266bd74a1f12d06a2e48588\u0026cri=wlelDpuJN6\u0026ts=241\u0026cb=1777458922526 HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.url-go.ru/\r\nCookie: cg_uuid=2e155a30509556d7f2b2454e0a75e8e4\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\ndate: Wed, 29 Apr 2026 10:35:22 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\ncontent-length: 43\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"db04c7b378cb2db912c3ba8a5a774ee3","sha1":"dee34bd86c3484d31002182aa2b7caa4699126b8","sha256":"98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a","sha512":"826225fc21717d8861a05b9d2f959539aad2d2b131b2afed75d88fbca535e1b0d5a0da8ac69713a0876a0d467848a37a0a7f926aeafad8cf28201382d16466ab","ssdeep":"","tlshash":"6490000bca888002caa2c0302b8883022b88b0320228832e80bc30a8ee3b3a20c02000","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-29T12:35:19.73273Z","times_seen":372404,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/mon","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.url-go.ru/","date":"2026-04-29T10:35:23.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 20 Mar 2026 00:00:00 GMT","end":"Thu, 18 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"63:01:A7:5F:69:C9:F4:CA:14:E8:31:C9:DB:15:7B:8A:1F:A6:CC:71","sha256":"59:47:6E:B3:83:61:0A:EE:D7:C8:81:85:BA:89:F4:49:9F:B7:84:93:0C:2E:A3:FA:3E:45:AD:38:0C:AA:9C:D7"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2920\r\nOrigin: http://ww38.url-go.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.url-go.ru/\r\nCookie: cg_uuid=2e155a30509556d7f2b2454e0a75e8e4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2920,"data":"e=37dfbd8ee84e00126de9c330e24e889f9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd163250229657515c35015fcfbb6e4931a562e037db4df5976ef00368a958252f15c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e77b96b408731929abf4f7c5ce76ba8c8d0bbd03cd5f6b61c4ecc9bdf265918fe6798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d13a866428c1c6399a208fc0f4e1dbbaf1132bea3df4eeab6a0e6aaed96290b440bb595452c55748fbafc38681fcc56898649089b6c820b8323b24837c2c8484965e6788a833e541e6990dce378c7b536d53c23dfd429ecc8a6fbb883f8752a783dfcf6c8b5a5266f052540b3e453e89ec66b764dac78028b3b563bdc86c95c2a7be798f91e95461729ec2580483f7461a4cb4fcec74ae519bea5cede832b660bd389552d408caa13cc61b3bf9a792673d237d0a2a0a5f0bb7e88c6dd61eaa4c4e422ce4a946df991e10e3b1dfbbbb70dfece6f49ae5acf94c5321f84182aa446881437906d0625c6d71f17aab6a04c4ebc00e96728360d2ff3ec7aa0c877a08262706791b95c2e6c5390032d34332f487b0b8b19e5561ecc1af61848c36228cc0182e68e790de5126b3228d569d18fd5ae56d8ca84e82e13290fff2d5dc2327fdfc2927c72ff29fbab917826d331102906d4b59b3a141c6ad56989efeb330b686df324b3419c72fb717e815e49363fd5f5f33037e246deb5a92936704fd3ebcf8a6649d9612d21626f84823728de2d31648ba24b79c1adb07310242a0296cdffec562ca4b2cdad846e3cdd7fe8042d855493055af3537589c8c1e03f96fb6eccb2d93c1b34d0e29e0782a150dcf1650fa8bb15b42d2707bd2978741ced4a6dd0074ef22b10676449d0d3175d0d007418fcaf194a6eb55f330f82b8979dd9d5a97fff23933e7945cd0ccfdeb93e1dc86261dcf94670adc7cc7488f54f38372f69b929232c4df97adad193386fdf4b9169303d4401c704e348ccd796f9c30b70896db24b10570b32f0a8961f1db0c2bfb34355307c9aa8b6497d14c26715561cccd9ee9c97d841fbbe1\u0026cri=wlelDpuJN6\u0026sf=0\u0026dc=Nz87IzNEIzQ0bjQjNDQjNEVoc2pqIzRFNz8yIzRFMjYxPiM0RTc3MjQjNEU3NDc%2FIzRFNzc2NSM0RTc0Nz8jNEU3Nj42IzRFNiM0RTc1IzRFNzQxNSM0RTc0MTIjM0IgNTc7IzFEIzQ0cSM0NCM1RzcxNCM0RSM0NG4jNDQjNUcyNCM0RSM0NGRZIzQ0IzVHMCMxQiAxNzsjMUQjNDRvaGUjNDQjNUc3IzRFIzQ0ZFkjNDQjNUc2IzFCIDcyNzsjMUQjNDR1IzQ0IzVHNyM0RSM0NGRZIzQ0IzVHNiMxQiA3Mz87IzFEIzQ0YzYjNDQjNUcjNDRwKGFjckRncnJjdH8jNDZvdSM0NmhpciM0NmcjNDZgc2hlcm9paCM0NCM0RSM0NGRZIzQ0IzVHNiMxQiA1NDA7IzNEIzFEIzQ0ZCM0NCM1RzYjNEUjNDR1IzQ0IzVHIzQ0NyM0NCMxQiM0RSMxRCM0NGQjNDQjNUc2IzRFIzQ0dSM0NCM1RyM0NDcjNDQjMUIjM0IgMzQ2OyMxRCM0NHYjNDQjNUcjNDRRb2g1NCM0NCM0RSM0NGojNDQjNUcjM0QjNDRjaCtTVSM0NCM0RSM0NGNoIzQ0IzNCIzRFIzQ0bmUjNDQjNUcyPiM0RSM0NHFhcCM0NCM1RyM0NEtjdWcjNDQjNEUjNDRxYXQjNDQjNUcjNDRqanBrdm92YyM0NCM0RSM0NGRZIzQ0IzVHMDMjMUIgPjEyOyMxRCM0NHUjNDQjNUc2IzRFIzQ0YyM0NCM1RyM0NFZzZGpvZU1jf0V0Y2JjaHJvZ2ojNDZvdSM0NmhpciM0NmJjYG9oY2IjNDQjNEUjNDRkWSM0NCM1RzYjMUI%3D\u0026cp=1\u0026gtm=-\u0026gac=-\u0026uvid=647694833e30920256bd10124a1a688df0f9b459\u0026tb=1\u0026ich=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=1002\u0026mo=0\u0026pn=2315\u0026spn=1313\u0026sck=-\u0026fp=521\u0026f_mt=\u0026s_mt=\u0026t_mt=\u0026l_mt=\u0026m_mt=0"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.url-go.ru\r\ncontent-type: application/json\r\ndate: Wed, 29 Apr 2026 10:35:23 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-29T12:35:16.046159Z","times_seen":14375289,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/mon","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.url-go.ru/","date":"2026-04-29T10:35:25.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 20 Mar 2026 00:00:00 GMT","end":"Thu, 18 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"63:01:A7:5F:69:C9:F4:CA:14:E8:31:C9:DB:15:7B:8A:1F:A6:CC:71","sha256":"59:47:6E:B3:83:61:0A:EE:D7:C8:81:85:BA:89:F4:49:9F:B7:84:93:0C:2E:A3:FA:3E:45:AD:38:0C:AA:9C:D7"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2058\r\nOrigin: http://ww38.url-go.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.url-go.ru/\r\nCookie: cg_uuid=2e155a30509556d7f2b2454e0a75e8e4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2058,"data":"e=37dfbd8ee84e00126de9c330e24e889f9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd163250229657515c35015fcfbb6e4931a562e037db4df5976ef00368a958252f15c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e77b96b408731929abf4f7c5ce76ba8c8d0bbd03cd5f6b61c4ecc9bdf265918fe6798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d13a866428c1c6399a208fc0f4e1dbbaf1132bea3df4eeab6a0e6aaed96290b440bb595452c55748fbafc38681fcc56898649089b6c820b8323b24837c2c8484965e6788a833e541e6990dce378c7b536d53c23dfd429ecc8a6fbb883f8752a783dfcf6c8b5a5266f052540b3e453e89ec66b764dac78028b3b563bdc86c95c2a7be798f91e95461729ec2580483f7461a4cb4fcec74ae519bea5cede832b660bd389552d408caa13cc61b3bf9a792673d237d0a2a0a5f0bb7e88c6dd61eaa4c4e422ce4a946df991e10e3b1dfbbbb70dfece6f49ae5acf94c5321f84182aa446881437906d0625c6d71f17aab6a04c4ebc00e96728360d2ff3ec7aa0c877a08262706791b95c2e6c5390032d34332f487b0b8b19e5561ecc1af61848c36228cc0182e68e790de5126b3228d569d18fd5ae56d8ca84e82e13290fff2d5dc2327fdfc2927c72ff29fbab917826d331102906d4b59b3a141c6ad56989efeb330b686df324b3419c72fb717e815e49363fd5f5f33037e246deb5a92936704fd3ebcf8a6649d9612d21626f84823728de2d31648ba24b79c1adb07310242a0296cdffec562ca4b2cdad846e3cdd7fe8042d855493055af3537589c8c1e03f96fb6eccb2d93c1b34d0e29e0782a150dcf1650fa8bb15b42d2707bd2978741ced4a6dd0074ef22b10676449d0d3175d0d007418fcaf194a6eb55f330f82b8979dd9d5a97fff23933e7945cd0ccfdeb93e1dc86261dcf94670adc7cc7488f54f38372f69b929232c4df97adad193386fdf4b9169303d4401c704e348ccd796f9c30b70896db24b10570b32f0a8961f1db0c2bfb34355307c9aa8b6497d14c26715561cccd9ee9c97d841fbbe1\u0026cri=wlelDpuJN6\u0026sf=0\u0026dc=\u0026cp=3\u0026gtm=-\u0026gac=-\u0026uvid=647694833e30920256bd10124a1a688df0f9b459\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=3008\u0026mo=0\u0026pn=4322\u0026spn=1313\u0026sck=-\u0026fp=521\u0026f_mt=\u0026s_mt=\u0026t_mt=\u0026l_mt=\u0026m_mt=0\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.url-go.ru\r\ncontent-type: application/json\r\ndate: Wed, 29 Apr 2026 10:35:25 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-29T12:35:16.046159Z","times_seen":14375289,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/mon","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.url-go.ru/","date":"2026-04-29T10:35:32.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 20 Mar 2026 00:00:00 GMT","end":"Thu, 18 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"63:01:A7:5F:69:C9:F4:CA:14:E8:31:C9:DB:15:7B:8A:1F:A6:CC:71","sha256":"59:47:6E:B3:83:61:0A:EE:D7:C8:81:85:BA:89:F4:49:9F:B7:84:93:0C:2E:A3:FA:3E:45:AD:38:0C:AA:9C:D7"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2061\r\nOrigin: http://ww38.url-go.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.url-go.ru/\r\nCookie: cg_uuid=2e155a30509556d7f2b2454e0a75e8e4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2061,"data":"e=37dfbd8ee84e00126de9c330e24e889f9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd163250229657515c35015fcfbb6e4931a562e037db4df5976ef00368a958252f15c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e77b96b408731929abf4f7c5ce76ba8c8d0bbd03cd5f6b61c4ecc9bdf265918fe6798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d13a866428c1c6399a208fc0f4e1dbbaf1132bea3df4eeab6a0e6aaed96290b440bb595452c55748fbafc38681fcc56898649089b6c820b8323b24837c2c8484965e6788a833e541e6990dce378c7b536d53c23dfd429ecc8a6fbb883f8752a783dfcf6c8b5a5266f052540b3e453e89ec66b764dac78028b3b563bdc86c95c2a7be798f91e95461729ec2580483f7461a4cb4fcec74ae519bea5cede832b660bd389552d408caa13cc61b3bf9a792673d237d0a2a0a5f0bb7e88c6dd61eaa4c4e422ce4a946df991e10e3b1dfbbbb70dfece6f49ae5acf94c5321f84182aa446881437906d0625c6d71f17aab6a04c4ebc00e96728360d2ff3ec7aa0c877a08262706791b95c2e6c5390032d34332f487b0b8b19e5561ecc1af61848c36228cc0182e68e790de5126b3228d569d18fd5ae56d8ca84e82e13290fff2d5dc2327fdfc2927c72ff29fbab917826d331102906d4b59b3a141c6ad56989efeb330b686df324b3419c72fb717e815e49363fd5f5f33037e246deb5a92936704fd3ebcf8a6649d9612d21626f84823728de2d31648ba24b79c1adb07310242a0296cdffec562ca4b2cdad846e3cdd7fe8042d855493055af3537589c8c1e03f96fb6eccb2d93c1b34d0e29e0782a150dcf1650fa8bb15b42d2707bd2978741ced4a6dd0074ef22b10676449d0d3175d0d007418fcaf194a6eb55f330f82b8979dd9d5a97fff23933e7945cd0ccfdeb93e1dc86261dcf94670adc7cc7488f54f38372f69b929232c4df97adad193386fdf4b9169303d4401c704e348ccd796f9c30b70896db24b10570b32f0a8961f1db0c2bfb34355307c9aa8b6497d14c26715561cccd9ee9c97d841fbbe1\u0026cri=wlelDpuJN6\u0026sf=0\u0026dc=\u0026cp=10\u0026gtm=-\u0026gac=-\u0026uvid=647694833e30920256bd10124a1a688df0f9b459\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=10018\u0026mo=0\u0026pn=11331\u0026spn=1313\u0026sck=-\u0026fp=521\u0026f_mt=\u0026s_mt=\u0026t_mt=\u0026l_mt=\u0026m_mt=0\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.url-go.ru\r\ncontent-type: application/json\r\ndate: Wed, 29 Apr 2026 10:35:32 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-29T12:35:16.046159Z","times_seen":14375289,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"url-go.ru/","fqdn":"url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"103.224.182.253","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-29T10:35:15.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apdigital.com.au","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 23:39:59 GMT","end":"Fri, 29 May 2026 23:39:58 GMT"},"fingerprint":{"sha1":"3B:F4:D4:C6:FD:6D:50:6E:A5:30:1A:E0:3C:90:E6:08:EC:91:4B:1F","sha256":"4E:58:3C:0A:20:8C:FF:32:29:58:C0:3E:B9:FA:95:A3:84:06:FF:6C:16:2A:0D:7C:3D:53:E7:2C:67:EA:72:2A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: url-go.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Wed, 29 Apr 2026 10:35:16 GMT\r\nserver: Apache\r\nset-cookie: __tad=1777458916.2234294; expires=Sat, 26 Apr 2036 10:35:16 GMT; Max-Age=315360000\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 565\r\ncontent-type: text/html; charset=UTF-8\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1040,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"e0b1f284562edf4784951c8f69ac76dd","sha1":"8af1d0a9bf377cd7891c2a8b5bafc6fc7988d42e","sha256":"021c3e96d37bcd00d520e3375049822b5519921b7217128d8abf71273e42b6f3","sha512":"6a0f64020e90737b993668640c63f59d715c41d78f762748efb2e9f9944d3e32e90f641605b68bc19f814db8bc76d6241af0c66b81a37451f6a17178d67e4bb4","ssdeep":"","tlshash":"b311c206bc95a4037435455d9df4a00dc0ab628491dc9c7cd0d5e6adad882baed29ece","first_seen":"2026-04-29T10:35:42.037354Z","last_seen":"2026-04-29T10:35:42.037354Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1377,"timings":{"blocked":590,"dns":239,"connect":161,"send":0,"wait":198,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"url-go.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"url-go.ru/js/fingerprint/iife.min.js","fqdn":"url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"103.224.182.253","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://url-go.ru/","date":"2026-04-29T10:35:16.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apdigital.com.au","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 23:39:59 GMT","end":"Fri, 29 May 2026 23:39:58 GMT"},"fingerprint":{"sha1":"3B:F4:D4:C6:FD:6D:50:6E:A5:30:1A:E0:3C:90:E6:08:EC:91:4B:1F","sha256":"4E:58:3C:0A:20:8C:FF:32:29:58:C0:3E:B9:FA:95:A3:84:06:FF:6C:16:2A:0D:7C:3D:53:E7:2C:67:EA:72:2A"}}},"request":{"raw":"GET /js/fingerprint/iife.min.js HTTP/1.1\r\nHost: url-go.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://url-go.ru/\r\nCookie: __tad=1777458916.2234294\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Wed, 29 Apr 2026 10:35:17 GMT\r\nserver: Apache\r\nlast-modified: Mon, 28 Apr 2025 06:31:33 GMT\r\netag: \"85c0-633d0d5c5fb40\"\r\naccept-ranges: bytes\r\ncontent-length: 34240\r\ncontent-type: text/javascript\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":34240,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33896), with CRLF line terminators","md5":"63f9fd621d1fbd53b7c5856e58c11ccd","sha1":"a46973c2fbdbfeb159e0d717a90f88307e274012","sha256":"c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089","sha512":"d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b","ssdeep":"384:XhQYTcHRx9vfQxcuK83ERxXYxMvtTpIBNwBUZXLew5gc+RW7+5ERNFaqE8E0QI+V:XSbHRTArOGSoyISuNwxJzZbPePKe9y","tlshash":"6cf207d8b2c3b02d227378ba497f6006b63abd55641c4803d57be5c178a4e5a813bfb8","first_seen":"2023-05-01T16:20:27Z","last_seen":"2026-04-29T12:18:08.275607Z","times_seen":47666,"resource_available":true,"data":null}},"time_used":1070,"timings":{"blocked":349,"dns":1,"connect":161,"send":0,"wait":347,"receive":24,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"url-go.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ww38.url-go.ru/","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-29T10:35:18.103Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ww38.url-go.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-29T12:35:16.046159Z","times_seen":14375289,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"ww38.url-go.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww38.url-go.ru/favicon.ico","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww38.url-go.ru/","date":"2026-04-29T10:35:21.829Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ww38.url-go.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.url-go.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 29 Apr 2026 10:35:21 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 0\r\nLast-Modified: Wed, 11 Sep 2024 11:38:26 GMT\r\nConnection: keep-alive\r\nETag: \"66e18132-0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-29T12:35:16.046159Z","times_seen":14375289,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"ww38.url-go.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"yfdpco4.com/sk-park.php?pid=9PO15V947\u0026dn=url-go.ru\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.url-go.ru%2F\u0026al=en-US%2Cen%3Bq%3D0.5","fqdn":"yfdpco4.com","domain":"yfdpco4.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://ww38.url-go.ru/","date":"2026-04-29T10:35:21.831Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sk-park.php?pid=9PO15V947\u0026dn=url-go.ru\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.url-go.ru%2F\u0026al=en-US%2Cen%3Bq%3D0.5 HTTP/1.1\r\nHost: yfdpco4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.url-go.ru/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Wed, 29 Apr 2026 10:35:12 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nx-sc-h: 21-2ajn\r\nvia: 1.1 google\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":122,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text","md5":"db171399f30720426c517b75a3d360fc","sha1":"0a4cb81a6408190e174ad35af4ebf68750ccf6e8","sha256":"8f2bfe0930e83fac5390c0423d979f5ddf50a09d9646524f57809e68b067219f","sha512":"e8bf2c470761589ebc69d105bc090eb858069d4f7cac3b05b8dfee9b0390b7b73c9ff5cd10bbf676a36fd242b7acf32a99dfc32bf98deb2730c38a79b5cce2a1","ssdeep":"","tlshash":"a3b0922c9144994a4486885078924e4ba6afe21944ac62840ab7806e62ce6eee89b308","first_seen":"2025-06-18T07:18:53.481167Z","last_seen":"2026-04-29T10:35:42.041386Z","times_seen":5970,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":140,"dns":14,"connect":128,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"url-go.ru/favicon.ico","fqdn":"url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://url-go.ru/","date":"2026-04-29T10:35:17.434Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: url-go.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://url-go.ru/\r\nCookie: __tad=1777458916.2234294\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-29T12:35:16.046159Z","times_seen":14375289,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":1,"connect":163,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"url-go.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww38.url-go.ru/","fqdn":"ww38.url-go.ru","domain":"url-go.ru","tld":"ru"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-29T10:35:21.229Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ww38.url-go.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 29 Apr 2026 10:35:21 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile\r\nAccept-Ch-Lifetime: 30\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nVia: 0.0 Caddy\r\nX-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_lthHpucPZTYXfszcuHIDWufRVb5JxAjPMbDmz2V4rSPKFspc25hEn9ME/6kRDV5Mrwu3owVN+PKiHOvnV33i5g==\r\nX-Domain: url-go.ru\r\nX-Pcrew-Blocked-Reason: hosting network\r\nX-Pcrew-Ip-Organization: Blix Solutions\r\nX-Redirect: skenzo\r\nX-Subdomain: ww38\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15622,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (426)","md5":"fa1b9d1a73dad6e4d405800a76b26eeb","sha1":"39a268a507c68b8c201c45145276ad4371467e6b","sha256":"1e5b854fcf426885074ca84299bf0fe0210eb5107e8eafd1876ba9919f72d974","sha512":"2637d66674e27c325471cbcd9aedf4f8809b615601634f460dca3d7fec78d2bebcc7d513f9a45875a639b38a4b401cd2d275869d1c7a1c5dfc4378086e3e23e1","ssdeep":"192:uR8pKfsTxcYoHSiF57zA5GYJcFaeKhJOJdt+/e+V0llPBV8YoHsfOBro2Tc/e:uexcYoHSiF5vno/XYoHsfO2/e","tlshash":"9c62b7476be31519f11b80a98f9aa34932189107d60fcdacfaec76a8df4c1d42163bdc","first_seen":"2026-04-29T10:35:42.04269Z","last_seen":"2026-04-29T10:35:42.04269Z","times_seen":1,"resource_available":true,"data":null}},"time_used":425,"timings":{"blocked":102,"dns":1,"connect":102,"send":0,"wait":219,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"ww38.url-go.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"euob.northwavepoint.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js","fqdn":"euob.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"52.84.50.75","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww38.url-go.ru/","date":"2026-04-29T10:35:21.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Thu, 29 Jan 2026 00:00:00 GMT","end":"Sat, 27 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"CC:B5:FD:45:6E:B8:DC:24:11:6A:30:38:E9:1D:FB:81:45:2E:FA:8D","sha256":"32:3C:54:8F:1C:33:6B:BE:0F:39:18:D6:DB:E7:61:78:95:9A:27:61:E7:33:FF:DA:F0:5E:F5:B4:82:D5:5E:A7"}}},"request":{"raw":"GET /sxp/i/636f8b858f681acb7bfa6f583a96630a.js HTTP/1.1\r\nHost: euob.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.url-go.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 49498\r\ncontent-encoding: gzip\r\nserver: Caddy\r\netag: \"20456-Cz50XHTZd7Sfbf3wL4JMJuh8oOE\"\r\ndate: Wed, 29 Apr 2026 07:05:10 GMT\r\ncache-control: max-age=43200\r\nexpires: Wed, 29 Apr 2026 14:49:22 GMT\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 a0228782537cf4c86245da194c3750e4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: gE7ALvzM7leC4uqXWLUyftdR8l3OWgxwJhiUCn-92d3EV8vNR5BB0g==\r\nage: 27959\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":132182,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"data","md5":"0585c04eaa7bcbec6d8795915c767918","sha1":"0b3e745c74d977b49f6dfdf02f824c26e87ca0e1","sha256":"aff0f8385b16c99711455f61ef1334a69af6c6637ee92f580a997d7819eca0e6","sha512":"7c6eab5d932a4416b9f643867c7ad7b749bfd2361bedc957bef68f3b0a26ebc4185af1cee1125126c8e7fb3bf7ac172e1f11fbe51ee60aabf2c714bdedd1fe41","ssdeep":"1536:BYHWmBtxKcH/SVr1usdNU4Rdwxyc7YtGqlwIrIHp1ZcaS3Mx014LonW7xGj1NQD6:iBtjrs04RdPGuIJ1Zc53MZGj1qqY+V3","tlshash":"6fd3d6edb2e27035439324a5157f410ae27b5e513c4f8290d57ae9d4ac78e8e813bfac","first_seen":"2026-04-27T07:21:04.259157Z","last_seen":"2026-04-29T12:35:19.717089Z","times_seen":535,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":54,"dns":40,"connect":1,"send":0,"wait":2,"receive":2,"ssl":9},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"euob.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/mon","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.url-go.ru/","date":"2026-04-29T10:35:27.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 20 Mar 2026 00:00:00 GMT","end":"Thu, 18 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"63:01:A7:5F:69:C9:F4:CA:14:E8:31:C9:DB:15:7B:8A:1F:A6:CC:71","sha256":"59:47:6E:B3:83:61:0A:EE:D7:C8:81:85:BA:89:F4:49:9F:B7:84:93:0C:2E:A3:FA:3E:45:AD:38:0C:AA:9C:D7"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2058\r\nOrigin: http://ww38.url-go.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.url-go.ru/\r\nCookie: cg_uuid=2e155a30509556d7f2b2454e0a75e8e4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2058,"data":"e=37dfbd8ee84e00126de9c330e24e889f9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd163250229657515c35015fcfbb6e4931a562e037db4df5976ef00368a958252f15c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e77b96b408731929abf4f7c5ce76ba8c8d0bbd03cd5f6b61c4ecc9bdf265918fe6798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d13a866428c1c6399a208fc0f4e1dbbaf1132bea3df4eeab6a0e6aaed96290b440bb595452c55748fbafc38681fcc56898649089b6c820b8323b24837c2c8484965e6788a833e541e6990dce378c7b536d53c23dfd429ecc8a6fbb883f8752a783dfcf6c8b5a5266f052540b3e453e89ec66b764dac78028b3b563bdc86c95c2a7be798f91e95461729ec2580483f7461a4cb4fcec74ae519bea5cede832b660bd389552d408caa13cc61b3bf9a792673d237d0a2a0a5f0bb7e88c6dd61eaa4c4e422ce4a946df991e10e3b1dfbbbb70dfece6f49ae5acf94c5321f84182aa446881437906d0625c6d71f17aab6a04c4ebc00e96728360d2ff3ec7aa0c877a08262706791b95c2e6c5390032d34332f487b0b8b19e5561ecc1af61848c36228cc0182e68e790de5126b3228d569d18fd5ae56d8ca84e82e13290fff2d5dc2327fdfc2927c72ff29fbab917826d331102906d4b59b3a141c6ad56989efeb330b686df324b3419c72fb717e815e49363fd5f5f33037e246deb5a92936704fd3ebcf8a6649d9612d21626f84823728de2d31648ba24b79c1adb07310242a0296cdffec562ca4b2cdad846e3cdd7fe8042d855493055af3537589c8c1e03f96fb6eccb2d93c1b34d0e29e0782a150dcf1650fa8bb15b42d2707bd2978741ced4a6dd0074ef22b10676449d0d3175d0d007418fcaf194a6eb55f330f82b8979dd9d5a97fff23933e7945cd0ccfdeb93e1dc86261dcf94670adc7cc7488f54f38372f69b929232c4df97adad193386fdf4b9169303d4401c704e348ccd796f9c30b70896db24b10570b32f0a8961f1db0c2bfb34355307c9aa8b6497d14c26715561cccd9ee9c97d841fbbe1\u0026cri=wlelDpuJN6\u0026sf=0\u0026dc=\u0026cp=5\u0026gtm=-\u0026gac=-\u0026uvid=647694833e30920256bd10124a1a688df0f9b459\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=5011\u0026mo=0\u0026pn=6325\u0026spn=1313\u0026sck=-\u0026fp=521\u0026f_mt=\u0026s_mt=\u0026t_mt=\u0026l_mt=\u0026m_mt=0\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.url-go.ru\r\ncontent-type: application/json\r\ndate: Wed, 29 Apr 2026 10:35:27 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-29T12:35:16.046159Z","times_seen":14375289,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-29","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}