{"report_id":"8568fc7d-e798-4056-95cd-e5532af63508","version":6,"status":"done","tags":[],"date":"2026-06-02T06:03:58Z","url":{"schema":"http","addr":"novostikqbne.click/","fqdn":"novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"103.224.182.216","port":0,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"ww38.novostikqbne.click/","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"title":"novostikqbne.click","dom":{"size":104852,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (13532)","md5":"8fca6a3a831c48f7949ed5317032d280","sha1":"7d3163a20346dabbeedf007473a1561dba8c7506","sha256":"3e4c1ac5dae1e4284afddd865564a44606b633ba133bea8a00dd63101fee1bac","sha512":"d2ed515bc22d1b4567b5d77b38e8b6911cd76ab833a6ba7849ad6f15fbe7bdc19f5b094d395c7b9e4a298cbf2907ef82998db337ac1dbf62b8627fcaf707ed73","ssdeep":"3072:6UqOohiikMTSH3MMrqAFQ9bfeAI7fe6p1/S/7mYmc2a2nyQyMcgcoLnnlugPEf+:Biiik4SH3MMrqAFQ9bfeAI7f3nlugPE2","tlshash":"55a34b887093707247632095b53f2e8fe26f609b358d8940f1f5e7a2386c9db8a1397d","dom_hash":"domhash3dad8800ac34a2c78ec6825d43e5dab2","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"novostikqbne.click/","fqdn":"novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"103.224.182.216","port":0,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-07T06:03:58Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":6,"urlquery":0,"analyzer":7}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:37Z","timestamp":1780380217,"ip_dst":{"addr":"103.224.182.216","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":56698,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:37.572403+0000\",\"flow_id\":2169153674400873,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":56698,\"dest_ip\":\"103.224.182.216\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"novostikqbne.click\",\"url\":\"/?tr_uuid=20260602-1603-350c-b346-151ded9dcb21\u0026fp=-7\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ww38.novostikqbne.click/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":726,\"bytes_toclient\":336,\"start\":\"2026-06-02T06:03:37.250985+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"103.224.182.216","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":56706,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.581314+0000\",\"flow_id\":1284422623876799,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":56706,\"dest_ip\":\"103.224.182.216\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":569},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":555,\"bytes_toclient\":974,\"start\":\"2026-06-02T06:03:40.251583+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.985221+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":541},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":644,\"bytes_toclient\":6216,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:41Z","timestamp":1780380221,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:41.219979+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/666b7528-99b0-4740-9a0d-771ce5a6422b/eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.x-RZrTuk5AGrMCoidUTusmReJoPPAUhTYy1tkJVhhhV8WTGcVQcI_A.kXEQaS7jSqYYdQCTvg1yoA.6gpMFpxpsd_UxR6eZRqCnYI6s_r8Tf0MevIeyZbAHhFUyCejVZC77u5q17obR4KQb9-zRZyEkj8fmBhfJUtkKKzoqyScSYWrRXBnvJQ67X9M8Icjge_yT8l-fCysbsaZi-pnABujPNBF3dKfrqu1HHQb6AOUo5l-TZ08bVDMZsajU10AWHufZNQVIJ9MmoKvjcmXCFCZ5lX5regZVeMx9dDLZn_c-dv_jpJum5Y3ggzZKjKEPpiv6LcSFxddlXJeQWleWLxY5TNO6OaVN6iS_T00x7TG9xEfduleQDFetGNVgdH7FkghQvq_b67pdDOg.nLAnW-O8vuiviXQGIwwUYg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://ww38.novostikqbne.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":204,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":10,\"bytes_toserver\":1816,\"bytes_toclient\":6938,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:41Z","timestamp":1780380221,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:41.461125+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://ww38.novostikqbne.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":11,\"bytes_toserver\":2295,\"bytes_toclient\":7222,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:41Z","timestamp":1780380221,"ip_dst":{"addr":"Client IP","port":34296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2026-06-02T06:03:41.824654+0000\",\"flow_id\":2171071377565550,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.251.101.162\",\"src_port\":443,\"dest_ip\":\"172.18.0.9\",\"dest_port\":34296,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.northwavepoint.com\",\"issuerdn\":\"C=AT, O=ZeroSSL GmbH, CN=ZeroSSL ECC DV SSL CA 2\",\"serial\":\"0A:DE:96:0C:7A:06:BD:4E:7D:0B:C8:F5:E1:81:BC:B2\",\"fingerprint\":\"81:bc:a9:21:63:e0:b6:9a:20:c7:07:ec:3a:69:03:a1:17:c1:42:a4\",\"sni\":\"obseu.northwavepoint.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-05-09T00:00:00\",\"notafter\":\"2026-08-07T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"80d47c47e3ce91bc3bd0a026dbd1664d\",\"string\":\"771,49196,5-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1080,\"bytes_toclient\":3541,\"start\":\"2026-06-02T06:03:41.714606+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"yfdpco4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"euob.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"realtimesearchresults.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"realtimesearchresults.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"realtimesearchresults.com","ip":{"addr":"172.67.166.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-02-14","domain_rank":464056,"first_seen":"2025-03-28T05:14:07.92032Z","last_seen":"2026-05-30T04:54:44.920924Z","alert_count":2,"request_count":1,"received_data":70864,"sent_data":1332,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"novostikqbne.click","ip":{"addr":"103.224.182.216","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"domain_registered":"2024-12-30","domain_rank":0,"first_seen":"2025-12-11T16:59:32.944438Z","last_seen":"2025-12-11T16:59:32.944438Z","alert_count":2,"request_count":4,"received_data":35952,"sent_data":1821,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"s.cdn-fileserver.com","ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-08","domain_rank":1473336,"first_seen":"2025-04-11T18:11:28.393379Z","last_seen":"2026-06-01T09:15:50.320879Z","alert_count":3,"request_count":3,"received_data":45386,"sent_data":1522,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"obseu.northwavepoint.com","ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2026-01-28","domain_rank":0,"first_seen":"2026-04-16T09:06:21.210986Z","last_seen":"2026-05-28T12:19:07.906755Z","alert_count":6,"request_count":6,"received_data":6175,"sent_data":5305,"comment":"","tags":null,"fingerprints":null},{"fqdn":"msadsscale.microsoft.com","ip":{"addr":"150.171.109.200","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"1991-05-02","domain_rank":241518,"first_seen":"2025-01-13T10:51:37Z","last_seen":"2026-05-27T13:06:52.015758Z","alert_count":0,"request_count":1,"received_data":73333,"sent_data":461,"comment":"","tags":null,"fingerprints":[{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]},{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]}]},{"fqdn":"l.cdn-fileserver.com","ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-08","domain_rank":962880,"first_seen":"2025-04-11T15:28:22.753596Z","last_seen":"2026-06-01T09:15:50.361577Z","alert_count":3,"request_count":3,"received_data":2703,"sent_data":9226,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"ww38.novostikqbne.click","ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"domain_registered":"2024-12-30","domain_rank":0,"first_seen":"2026-06-02T06:03:58.722548Z","last_seen":"2026-06-02T06:03:58.722548Z","alert_count":4,"request_count":4,"received_data":17333,"sent_data":2119,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"yfdpco4.com","ip":{"addr":"208.91.196.46","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2025-03-20","domain_rank":0,"first_seen":"2026-04-02T14:19:52.929311Z","last_seen":"2026-05-28T22:50:42.099848Z","alert_count":1,"request_count":1,"received_data":11343,"sent_data":658,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"euob.northwavepoint.com","ip":{"addr":"52.84.50.75","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2026-01-28","domain_rank":0,"first_seen":"2026-04-16T09:06:21.216693Z","last_seen":"2026-05-28T12:19:08.00178Z","alert_count":1,"request_count":1,"received_data":137446,"sent_data":460,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}]},{"fqdn":"s.yimg.com","ip":{"addr":"87.248.119.251","port":443,"asn":203220,"as":"Yahoo-UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"1997-05-14","domain_rank":4553,"first_seen":"2012-05-20T22:45:00Z","last_seen":"2026-06-01T07:34:44.942059Z","alert_count":0,"request_count":1,"received_data":26250,"sent_data":456,"comment":"","tags":null,"fingerprints":[{"name":"Apache Traffic Server","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"ww38.novostikqbne.click/","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"284265e99b9efa2634d49dbc9aa7d6b7","sha1":"5a4fe4e0ad981e17b365c2351b075f4ccbf608a2","sha256":"c80a18a33f9e1e2671b6f5a056ee5ef8c00f05cf9bed13d86e00a8e28d336e23","sha512":"5dbae9c5cc5e35f8a78c72a97951b2e7ca4289467a78c5d3171dfaa5c4f72a1ec69dd894406a1d0274b599774a3534750a3bc66998b8f33399aada0456164f26","ssdeep":"","tlshash":"f33181875dfb001e9773309e0f1b840c753218af22daca15ba1c02503f1853ab2327ba","size":1778,"data":"","first_seen":"2026-06-02T06:04:02.779403Z","last_seen":"2026-06-02T06:04:02.779403Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.985221+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":541},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":644,\"bytes_toclient\":6216,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.novostikqbne.click/","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"4b525cf8ebd962811007b8d5664ed332","sha1":"3d6e339a2e51071280db0f7e0e72f4beff1b7e3f","sha256":"9a2fc2de09ddd5dbe83a33b037c4519972a252103614203019dec30522301fdd","sha512":"b8a7dfd8f65660c948daea9a5177f217a66dc3246bcc7acfefadf6c35c761208f9a99c73cd960e6081e0765b370ffbb178151bf792784c05de5c822b56ebb936","ssdeep":"","tlshash":"79c08c7b3c8220304edf725e281c93883860c206a883a202fc2c08ed4ff1e47323ab58","size":164,"data":"","first_seen":"2025-10-01T08:32:45.366407Z","last_seen":"2026-06-03T17:02:30.840061Z","times_seen":77388,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.985221+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":541},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":644,\"bytes_toclient\":6216,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"euob.northwavepoint.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js","fqdn":"euob.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"52.84.50.75","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bb3ab22ed57318ee11d270c1c3f59ce","sha1":"d88ea0564fd58af764b741b0a50e78b4523e7103","sha256":"93c03215b2f3bdddd55ce066691d5fba626924cb98f3eaab8ce8e177d030599a","sha512":"8cd9d5fb4c2cc64831f03cb4c770788b233770dd82edf5d4b5c1670b6c7d8d5d741214857b702f1ed6b06bea259f3149b9a289805770bbdc8d5228c2c0c66457","ssdeep":"1536:sD+qPQb5SEwvAu5DWeBPU4HLonMbVGhe3qM87961QCixUcnYtB/l7PsXWIo6MWmN:sCqP/AuZWyjqu1QCtveXolS0nInWBypO","tlshash":"8bd3d7ddf2e27025039320a5017f411ae27b1e553c4b8290d5bae9d4ac7ce8e957bfac","size":136943,"data":"","first_seen":"2026-06-01T21:19:08.293855Z","last_seen":"2026-06-03T17:02:30.825565Z","times_seen":545,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.novostikqbne.click/","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"6559111e4eae643ce013ce0821e91a02","sha1":"fa1086c9aa2cb2d14f5c13bceefe21511bcdae5a","sha256":"d72255f7e5ea4dfdf9821df800356367d0bc7df07ecd103bb660018cb1e4f400","sha512":"a6e3e096076dc152b69e95709dad8925c9c2799c23ad226b9ce7b6ee78936bea7300b66c92821ea0728ce7433d4f53787f27f5e7101f97e4d882be0a461fc051","ssdeep":"","tlshash":"407000000380020020c80233a200882af228003c00030200c008888800a808002080c2","size":25,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-06-03T16:52:33.752428Z","times_seen":375362,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.985221+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":541},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":644,\"bytes_toclient\":6216,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.novostikqbne.click/","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"889ca9e2c79a3ce7aaadbcdfd0ce4ef5","sha1":"b05c2c051bae71f80cb8c289e5a42d4f96d323fa","sha256":"6477acf082d26199b6ce8346b93149b1b999233d9fe76b0340ebf43317cf98f8","sha512":"122a494d50a5e8077cdda40e8d6edb442bb9d89fff078852aad7f84fe24f1c58fe693f0388ca6c9453d1b33036da0b9c4e9fb394a18268e254d306ffc2ca57a3","ssdeep":"","tlshash":"46a002d4b4ed8125564583390104d91cf936c934c0d5701873f0466ca6e700a53610b2","size":62,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-06-03T16:52:33.717808Z","times_seen":375401,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.985221+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":541},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":644,\"bytes_toclient\":6216,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"yfdpco4.com/sk-park.php?pid=9PO15V947\u0026dn=novostikqbne.click\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.novostikqbne.click%2F\u0026al=en-US%2Cen%3Bq%3D0.5","fqdn":"yfdpco4.com","domain":"yfdpco4.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"4c75948338aa38c2ff278bfb628fe810","sha1":"ec4b81ba5751ba9c06c177372ab11e7b06b93e61","sha256":"c0ab95c0a99cdee36dad819ffa882b3cfea34ae7518e463db448b0c816c63383","sha512":"50c191a75715f766ccb08dd61f92c16bc41a7dace2d5ba6510daab1dac7446251ba1b165fc4eabbf853131cfdfc3503668440b8829ba2d03a19d36a631c227d4","ssdeep":"192:B3iOxJjCDVVP3EdhdvSK6PgV5XIjLGAvR3iOxJjCDVVP3EdhdvSK6PgV5XI8yIhy:B3iOxJuUT/XoyAvR3iOxJuUT/XRy0IUg","tlshash":"9622fa9001768c204adb0453ef7e2ed9f4bd7db7ac6ca40c49ec8594617ea2b0e129e6","size":10200,"data":"","first_seen":"2026-06-02T06:04:02.782488Z","last_seen":"2026-06-02T06:04:02.782488Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"172.67.166.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fe43622b86a9293f7d94436142bdfdc6","sha1":"01ef22d8f3292bea2b0cfa63e49be5ee758899eb","sha256":"f06061820c8cc9e6d88231bddef898d9ce4a8326f6e00e30e0aca3f924ad3dd4","sha512":"a8cf2feaa0a396472300a52b5d37f123be2249d274c947da255ba4f99a644139d92e010b65461b9575a4e63cddb1e717a085282c435d182186b0e51885f654d5","ssdeep":"","tlshash":"3e70008880202a0000e0080c030323b0238080a88cc28000822ea0033080e030288a8a","size":24,"data":"","first_seen":"2025-03-08T00:25:13.703666Z","last_seen":"2026-06-03T16:56:56.41328Z","times_seen":187197,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"172.67.166.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0f05105f32b737d371b39c7601a1f53e","sha1":"4c3f5a00732a0fcacda5764bc6be1d6c6e06d8d2","sha256":"01bb80216c34d1684174327b8e3a4cc7c8980cbb480421bbc3ff3ae2436a151b","sha512":"e5c1f53033576d467b0fca6b7268f9cd9a29d15a7da64d325691b9652eab6ead605c157913c936f3080d71705a09d2e5817ac486b318595cb43d96e78cf07aec","ssdeep":"192:OeRyNkYYGy8q9ccebCvVBeWowhkMXjSH3MMrqAFQ9bfeAMLFApgfeW0eVi:OeRygGy8q9ICziikMXjSH3MMrqAFQ9bj","tlshash":"e2e1c69ec8f98a60406d298e7d3c1d9e54ce380eb6ccb54edbc2fa8155ae4b5ef4051c","size":7150,"data":"","first_seen":"2026-06-02T06:04:02.784127Z","last_seen":"2026-06-02T06:04:02.784127Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"novostikqbne.click/js/fingerprint/iife.min.js","fqdn":"novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"103.224.182.216","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"63f9fd621d1fbd53b7c5856e58c11ccd","sha1":"a46973c2fbdbfeb159e0d717a90f88307e274012","sha256":"c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089","sha512":"d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b","ssdeep":"384:XhQYTcHRx9vfQxcuK83ERxXYxMvtTpIBNwBUZXLew5gc+RW7+5ERNFaqE8E0QI+V:XSbHRTArOGSoyISuNwxJzZbPePKe9y","tlshash":"6cf207d8b2c3b02d227378ba497f6006b63abd55641c4803d57be5c178a4e5a813bfb8","size":34240,"data":"","first_seen":"2023-05-01T16:20:27Z","last_seen":"2026-06-03T17:02:30.823626Z","times_seen":59823,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.novostikqbne.click/","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"b326b5062b2f0e69046810717534cb09","sha1":"5ffe533b830f08a0326348a9160afafc8ada44db","sha256":"b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b","sha512":"9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de","ssdeep":"","tlshash":"5430000000000000000000000000300c00000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:44Z","last_seen":"2026-06-03T16:52:33.746687Z","times_seen":401807,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.985221+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":541},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":644,\"bytes_toclient\":6216,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.novostikqbne.click/","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"e5d8c139688b25ef77b263d88ea99150","sha1":"7abc9c61c4966543f66d150c0155bfac575f86a7","sha256":"53e5f34ac520035c7f124076d1e68c70a85c83cf68a339fa713b872b54126148","sha512":"1cd4eb192d987ea1b21f3b553eea3881c807f8bf4a5299982675d57314a0eaa084db1722c38d02eb73178660ecb1ca3667a795a512527f843f2526dc0a99dc20","ssdeep":"","tlshash":"7440000000003000033c0000000000c0000c00000000000000000c00030000000c0000","size":7,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-06-03T16:52:33.710832Z","times_seen":375406,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.985221+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":541},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":644,\"bytes_toclient\":6216,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"172.67.166.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f89a6740cc7676e19a2c0c680c0cc198","sha1":"0746c7d02c350bfccb8f1a30a45eebe469b83a37","sha256":"76327da90148816816a1f93d3379cdd64d1bec734a778b48d4d385d7d786dd4b","sha512":"078ab3c7569ccdcdf732daea232c8e253d1df8b806c578f8d4d3d2cf387919ee44d175019eb4902ee4361adf9d6d8f2baf34aa88ba37acb7c7a035035496b19e","ssdeep":"","tlshash":"b2f0ec6dcfd7116039a2511e726af2c4f494909b33a3c40af5ed92444f47a1e97792fc","size":482,"data":"","first_seen":"2026-06-02T06:04:02.786184Z","last_seen":"2026-06-02T06:04:02.786184Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"172.67.166.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e86b4c037d7e75208185d26c4ab287ba","sha1":"bb855759540e2aa9b71f3abbc07e34944b15c45d","sha256":"44f5821cf511a29634a110d51533c0364c7c4c266e7d888a563d2c3479ab12e1","sha512":"2680ca54d9463f19016e7a89c43d469ff6a78e177b710a5621951b1e02d15f48c4d4ec03585db78aef705e4c50fc4896037f909a4f95c57b84feb3def5b98923","ssdeep":"768:dfnlE5ve8+LaL6v4nYnst3/ukE0G4p5X6lRAVeS+oannI7SPk+bBA2fx2iT:JlE5L1LnnYMPugE61Ba7fxP","tlshash":"f823f7dc34c3745617a720a6417f2d0bf17b16543a4e8c40e9b5eaa67c3ca9f8623e4e","size":49170,"data":"","first_seen":"2026-06-01T22:12:51.852955Z","last_seen":"2026-06-02T22:07:55.927665Z","times_seen":839,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"172.67.166.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7ea336f637477485ccd6f9a5b167bd7d","sha1":"8153e4b97c42ab5b73f2f577b43043c8c9283b4b","sha256":"ce4d01ea989bb3b9243f9917fe20a39064135a99b2f3b8cd6832cccb10006b96","sha512":"1ac3fbd0a0c12ef1eacf5dc2a5848e72574bc9ebab4b159fbd080d02b3c49320e5862be0d7404e6ded0c2e2c8c0c43f84d93b966d200007782e282bbab8b3c65","ssdeep":"","tlshash":"c6f0e5b694b3c8285b0f264673ffd684145043e45c05764df1ede49a03e1d4cc0d9eaa","size":481,"data":"","first_seen":"2025-03-08T00:25:13.728891Z","last_seen":"2026-06-03T16:56:56.421314Z","times_seen":186513,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bql.php?vgd_len=5525\u0026\u0026vgd_l2type=dmola\u0026fp=1bShOX6_IcwmizPz8rYZKZe3K8--bqx2cGSrNT0skh-eEtxXkFf7T5Y5eMOkr6X9pYuaaYYj50SwsQFLm_Lyq21uDfo0IDPGvDgRU_NzQRsoWrXw3n_i_wD5N0fWBFfoBwFwOxZ-H3U%3D\u0026cme=JkUtMYSHbhroJoLEV1P6ynnwWqe6olmonnf4wjdMKusBx-_ePCAq5aaFahpScRCvNLofpXrNy_MtDbt7SJCb7fS0p1rSwWqjr1H9rIiViBuzen6LR0VtyHQMbUqQKAWvmsg5euehUy0uOgCIahUivP87l8ihUmN9SiP-4ct71meht-QPdzs3avUQtNaXGAaiODL-KF_mE_G2khDAzzsfkgNwlsXS27nXAFASOejksGdf1kFwdJyG1hvHnR9E0Fb4z9ELE3GU8LE%3D%7C%7CWtJPvijWHRsfBv4nOZN-Vs0s0qvvEfG0%7CxDcVMoSqRIQDfv_JL75cx9XTaMeBamEKspei768oYTo-beB13aMmWw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7Cc-_FJbPIlnhwqJ_83OUa0Nd2fqVdcUBOEQm5x2kk4sdHVe0hfztLH6UYUlGDmpA_7cIvufH0qTyVWPjxVgZ31ya-GXztxgD9VSnIGKGae9EVW5VGvGy-muPPTfmbahD1CHrr5duPcQqGU2EcXPCE9aiLAstJ9zlpgnKrKRc3ZsJg_YPdVGzzzZCl3as2QJc-pfcUdPyZoDYLvnfJ0Lw7fcMXVlBSaExTYey_AXrHqs0ZZ1-d84USubSDS4J8BacAI5pNH4pcv8e0qM3UmIo-TY8wZCV8ppX4yiwAIHEyVC6AbCYvsYcO4rYIJUo5yU6xj6DCA9O__S_I729Mm1iHInIftDUghBBdnP9F1bdIzcmGvop3j9VU1-Xq2qsxA9oN3tjRNqfx2cyrng8KQ_URUsSl3FRTwBQ9ue2kwZ8L1CCHew0TCWX1UvxxxSEq2iRvlCpuE92keWjQ1YREMS4qQhGEjA3l7B35c6V-WJTdbqCuJB9iByMqx26YD_gS1Rgmixw1v-VCaTgx3QUMKtlSpbLK8nWAbUq9HKgmv6upPxzTXUgIZ9zPXa1td_iRptco77612GWxww2QF0o45ZAoYLtEeFwU8w4d6siErauS_IovTgJmY2WpsKBkByWTeE9UT16-_TBOY0U66ZM_Qwtt_RBZOpRAhB5yl9aarFC_A0uxCf3Yrw-03-4sLaogtYFL6_OQhyHGl2ZVtmtc4SV3Qngad9ptOzCZYcZAy0sbd6xBeOmTv5EOAgTDbq2icXGSdYWwju_ZBVVycPsaqVb7lqUhjEUdmoeqzRnm5ZiLOwU6sSmnrgPezN1u_RQAeabjraG9lEHRompgVqoopA4Y9kjsvlMGiZTeV1q9DbKMo1T0nEGztStcx3xIRsLuLvvOoVCjFOPk7YM%3D%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026ctst=Default\u0026ksu=360\u0026fdkt=362\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Sportske+Novosti\u0026kwt[]=362\u0026kbc[]=novosti\u0026kwp[]=1\u0026kid[]=26840960\u0026kbc2[]=akp%3D2%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D11.3997%7C7%3D0.0119%7C8%3D060202%7C13%3D0.0083%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79286190953610343393573994752\u0026kwd[]=Dakine+Backpacks\u0026kwt[]=362\u0026kbc[]=kine\u0026kwp[]=2\u0026kid[]=7591986\u0026kbc2[]=akp%3D11%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D24412%7Cclpr%3D0.786500%7Ccllvl%3D5%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79324876579838011527164592384\u0026kwd[]=Hrvatska%2C+Vijesti\u0026kwt[]=362\u0026kbc[]=novosti\u0026kwp[]=3\u0026kid[]=209333177\u0026kbc2[]=akp%3D4%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D85555%7Cclpr%3D0.565200%7Ccllvl%3D5%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79363562206065679660755190016\u0026kwd[]=Kine+Sports+Bar\u0026kwt[]=362\u0026kbc[]=kine\u0026kwp[]=4\u0026kid[]=16524473\u0026kbc2[]=akp%3D15%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D40076%7Cclpr%3D0.772300%7Ccllvl%3D5%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79402247832293347794345787648\u0026kwd[]=Louis+Vuitton+Bags\u0026kwt[]=362\u0026kbc[]=kine\u0026kwp[]=5\u0026kid[]=7591989\u0026kbc2[]=akp%3D7%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D7811%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D40179%7Cclpr%3D0.863000%7Ccllvl%3D1%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79228162514268841193188098304\u0026v=1\u0026gdpr=1\u0026geo=59.93%7C10.82\u0026lper=100\u0026vgde_sa_ijp=%7B%227E8O%22%3A9%2C%22L77%22%3Ak1jQJ%2C%22E-jM8zd%22%3Ak1jQJ%7D\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170764258\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=LJ1j78YJQJ1LNwLJQxj7Q.NmY\u0026cid=8CU6073RK\u0026vi=1780380221920541288\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=0\u0026vgd_tsce=L1248-S1248\u0026vgd_l3_sc=03\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=62307\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_intc_log=%7B%22impl_type%22%3A%22skp%22%2C%22xvip%22%3A%22208.91.196.46%22%7D\u0026vgd_ifrmode=14\u0026sbdrId=\u0026verid=\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2152792582145708008\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=3301\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001780380221515015326356485136\u0026rc=0\u0026rand=1780380222475\u0026acid=undefined\u0026matm=1780380222475\u0026vgde_ltimesrc=u\u0026vgde_ltime=hWW\u0026vgde_rtime=hhW\u0026vgde_etm=uX\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AX9W%2C%22QNLLQ71L7%22%3AfXA%2C%22QNLLLJzOJL%22%3Auh%2C%22QNLLJ-JN%22%3Afh%7D\u0026vgd_lhl=2347\u0026vgd_sbSup=1\u0026vgd_nrrs=62307\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","size":15,"data":"","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-06-03T16:56:56.398915Z","times_seen":189370,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"novostikqbne.click/","fqdn":"novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"103.224.182.216","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee972d5737b419b7f451ba54e4fb956f","sha1":"19f9ede6bb4c1cd34b8dc216c8a557c310e4a30c","sha256":"072b1eaf4e0d6f29b595579c56b40eff062820e51754d0bcf604ea7355dff66c","sha512":"1fb3e183c3ee511f73efd741046bbf2c7991799ffc86b23b2118a45021b5c56dae122ac580b32dc2da087165416485afd3f856645f56e009e0155d44a850c963","ssdeep":"","tlshash":"7ef09788b8de782679b9146f8ef4440ec1bb4144018da4bcd40a77289d0606fe069de7","size":514,"data":"","first_seen":"2026-06-02T06:04:02.78853Z","last_seen":"2026-06-02T06:04:02.78853Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"103.224.182.216","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.9","port":56706,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.581314+0000\",\"flow_id\":1284422623876799,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":56706,\"dest_ip\":\"103.224.182.216\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":569},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":555,\"bytes_toclient\":974,\"start\":\"2026-06-02T06:03:40.251583+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"172.67.166.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2e8be5ce7a18d21c61ddaa3be3fd99ea","sha1":"7d2e7dcc6e15405e8d20e4287f271756e7f874f3","sha256":"5211c581ce1e9891281e16e8820398ab1f3a835b862b9e168bbffffe8e66ea19","sha512":"202c8e96e23f05dc95606ba0b7b318973a6ce95f22f28d05b4fe3762f335f0db7d989c73f8f0fc4e55cfa2b4c4980bc17433b8132ffba6b6975658322e7eb308","ssdeep":"","tlshash":"a6b02b103d301002007a0183c874c4290136d8f3330044d44b003cec908e440605e74c","size":122,"data":"","first_seen":"2025-04-02T18:01:59.542907Z","last_seen":"2026-06-03T16:56:56.422333Z","times_seen":186011,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"novostikqbne.click/js/fingerprint/iife.min.js","fqdn":"novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"103.224.182.216","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://novostikqbne.click/","date":"2026-06-02T06:03:36.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sofooter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 May 2026 10:33:11 GMT","end":"Sun, 16 Aug 2026 10:33:10 GMT"},"fingerprint":{"sha1":"73:DB:4C:7E:3B:5D:09:11:E2:B1:9A:AC:DD:3D:1E:4C:F6:94:24:F6","sha256":"11:27:66:89:E1:D3:87:70:0D:89:C7:93:B7:A8:2F:BD:67:8F:3D:16:A3:43:F8:F4:B4:0A:11:40:58:4A:31:54"}}},"request":{"raw":"GET /js/fingerprint/iife.min.js HTTP/1.1\r\nHost: novostikqbne.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://novostikqbne.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Tue, 02 Jun 2026 06:03:36 GMT\r\nserver: Apache\r\nlast-modified: Tue, 22 Oct 2024 03:25:40 GMT\r\netag: \"85c0-6250852d63500\"\r\naccept-ranges: bytes\r\ncontent-length: 34240\r\ncontent-type: text/javascript\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":34240,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33896), with CRLF line terminators","md5":"63f9fd621d1fbd53b7c5856e58c11ccd","sha1":"a46973c2fbdbfeb159e0d717a90f88307e274012","sha256":"c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089","sha512":"d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b","ssdeep":"384:XhQYTcHRx9vfQxcuK83ERxXYxMvtTpIBNwBUZXLew5gc+RW7+5ERNFaqE8E0QI+V:XSbHRTArOGSoyISuNwxJzZbPePKe9y","tlshash":"6cf207d8b2c3b02d227378ba497f6006b63abd55641c4803d57be5c178a4e5a813bfb8","first_seen":"2023-05-01T16:20:27Z","last_seen":"2026-06-03T17:02:30.823626Z","times_seen":59823,"resource_available":true,"data":null}},"time_used":989,"timings":{"blocked":331,"dns":1,"connect":160,"send":0,"wait":161,"receive":161,"ssl":171},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.novostikqbne.click/","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:03:40.667Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ww38.novostikqbne.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Jun 2026 06:03:40 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile\r\nAccept-Ch-Lifetime: 30\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nVia: 0.0 Caddy\r\nX-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_e5LPbUsw5T9QzgO4NhD552UmoWXT8vutL7O2j/gCE8CFnUS36c+oZ/FcsjFnOq3tsFzBBjoKbcsxJ1sgrh6tdw==\r\nX-Domain: novostikqbne.click\r\nX-Pcrew-Blocked-Reason: hosting network\r\nX-Pcrew-Ip-Organization: Blix Solutions\r\nX-Redirect: skenzo\r\nX-Subdomain: ww38\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16213,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (520)","md5":"9af462bea2aa2fb0adcdcd6ffea28aaf","sha1":"7699d264d8c78552d5e3465f545e6868fe0b3d89","sha256":"213e7718e4f4adac8e9ee91527e70d82b693821caf2cf4b249b86451ea66056d","sha512":"55c848d157c554718827c11931c1246bda7cf9343f7431280c13054fe890262794ac361c5e8d61b53219edf1889ab693234779a060ac859af87d76c314f08844","ssdeep":"384:zIexcYoHSiF5R+Dno2S2Yor/yYoHsfO2/e:zIexCSiF5R+bo2S2YY/4sfpm","tlshash":"3472b9476be31519f11bc0a98f9aa34932289107960fcd6cfaec7768df4c19421a3bdc","first_seen":"2026-06-02T06:04:02.76703Z","last_seen":"2026-06-02T06:04:02.76703Z","times_seen":1,"resource_available":true,"data":null}},"time_used":423,"timings":{"blocked":102,"dns":1,"connect":101,"send":0,"wait":217,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.985221+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":541},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":644,\"bytes_toclient\":6216,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"yfdpco4.com/sk-park.php?pid=9PO15V947\u0026dn=novostikqbne.click\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.novostikqbne.click%2F\u0026al=en-US%2Cen%3Bq%3D0.5","fqdn":"yfdpco4.com","domain":"yfdpco4.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://ww38.novostikqbne.click/","date":"2026-06-02T06:03:41.244Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sk-park.php?pid=9PO15V947\u0026dn=novostikqbne.click\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.novostikqbne.click%2F\u0026al=en-US%2Cen%3Bq%3D0.5 HTTP/1.1\r\nHost: yfdpco4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.novostikqbne.click/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Tue, 02 Jun 2026 06:03:33 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nx-sc-h: 21-xrn8\r\nvia: 1.1 google\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11130,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (10963)","md5":"a473d1067f15b1fc94824cb0766c2c9d","sha1":"0a679eb2c6f94f8cf475292ff0831e3114adf614","sha256":"f1493623225f05c451d9cc6c98a5536c249fcc96c0f5bcd1bcb689ea01865b98","sha512":"972730da46326cacc77416f9cf72ed6d4ad293d5b9c412412eaffc125242d0d6eb4a9b93c067f9b15bfeefea1eeb40860aa47c1c5335da52690ed8deae567781","ssdeep":"192:fl87N7Xy3iOxJjCDVVP3EdhdvSK6PgV5XIjLGAvR3iOxJjCDVVP3EdhdvSK6PgVb:t4y3iOxJuUT/XoyAvR3iOxJuUT/XRy05","tlshash":"7b320b9101b68c104adb0463ee7e6ed9f4bd7e77ed2ca40c4ddcc594606ee2b0d129e6","first_seen":"2026-06-02T06:04:02.768809Z","last_seen":"2026-06-02T06:04:02.768809Z","times_seen":1,"resource_available":false,"data":null}},"time_used":523,"timings":{"blocked":153,"dns":28,"connect":126,"send":0,"wait":215,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"yfdpco4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww38.novostikqbne.click/favicon.ico","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww38.novostikqbne.click/","date":"2026-06-02T06:03:41.361Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ww38.novostikqbne.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.novostikqbne.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Jun 2026 06:03:41 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 0\r\nLast-Modified: Wed, 11 Sep 2024 11:38:26 GMT\r\nConnection: keep-alive\r\nETag: \"66e18132-0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:41Z","timestamp":1780380221,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:41.461125+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://ww38.novostikqbne.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":11,\"bytes_toserver\":2295,\"bytes_toclient\":7222,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/pics/9000/09/593//arrrow.png","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-06-02T06:03:42.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 26 May 2026 18:21:12 GMT","end":"Mon, 24 Aug 2026 19:19:23 GMT"},"fingerprint":{"sha1":"8C:97:00:DB:02:53:A7:1D:41:E8:EA:C5:AB:03:19:FF:BF:30:6A:DF","sha256":"3A:CC:B8:B0:F1:D6:36:06:79:F1:62:23:A5:4D:87:F2:D8:A4:92:F2:C3:74:10:77:F4:C9:12:11:F8:E0:B7:ED"}}},"request":{"raw":"GET /__media__/pics/9000/09/593//arrrow.png HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 06:03:42 GMT\r\nserver: cloudflare\r\nlast-modified: Thu, 06 Mar 2025 13:05:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 283\r\ncache-control: public, max-age=604800\r\ncontent-type: image/png\r\nvia: 1.1 google\r\nx-cache-status: miss\r\nalt-svc: h3=\":443\"; ma=86400\r\netag: \"11b-62fac2985d568\"\r\nage: 412680\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=k%2FJNaTLkk1Zhr79cQA4YYZa5AvA4gNyF4NrrsD5SSuXKj73Lc8OrrJxD6B1RzMq%2BMfNgs1PSeINTjLRaqR%2FnaLldKxiPDcrXEFOHLjoW4oOS6YeENnb6RNm3nm5UrWanrr6HliFuRg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a05441a4a995a0f0-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":283,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 17 x 27, 8-bit colormap, non-interlaced","md5":"80d42c82a6c37da90210fd60a2f36128","sha1":"554ba7c84d2a27ecf3b1f29d03e62101936b54d8","sha256":"a1626e2d9160a0890a0a8d6e3af9e7095d68a24f9fb5ac8a166000c9a2581e10","sha512":"8ecb032c38176996ee637009833f3399f773b325e4f574fbbd26f93cdb82892c4143c5816543052b3a5123b89ef4b1aaca0407315aab879968085e61a20786b6","ssdeep":"","tlshash":"38d023cb5d512c3dd3615031445810799df2ad602c774182013eb4760f73545c658714","first_seen":"2023-04-06T17:33:21Z","last_seen":"2026-06-03T16:56:56.405889Z","times_seen":197139,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/mon","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.novostikqbne.click/","date":"2026-06-02T06:03:46.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Sat, 09 May 2026 00:00:00 GMT","end":"Fri, 07 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:BC:A9:21:63:E0:B6:9A:20:C7:07:EC:3A:69:03:A1:17:C1:42:A4","sha256":"02:6B:C6:85:E6:24:7C:BE:F0:52:8D:76:04:40:96:61:C7:23:C2:DA:A4:38:F5:F9:19:BB:7C:6D:04:4E:7E:E7"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2076\r\nOrigin: http://ww38.novostikqbne.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.novostikqbne.click/\r\nCookie: cg_uuid=0107018984d28fa8c052514de7de0866\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2076,"data":"e=37dfbd8ee84e001262eec43dea45889c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd16300423945201573c0c5b92bc631934aa67e260db4cf1976fa5553bf90d257c17c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e729c6b25f21492eaeaef4c7917fea8fdc5fe905cf0c6c67ccbecfe3f465908de5798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d1219b7e6ad5dd7e8324c28cbdeddcb3ba4a71e93daaa9ae7c433ebdcf71d2e113f01a1813dd5c5a85d2d98681fdc5688806fddefbc878ae242b7ac46f28d4ccc70067c0ef77ac11f7945dd62fef3d0c0b55c676e74dffc1bf59bf89338553a584f8cb64815e0423bd521747754c7dd1a76eb8058c8c8b64ebde60feb122d185e5e85689f0bf1f293ec6a95a44fab9025d0ee2c7e474ae2887f840fda272a076cb309553d61ccbac20da1327e5ae8e7b363f610236165517abe39071db02b646525e20f8b54bc385110cffbdc3a7b56cc3ebf8e18ff8aef657523df94f9aab5a66845f7818d167416c6af47bb36b1ec3eadd7e8d61d33996ad2cccd5118b2f4a78741076019ddee5dc347b5692184797d2c7bdf4ca1b78dcc7ec7cedb1130abc9b732e75ebd29c0f75a52d975e811be4379b11d3c811fabb2cb19ce2afe74f088c9b6709d32ad7deeab90a8e28714f5186625151afa25887ec17c29999ca55d3dae23a0a5f00ea5ae27bd516cfda18d4205f33037a2b6deb31e39d2117fd36d2adf529cb9b1cc8250ff0422d68c6b78f680fb928aad002d0052d121ee9793e88aed768c95f2288c54ef0cdd7fe9c509a00006007f87625529e98104efa61a5eccb2d93c1b34d0e2db060201416905403b3dbfc120c996270d38b951e8a87f8dd5323ba30bb006a4ade17752ac7da055d9987a0c4e8b713e23aa272c76785d644d6e7a66e6bb39a529acdacb8d6f7dedf2850dea57c028935d918c21d93a674ef8c989763b894b2a1a51224d3a290a7019402d71a047e002f9fc26e6ace6ff80189cc6bed4e68b7300b8d61a1926d2cf425245614dea1ab72db881b603b12728396cfb0802c9e07f6b0207dc5d9431a014124\u0026cri=DEgUmmUAs8\u0026sf=0\u0026dc=\u0026cp=5\u0026gtm=-\u0026gac=-\u0026uvid=cafad457599635b7830aea17231b38ce2a1ba41e\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=5059\u0026mo=0\u0026pn=6339\u0026spn=1279\u0026sck=-\u0026fp=464\u0026f_mt=\u0026s_mt=\u0026t_mt=\u0026l_mt=\u0026m_mt=0\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.novostikqbne.click\r\ncontent-type: application/json\r\ndate: Tue, 02 Jun 2026 06:03:47 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"novostikqbne.click/","fqdn":"novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"103.224.182.216","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:03:35.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sofooter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 May 2026 10:33:11 GMT","end":"Sun, 16 Aug 2026 10:33:10 GMT"},"fingerprint":{"sha1":"73:DB:4C:7E:3B:5D:09:11:E2:B1:9A:AC:DD:3D:1E:4C:F6:94:24:F6","sha256":"11:27:66:89:E1:D3:87:70:0D:89:C7:93:B7:A8:2F:BD:67:8F:3D:16:A3:43:F8:F4:B4:0A:11:40:58:4A:31:54"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: novostikqbne.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Tue, 02 Jun 2026 06:03:35 GMT\r\nserver: Apache\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 569\r\ncontent-type: text/html; charset=UTF-8\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1076,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"6fd21939947919fa6324b850c36d8af3","sha1":"93654476e8b4dff0b436c9bc522d4b5cc637f194","sha256":"eb4882a342f77abeaed2fd93c29c58a28c4227c36eb4f9a636197d30d8ff679f","sha512":"efefd0b5f8d9f60c114a5bac146546c41e8cb08439e3fcd9007dd8e7b6a5ec5b064a8c862cb5a15efbf288040074f0fd7208db6699fd0fd4a694192adb51d90d","ssdeep":"","tlshash":"b4111f4abcca980678a74c5ecef0950e84b39104829cc87ce0c5f274880829dd95e696","first_seen":"2026-06-02T06:04:02.771271Z","last_seen":"2026-06-02T06:04:02.771271Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1224,"timings":{"blocked":526,"dns":193,"connect":160,"send":0,"wait":172,"receive":0,"ssl":170},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"103.224.182.216","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.9","port":56706,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.581314+0000\",\"flow_id\":1284422623876799,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":56706,\"dest_ip\":\"103.224.182.216\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":569},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":555,\"bytes_toclient\":974,\"start\":\"2026-06-02T06:03:40.251583+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.novostikqbne.click/666b7528-99b0-4740-9a0d-771ce5a6422b/eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.x-RZrTuk5AGrMCoidUTusmReJoPPAUhTYy1tkJVhhhV8WTGcVQcI_A.kXEQaS7jSqYYdQCTvg1yoA.6gpMFpxpsd_UxR6eZRqCnYI6s_r8Tf0MevIeyZbAHhFUyCejVZC77u5q17obR4KQb9-zRZyEkj8fmBhfJUtkKKzoqyScSYWrRXBnvJQ67X9M8Icjge_yT8l-fCysbsaZi-pnABujPNBF3dKfrqu1HHQb6AOUo5l-TZ08bVDMZsajU10AWHufZNQVIJ9MmoKvjcmXCFCZ5lX5regZVeMx9dDLZn_c-dv_jpJum5Y3ggzZKjKEPpiv6LcSFxddlXJeQWleWLxY5TNO6OaVN6iS_T00x7TG9xEfduleQDFetGNVgdH7FkghQvq_b67pdDOg.nLAnW-O8vuiviXQGIwwUYg","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://ww38.novostikqbne.click/","date":"2026-06-02T06:03:41.095Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /666b7528-99b0-4740-9a0d-771ce5a6422b/eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.x-RZrTuk5AGrMCoidUTusmReJoPPAUhTYy1tkJVhhhV8WTGcVQcI_A.kXEQaS7jSqYYdQCTvg1yoA.6gpMFpxpsd_UxR6eZRqCnYI6s_r8Tf0MevIeyZbAHhFUyCejVZC77u5q17obR4KQb9-zRZyEkj8fmBhfJUtkKKzoqyScSYWrRXBnvJQ67X9M8Icjge_yT8l-fCysbsaZi-pnABujPNBF3dKfrqu1HHQb6AOUo5l-TZ08bVDMZsajU10AWHufZNQVIJ9MmoKvjcmXCFCZ5lX5regZVeMx9dDLZn_c-dv_jpJum5Y3ggzZKjKEPpiv6LcSFxddlXJeQWleWLxY5TNO6OaVN6iS_T00x7TG9xEfduleQDFetGNVgdH7FkghQvq_b67pdDOg.nLAnW-O8vuiviXQGIwwUYg HTTP/1.1\r\nHost: ww38.novostikqbne.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://ww38.novostikqbne.click/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx\r\nDate: Tue, 02 Jun 2026 06:03:41 GMT\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:41Z","timestamp":1780380221,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:41.219979+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/666b7528-99b0-4740-9a0d-771ce5a6422b/eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.x-RZrTuk5AGrMCoidUTusmReJoPPAUhTYy1tkJVhhhV8WTGcVQcI_A.kXEQaS7jSqYYdQCTvg1yoA.6gpMFpxpsd_UxR6eZRqCnYI6s_r8Tf0MevIeyZbAHhFUyCejVZC77u5q17obR4KQb9-zRZyEkj8fmBhfJUtkKKzoqyScSYWrRXBnvJQ67X9M8Icjge_yT8l-fCysbsaZi-pnABujPNBF3dKfrqu1HHQb6AOUo5l-TZ08bVDMZsajU10AWHufZNQVIJ9MmoKvjcmXCFCZ5lX5regZVeMx9dDLZn_c-dv_jpJum5Y3ggzZKjKEPpiv6LcSFxddlXJeQWleWLxY5TNO6OaVN6iS_T00x7TG9xEfduleQDFetGNVgdH7FkghQvq_b67pdDOg.nLAnW-O8vuiviXQGIwwUYg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://ww38.novostikqbne.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":204,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":10,\"bytes_toserver\":1816,\"bytes_toclient\":6938,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"euob.northwavepoint.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js","fqdn":"euob.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"52.84.50.75","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww38.novostikqbne.click/","date":"2026-06-02T06:03:41.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Thu, 29 Jan 2026 00:00:00 GMT","end":"Sat, 27 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"CC:B5:FD:45:6E:B8:DC:24:11:6A:30:38:E9:1D:FB:81:45:2E:FA:8D","sha256":"32:3C:54:8F:1C:33:6B:BE:0F:39:18:D6:DB:E7:61:78:95:9A:27:61:E7:33:FF:DA:F0:5E:F5:B4:82:D5:5E:A7"}}},"request":{"raw":"GET /sxp/i/636f8b858f681acb7bfa6f583a96630a.js HTTP/1.1\r\nHost: euob.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.novostikqbne.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 51295\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ndate: Mon, 01 Jun 2026 21:09:01 GMT\r\netag: \"216ef-2I6gVk/Vivdkt0GwpQ54tFI+cQM\"\r\nexpires: Tue, 02 Jun 2026 09:09:01 GMT\r\nserver: Caddy\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 ca50152ab306323e16b02f717a5cb212.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Nr5k9o21GxIm5_9yHkrJcJGV8zPkgw9Ag6WLCZKIIMEIiWl5vvk81A==\r\nage: 32080\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":136943,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"data","md5":"1bb3ab22ed57318ee11d270c1c3f59ce","sha1":"d88ea0564fd58af764b741b0a50e78b4523e7103","sha256":"93c03215b2f3bdddd55ce066691d5fba626924cb98f3eaab8ce8e177d030599a","sha512":"8cd9d5fb4c2cc64831f03cb4c770788b233770dd82edf5d4b5c1670b6c7d8d5d741214857b702f1ed6b06bea259f3149b9a289805770bbdc8d5228c2c0c66457","ssdeep":"1536:sD+qPQb5SEwvAu5DWeBPU4HLonMbVGhe3qM87961QCixUcnYtB/l7PsXWIo6MWmN:sCqP/AuZWyjqu1QCtveXolS0nInWBypO","tlshash":"8bd3d7ddf2e27025039320a5017f411ae27b1e553c4b8290d5bae9d4ac7ce8e957bfac","first_seen":"2026-06-01T21:19:08.293855Z","last_seen":"2026-06-03T17:02:30.825565Z","times_seen":545,"resource_available":true,"data":null}},"time_used":456,"timings":{"blocked":225,"dns":42,"connect":1,"send":0,"wait":2,"receive":2,"ssl":182},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"euob.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/ct","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.novostikqbne.click/","date":"2026-06-02T06:03:41.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Sat, 09 May 2026 00:00:00 GMT","end":"Fri, 07 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:BC:A9:21:63:E0:B6:9A:20:C7:07:EC:3A:69:03:A1:17:C1:42:A4","sha256":"02:6B:C6:85:E6:24:7C:BE:F0:52:8D:76:04:40:96:61:C7:23:C2:DA:A4:38:F5:F9:19:BB:7C:6D:04:4E:7E:E7"}}},"request":{"raw":"POST /ct HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 4489\r\nOrigin: http://ww38.novostikqbne.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.novostikqbne.click/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":4489,"data":"id=92098\u0026url=http%3A%2F%2Fww38.novostikqbne.click%2F\u0026sf=0\u0026tpi=\u0026ch=AdsDeli%20-%20iFrame\u0026uvid=cafad457599635b7830aea17231b38ce2a1ba41e\u0026tsf=0\u0026tsfmi=\u0026tsfu=\u0026cb=1780380221684\u0026hl=3\u0026op=0\u0026ag=2881387774\u0026rand=036201677290989561520011828250080220222091660775629012161060069500215662268958470856981022081\u0026fs=1280x1024\u0026fst=1280x1024\u0026np=win32\u0026nv=\u0026ref=\u0026ss=1280x1024\u0026nc=0\u0026at=\u0026di=W1siZWYiLDgwOF0sWyJhYm5jaCIsOV0sWy00LCItIl0sWy0xOCwiWzEsMCwwLDBdIl0sWy0yMCwiLSJdLFstMSwiTGludXggeDg2XzY0Il0sWy00OCwiW1wiLVwiLFwiLVwiLFwiLVwiLFwiLVwiLFwiLVwiXSJdLFstNTQsIntcImhcIjpbXCIzMjk5NzI4NDUyXCIsXCI4MjI4MjMxMTlcIixcIjk4MzIyNjI5MFwiLFwiMjg3Mjg5OTMyMFwiLFwiXzNcIixcIjI4NzI4OTkzMjBcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTYyLCI1OCJdLFstNjYsIi0iXSxbLTY5LCJXaW4zMnx8fDQ4fC18LSJdLFstMTMsIi0iXSxbLTIsIjYsSXNOOW5HbldiQVlBSXhOZlFhT3FHRTBDRkFRc2NHMDBJbmhPYllCQUtZVU96UU82RVgwMjBJbUdMY3U2MnVyZFAvYzJkMnBObVZaQXdmMy8vOHo3OUdySGExV3UzT21YUFB2ZSJdLFstNTcsIlMzbFJUVTFKU2dNV0ZseE1WbHNYVjFaTFRWRk9XRTljU1ZaUVYwMFhXbFpVRmtwQlNSWlFGZzhLRDE4Qld3RU1BVjhQQVFoWVdsc09XMTlZRDE4TUFRcFlBQThQQ2dsWUYxTktBd2dEQ0FrTERRZ0FGUTRJQUJaTkYxeEJTVlpMVFVvV0JYbFJUVTFKU2dNV0ZseE1WbHNYVjFaTFRWRk9XRTljU1ZaUVYwMFhXbFpVRmtwQlNSWlFGZzhLRDE4Qld3RU1BVjhQQVFoWVdsc09XMTlZRDE4TUFRcFlBQThQQ2dsWUYxTktBd2dEQ0FrTER3Z09GVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjFkV1MwMVJUbGhQWEVsV1VGZE5GMXBXVkJaS1FVa1dVQT09Il0sWy02MywiLSJdLFstNjgsIi0iXSxbLTEwLCItIl0sWy0xNCwiLSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDEyODAsMTAyNCwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwwLDAsMCwwLFwiLVwiLFwiLVwiLDEyODAsMTAyNCxudWxsXSJdLFstMjYsIi0iXSxbLTM0LCItIl0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTcxLCJhMDEwMDEwMTEwMDEwMDEwMTAwMDEwMTAwMTEwMTEwMDAwMDAxMCJdLFstNSwiLSJdLFstMTIsIlwiMVwiIl0sWy0yOSwiLSJdLFstNTAsIi0iXSxbLTU1LCIwIl0sWy01OSwiLSJdLFstNjEsIi0iXSxbLTc1LCIoaW50ZXJtZWRpYXRlIHZhbHVlKS5zb21lRnVuYyBpcyBub3QgYSBmdW5jdGlvbiJdLFstMjEsIi0iXSxbLTUzLCIwMDEiXSxbLTI0LCJbXSJdLFstMzMsIi0iXSxbLTQwLCIzNyJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMDAwMTAwIl0sWy01MiwiLSJdLFstNTgsIi0iXSxbLTY1LCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwib25SVEJGYWlsdXJlXCIsXCJvblJUQlN1Y2Nlc3NcIixcIk5vdGlmeVBhaW50RXZlbnRcIixcIl9fY3RjZ19jdF85MjA5OF9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMjUsIi0iXSxbLTI4LCJlbi1VUyxlbiJdLFstMzUsIlsxNzgwMzgwMjIxNTI3LDBdIl0sWy0zNiwiW1wiNS80XCIsXCI1LzRcIl0iXSxbLTM3LCItIl0sWy0zOSwiW1wiMjAxMDAxMDFcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsXCIyMDE4MTAwMTAwMDAwMFwiLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2UsZmFsc2UsZmFsc2VdIl0sWy00MSwiLSJdLFstNDIsIjg4MzM5OTAxNiJdLFstNTEsIi0iXSxbLTYwLCItIl0sWy02NCwiLSJdLFstNjcsIi0iXSxbLTc2LCItIl0sWy04LCItIl0sWy05LCItIl0sWy0zMCwiW1widlwiLDBdIl0sWy03MywiRWhRPSJdLFstNzQsIi0iXSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcIm1lc2FcIixcInJcIjpcImxsdm1waXBlXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjBcIixcImd2ZW5cIjpcIm1vemlsbGFcIixcImJlblwiOjM1LFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstNywiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTIzLCIrIl0sWy0zMSwiZmFsc2UiXSxbLTQ2LCIwIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy0xNSwiLSJdLFstMTcsIjQ4Il0sWyJibmNoIiwxODhdLFstMjcsIi0iXSxbLTMyLCIwIl0sWy00OSwiLSJdLFstNzIsIkV4VT0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiXX0iXSxbLTE2LCIwIl0sWy0zOCwiaSwtMSwtMSwwLDAsMTIsMCwxLDEwMSwyMTgsLTEsMCwsNDY0LDk1OCw5NTciXSxbLTQ0LCIwLDUsMCw1Il0sWy00NSwiNzUyLDAsMCw3MTksMCwwLDc2MSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl0sWy00NywiVVRDLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstNzAsIi0iXSxbImRkYiIsIjAsOCwwLDAsMCwzLDAsMCwwLDAsMCwwLDAsMCwyLDEsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMiwwLDAsMCwzLDAsMCwwLDAsMCwwLDEsMywzNywwLDE4LDAsMSwwLDAsMCwxLDEsMCwwLDAsMSwwLDAsMCwwLDAsMSwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDAsMCwyLDEsMCwzOCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsNCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDEsMCwxLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwyLDAsMCwwLDAsMCwwLDAsMCwwLDAiXV0%3D\u0026dep=0\u0026pre=0\u0026sdd=\u0026cri=DEgUmmUAs8\u0026pto=1032\u0026ver=66\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1780380221.6t0xMrGa1KNPATyQ\u0026suid=1.1780380221.c7ZMO8ZSKlZalAcj\u0026tuid=1.1780380221.mU94XwdWyNOsMkAr\u0026sid=1.1780380221685.4IakOWPmSZk03spH\u0026fbc=-\u0026gtm=-\u0026it=5%2C416%2C249\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=\u0026sck=-\u0026io=aGA2Oi15fzZz"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.novostikqbne.click\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Tue, 02 Jun 2026 06:03:41 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\nset-cookie: cg_uuid=0107018984d28fa8c052514de7de0866; Max-Age=29030400; Path=/; Expires=Tue, 04 May 2027 06:03:41 GMT; HttpOnly; Secure; SameSite=None\r\ntiming-allow-origin: http://ww38.novostikqbne.click\r\ncontent-length: 1421\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4121,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"bcf5608e339959cfd740c463d2a98ac2","sha1":"b9835d9ea116c6bb8cc6bc8e23c6158bea2ca117","sha256":"0437e72e14b970a36dd4a3e26a1602153378320c6f4a044d47cf796bf67d63e7","sha512":"c6aca4b3e5128393d4cda405268d075df8cb1b8704a86b15f9bdf2bf6a306e350e697b4e9c3c63ffa061d1496ffd7c614047e8a94d09d77b523ceb315df19ad8","ssdeep":"96:4/iSxe6qgFytaB9p4tvkyUiG/iHxe6qgFytaB9p4tvkyUJPVp0:4/FFqgFytajSBUJ/4FqgFytajSBUJPVq","tlshash":"e381ea62ba79ac3179f6d75c9e0d3fe06355213b8ec7788d48965f8709e3744aa82408","first_seen":"2026-06-02T06:04:02.773167Z","last_seen":"2026-06-02T06:04:02.773167Z","times_seen":1,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":134,"dns":23,"connect":36,"send":0,"wait":85,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/pics/9000/09/593//bg1.png","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-06-02T06:03:42.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 26 May 2026 18:21:12 GMT","end":"Mon, 24 Aug 2026 19:19:23 GMT"},"fingerprint":{"sha1":"8C:97:00:DB:02:53:A7:1D:41:E8:EA:C5:AB:03:19:FF:BF:30:6A:DF","sha256":"3A:CC:B8:B0:F1:D6:36:06:79:F1:62:23:A5:4D:87:F2:D8:A4:92:F2:C3:74:10:77:F4:C9:12:11:F8:E0:B7:ED"}}},"request":{"raw":"GET /__media__/pics/9000/09/593//bg1.png HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncontent-length: 17986\r\nvia: 1.1 google\r\ndate: Tue, 02 Jun 2026 06:03:42 GMT\r\ncache-control: public, max-age=604800\r\nlast-modified: Thu, 06 Mar 2025 12:55:21 GMT\r\netag: \"4642-62fac04c7759a\"\r\ncontent-type: image/png\r\nage: 532355\r\nx-cache-status: revalidated\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7hTDlV6uuFinZ%2B2C6pZyUMndqG5m5aUab0ipuRbIRnoLcvo%2BoA2HZuae1hSnbKZ7GvmOMlvq0QU9vuDhS2OpDAbC86ZQdSyhiW5y43Cg0E1TBGX4I8dj25vO5Z4DorC28B4IIzOjjg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a05441a4e999a0f0-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17986,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1730 x 988, 4-bit colormap, non-interlaced","md5":"825ccd29ac102fcadaf92b2343d5917b","sha1":"24472e766cfac5b82a73b219796556a0a3702bd6","sha256":"0878fb2875c0ad852de8fb3e8f443afdf3064890f1443b3feccc274382f913cd","sha512":"71b8e7c0813227f5efa4b4e0561978b13672f46ee441bc222ad77aa46a32f0f44a5dab3ef038bb3418190e69dced597a79e77566da01a259f1cd6b5298a08662","ssdeep":"384:/ATpX6Cex7jSxPgvgsODg/B2HgqSSeMjhRNAxB60ZL/HU+HqofTBf:ipX6nx7elggsODg52AqSSJhIxBZZLc8N","tlshash":"8a82bef49ea4241cdde2dfbce09243d635e8fb03481a9c516bcb46c27459ea2782c71d","first_seen":"2023-04-06T22:32:28Z","last_seen":"2026-06-03T16:56:56.407059Z","times_seen":197048,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"msadsscale.microsoft.com/bingads/telemetryJS.js","fqdn":"msadsscale.microsoft.com","domain":"microsoft.com","tld":"com"},"ip":{"addr":"150.171.109.200","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-06-02T06:03:42.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msadsscale.microsoft.com","organization":""},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 18 May 2026 00:00:00 GMT","end":"Wed, 18 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1C:91:B7:B2:08:00:90:64:A6:51:D9:AE:9A:29:5D:27:1A:09:1E:6B","sha256":"BA:94:AC:1C:97:33:59:57:E8:B7:3E:82:DA:DD:AD:77:E3:4F:92:D3:69:40:C6:D1:06:8D:01:E5:16:90:29:94"}}},"request":{"raw":"GET /bingads/telemetryJS.js HTTP/1.1\r\nHost: msadsscale.microsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 06:03:42 GMT\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 12 Mar 2025 08:06:51 GMT\r\netag: W/\"0x8DD613CD8BAF720\"\r\nx-ms-request-id: 32c223dd-801e-0016-745c-ef34fb000000\r\nx-ms-version: 2018-03-28\r\naccess-control-expose-headers: content-length\r\naccess-control-allow-origin: *\r\nx-azure-ref: 20260602T060342Z-r1b44c7fb77j4fqqhC1SVGq6zg0000000m10000000006qd1\r\nx-fd-int-roxy-purgeid: 3\r\nx-cache: TCP_HIT\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]},{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]}],"data":{"size":72824,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65504), with no line terminators","md5":"84bf71fe11d71bedaac885462b1d2940","sha1":"bdcf95799b79eea873329ddbd112eda32f47877e","sha256":"a8d28463855fcf949fb31963246cc6c55ea9baf9c5551b327687dcd6076502f7","sha512":"02d7de1db70f021c17bc184e1e795cc01f63889731f444ca429040f3599dccdb346c68e8e5e69fc81060972b7ccbcebf1e9294e50318957ded8cb0cbeecacb3e","ssdeep":"768:TM4lJgxIU3OPOEUi6UsQ6R1k/Y7/LKF/ZE/4OkeZChQZqeYQYTyCLJV6N//MFgPc:A4voIU+POE3kMMmF/6VbqXQQfI/EgYuo","tlshash":"5a63938df1d1b0f607e7a0e5412f960ae1b72968b45ea8d6e6a1d4e09c7884f1037f7c","first_seen":"2025-03-13T12:39:24.627452Z","last_seen":"2026-06-03T16:56:56.412143Z","times_seen":140456,"resource_available":true,"data":null}},"time_used":168,"timings":{"blocked":40,"dns":45,"connect":19,"send":0,"wait":38,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.yimg.com/ds/scripts/selectTier-p1.1.0.js","fqdn":"s.yimg.com","domain":"yimg.com","tld":"com"},"ip":{"addr":"87.248.119.251","port":443,"asn":203220,"as":"Yahoo-UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-06-02T06:03:42.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.www.yahoo.com","organization":"Yahoo Holdings Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 18 May 2026 00:00:00 GMT","end":"Wed, 08 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"60:B9:3E:CD:F8:8B:07:2B:21:9E:00:37:C0:64:0F:D4:A7:E6:7E:0D","sha256":"89:76:F0:B9:31:A5:0D:A8:0A:60:87:98:FB:C9:68:74:5D:84:71:C3:22:DA:F3:35:D8:24:0C:80:39:DE:F8:5C"}}},"request":{"raw":"GET /ds/scripts/selectTier-p1.1.0.js HTTP/1.1\r\nHost: s.yimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: 0pVHkNOmaMNeZkA0C1sXzn7ZNroO0SQOiZUwffSpnTm+P8qXDf+7u0ltq/QQ0XCS5CNImOuqDN30Z+KGlJQvcGI1zVZzfjlt\r\nx-amz-request-id: 7472A932KW2XYAEM\r\ndate: Tue, 02 Jun 2026 06:02:56 GMT\r\nlast-modified: Tue, 17 Mar 2026 16:07:48 GMT\r\ncache-control: public,max-age=60\r\nx-amz-version-id: MYILtxSp4D3g9IIiusm3XYc.Lrxqvgn9\r\naccept-ranges: bytes\r\ncontent-type: application/javascript\r\nserver: ATS\r\nvary: Origin, Accept-Encoding\r\netag: \"a141400493d06236f13b5ec5e7993178-df\"\r\nage: 47\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: gzip\r\ncontent-length: 7528\r\nstrict-transport-security: max-age=31536000\r\nats-carp-promotion: 1, 1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache Traffic Server","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25545,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (25545), with no line terminators","md5":"a141400493d06236f13b5ec5e7993178","sha1":"bbe007343d7ea3461a040a88c15e3034a344863c","sha256":"61db003df491f58c5cba0781ae8a764c69c5d165eebe1b79bb59289f83a8242c","sha512":"c029685beb47b16e0956deda40d4dbe036f3f22a627602491125dd1003e90834ecf7ff42332f31a5ee12081052b1e0eafb3e8156baf73c3fe4dc9a6c9a712e40","ssdeep":"768:AvPr83BT2T2x4ebxteeqrkp3KQZ91/Rp537jm7t+wjvooXsxsdh:Avj83ET2+KzmQZ7/Rpx7/Qsxu","tlshash":"4bb2c7a574c9343f03ab80f3903b231933765d2a3906a568368886de5dace5b5317f7e","first_seen":"2026-03-17T16:10:23.974009Z","last_seen":"2026-06-03T16:56:56.397304Z","times_seen":64116,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":61,"dns":27,"connect":31,"send":0,"wait":42,"receive":2,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/mon","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.novostikqbne.click/","date":"2026-06-02T06:03:52.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Sat, 09 May 2026 00:00:00 GMT","end":"Fri, 07 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:BC:A9:21:63:E0:B6:9A:20:C7:07:EC:3A:69:03:A1:17:C1:42:A4","sha256":"02:6B:C6:85:E6:24:7C:BE:F0:52:8D:76:04:40:96:61:C7:23:C2:DA:A4:38:F5:F9:19:BB:7C:6D:04:4E:7E:E7"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2079\r\nOrigin: http://ww38.novostikqbne.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.novostikqbne.click/\r\nCookie: cg_uuid=0107018984d28fa8c052514de7de0866\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2079,"data":"e=37dfbd8ee84e001262eec43dea45889c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd16300423945201573c0c5b92bc631934aa67e260db4cf1976fa5553bf90d257c17c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e729c6b25f21492eaeaef4c7917fea8fdc5fe905cf0c6c67ccbecfe3f465908de5798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d1219b7e6ad5dd7e8324c28cbdeddcb3ba4a71e93daaa9ae7c433ebdcf71d2e113f01a1813dd5c5a85d2d98681fdc5688806fddefbc878ae242b7ac46f28d4ccc70067c0ef77ac11f7945dd62fef3d0c0b55c676e74dffc1bf59bf89338553a584f8cb64815e0423bd521747754c7dd1a76eb8058c8c8b64ebde60feb122d185e5e85689f0bf1f293ec6a95a44fab9025d0ee2c7e474ae2887f840fda272a076cb309553d61ccbac20da1327e5ae8e7b363f610236165517abe39071db02b646525e20f8b54bc385110cffbdc3a7b56cc3ebf8e18ff8aef657523df94f9aab5a66845f7818d167416c6af47bb36b1ec3eadd7e8d61d33996ad2cccd5118b2f4a78741076019ddee5dc347b5692184797d2c7bdf4ca1b78dcc7ec7cedb1130abc9b732e75ebd29c0f75a52d975e811be4379b11d3c811fabb2cb19ce2afe74f088c9b6709d32ad7deeab90a8e28714f5186625151afa25887ec17c29999ca55d3dae23a0a5f00ea5ae27bd516cfda18d4205f33037a2b6deb31e39d2117fd36d2adf529cb9b1cc8250ff0422d68c6b78f680fb928aad002d0052d121ee9793e88aed768c95f2288c54ef0cdd7fe9c509a00006007f87625529e98104efa61a5eccb2d93c1b34d0e2db060201416905403b3dbfc120c996270d38b951e8a87f8dd5323ba30bb006a4ade17752ac7da055d9987a0c4e8b713e23aa272c76785d644d6e7a66e6bb39a529acdacb8d6f7dedf2850dea57c028935d918c21d93a674ef8c989763b894b2a1a51224d3a290a7019402d71a047e002f9fc26e6ace6ff80189cc6bed4e68b7300b8d61a1926d2cf425245614dea1ab72db881b603b12728396cfb0802c9e07f6b0207dc5d9431a014124\u0026cri=DEgUmmUAs8\u0026sf=0\u0026dc=\u0026cp=10\u0026gtm=-\u0026gac=-\u0026uvid=cafad457599635b7830aea17231b38ce2a1ba41e\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=10066\u0026mo=0\u0026pn=11346\u0026spn=1279\u0026sck=-\u0026fp=464\u0026f_mt=\u0026s_mt=\u0026t_mt=\u0026l_mt=\u0026m_mt=0\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.novostikqbne.click\r\ncontent-type: application/json\r\ndate: Tue, 02 Jun 2026 06:03:52 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"novostikqbne.click/?tr_uuid=20260602-1603-350c-b346-151ded9dcb21\u0026fp=-7","fqdn":"novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"103.224.182.216","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:03:37.251Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?tr_uuid=20260602-1603-350c-b346-151ded9dcb21\u0026fp=-7 HTTP/1.1\r\nHost: novostikqbne.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\ndate: Tue, 02 Jun 2026 06:03:37 GMT\r\nserver: Apache\r\nlocation: http://ww38.novostikqbne.click/\r\ncontent-length: 0\r\ncontent-type: text/html; charset=UTF-8\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":477,"timings":{"blocked":155,"dns":1,"connect":155,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:37Z","timestamp":1780380217,"ip_dst":{"addr":"103.224.182.216","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.9","port":56698,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:37.572403+0000\",\"flow_id\":2169153674400873,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":56698,\"dest_ip\":\"103.224.182.216\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"novostikqbne.click\",\"url\":\"/?tr_uuid=20260602-1603-350c-b346-151ded9dcb21\u0026fp=-7\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ww38.novostikqbne.click/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":726,\"bytes_toclient\":336,\"start\":\"2026-06-02T06:03:37.250985+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww38.novostikqbne.click/","fqdn":"ww38.novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:03:37.579Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ww38.novostikqbne.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:40Z","timestamp":1780380220,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":46628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-06-02T06:03:40.985221+0000\",\"flow_id\":395372983496068,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":46628,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.novostikqbne.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":541},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":644,\"bytes_toclient\":6216,\"start\":\"2026-06-02T06:03:40.667012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bping.php?lf=6\u0026wsip=170763202\u0026vgd_asn=50304\u0026mspa=0\u0026r=1780380221517\u0026cid=8CU6073RK\u0026hvsid=00001780380221515015326356485136\u0026sc=03\u0026wshp=0\u0026vgd_tsce=L1248\u0026vgd_l2type=dmola\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026requrl=http%3A%2F%2Fnovostikqbne.click\u0026ssld=%7B%22QQNN%22%3A%22Ia%22%2C%22QQN75%22%3A%22mQjm%22%2C%22QQ8E%22%3A%22%22%2C%22QQQN%22%3A%229A%22%2C%22QQl8E%22%3A%22%22%7D\u0026gdpr=1\u0026vgd_cage=7\u0026vgd_cdv=O3269\u0026vgd_setup=c21\u0026prid=8PR11258V\u0026cc=NO\u0026lper=100\u0026vgd_rpth=%2Fola\u0026vgd_wlstp=0\u0026crid=848515096\u0026vi=1780380221920541288\u0026ugd=4\u0026vgd_len=557\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://yfdpco4.com/sk-park.php?pid=9PO15V947\u0026dn=novostikqbne.click\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.novostikqbne.click%2F\u0026al=en-US%2Cen%3Bq%3D0.5","date":"2026-06-02T06:03:41.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 26 May 2026 18:21:12 GMT","end":"Mon, 24 Aug 2026 19:19:23 GMT"},"fingerprint":{"sha1":"8C:97:00:DB:02:53:A7:1D:41:E8:EA:C5:AB:03:19:FF:BF:30:6A:DF","sha256":"3A:CC:B8:B0:F1:D6:36:06:79:F1:62:23:A5:4D:87:F2:D8:A4:92:F2:C3:74:10:77:F4:C9:12:11:F8:E0:B7:ED"}}},"request":{"raw":"GET /bping.php?lf=6\u0026wsip=170763202\u0026vgd_asn=50304\u0026mspa=0\u0026r=1780380221517\u0026cid=8CU6073RK\u0026hvsid=00001780380221515015326356485136\u0026sc=03\u0026wshp=0\u0026vgd_tsce=L1248\u0026vgd_l2type=dmola\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026requrl=http%3A%2F%2Fnovostikqbne.click\u0026ssld=%7B%22QQNN%22%3A%22Ia%22%2C%22QQN75%22%3A%22mQjm%22%2C%22QQ8E%22%3A%22%22%2C%22QQQN%22%3A%229A%22%2C%22QQl8E%22%3A%22%22%7D\u0026gdpr=1\u0026vgd_cage=7\u0026vgd_cdv=O3269\u0026vgd_setup=c21\u0026prid=8PR11258V\u0026cc=NO\u0026lper=100\u0026vgd_rpth=%2Fola\u0026vgd_wlstp=0\u0026crid=848515096\u0026vi=1780380221920541288\u0026ugd=4\u0026vgd_len=557\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://yfdpco4.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 06:03:41 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\nexpires: Mon, 01 Jun 2026 06:03:41 GMT\r\npragma: no-cache\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xjpshI%2BbCxl%2BsSITN45Y1WXpafn8I%2B4JiHD9pTs4LxP8oA9wB9OJadvSHGSzesVOWud2c56BtgFqwUyoD3bFhNubGEmRBbkPFXA1EWrOK2hk7vHTWLQdP5yatXoHRNfrpcGcOMFqSw%3D%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a05441a1c8ec3181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 87a, 1 x 1","md5":"6f1d74c7168076c7666246504a8c03f2","sha1":"00656377deb1a4393e0cf0055385b08b2b81b46c","sha256":"8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde","sha512":"e502484faa0dc2a1f23c7f715879db654f29d0af1d6f616467d3d1fc578c2d16fccaacd76c4a5ecae8451dc912323473559d29edbd322fe85b8f1e83a7cdf2f3","ssdeep":"","tlshash":"53900447f1401103d135403007075340070c5030145403050071507ddc1d7553d07410","first_seen":"2025-03-07T21:51:05.009549Z","last_seen":"2026-06-03T16:56:56.403135Z","times_seen":191075,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":16,"dns":1,"connect":1,"send":0,"wait":130,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"172.67.166.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://yfdpco4.com/sk-park.php?pid=9PO15V947\u0026dn=novostikqbne.click\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.novostikqbne.click%2F\u0026al=en-US%2Cen%3Bq%3D0.5","date":"2026-06-02T06:03:41.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"realtimesearchresults.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 10:52:30 GMT","end":"Tue, 04 Aug 2026 10:52:29 GMT"},"fingerprint":{"sha1":"02:4E:59:88:1C:86:50:18:EA:27:4B:63:D2:F3:63:B1:45:75:08:F8","sha256":"42:4A:35:24:76:B5:97:85:AD:E5:B4:0E:3B:C6:FB:AC:9D:A3:CE:7C:88:39:6E:2E:F4:84:5D:33:26:CD:97:B1"}}},"request":{"raw":"GET /sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1 HTTP/1.1\r\nHost: realtimesearchresults.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://yfdpco4.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 06:03:42 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-store, max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BtKvi3euDxRjd6aEA31cetlF%2B303ZdWRa0WFABB%2F7JtHY28NHVh%2BEjfshf3mSHGwZKBcCxQdfaozLKFAu4ZgBhgQqZeLgy3kojXSL9xu9bJFX5MaLdt6Bdz9CtUnACi63Zh14nDi5HmEdA0L\"}]}\r\nlink: \u003chttps://scripts.clarity.ms/0.8.54/clarity.js\u003e; rel=prefetch, \u003chttps://msadsscale.microsoft.com/bingads/telemetryJS.js\u003e; rel=prefetch, \u003chttps://www.clarity.ms\u003e; rel=dns-prefetch, \u003chttps://s.yimg.com/ds/scripts/selectTier-p1.1.0.js\u003e; rel=prefetch\r\nx-sc-h: 21-cg71\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: a05441a1fcf6120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":69958,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (45464), with CRLF, LF line terminators","md5":"ac082c58f30c7236bd830b4acbbd7e57","sha1":"aa835f8e0782ad98d37b86f24a79ee7a111bc574","sha256":"50a740d1350c92e74a6cbb18cbb13e27d28aa203b8444726b7d5e4909287e3b5","sha512":"67959ffdd312986686acc435d565158ce870fc592e2898d4bf79988c2052e814f1ba4e11d99aae078d9ae47df750108d94433ccdd5cd64aafbcd1b71b2e6446f","ssdeep":"1536:S0hiikMTSH3MMrqAFQ9bfeAI7fe6nwPN9cszn3olE5L1LnnYMPugE61Ba7fx7:S0hiikMTSH3MMrqAFQ9bfeAI7fe6ny+/","tlshash":"766328dc34d2747607b720a2513f3e0ff1aa115a368d8844e9e5e6a23d7c99f8a23d4d","first_seen":"2026-06-02T06:04:02.776582Z","last_seen":"2026-06-02T06:04:02.776582Z","times_seen":1,"resource_available":false,"data":null}},"time_used":411,"timings":{"blocked":37,"dns":21,"connect":1,"send":0,"wait":337,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"realtimesearchresults.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"realtimesearchresults.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/tracker/tc_imp.gif?e=37dfbd8ee84e001262eec43dea45889c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd16300423945201573c0c5b92bc631934aa67e260db4cf1976fa5553bf90d257c17c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e729c6b25f21492eaeaef4c7917fea8fdc5fe905cf0c6c67ccbecfe3f465908de5798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d1219b7e6ad5dd7e8324c28cbdeddcb3ba4a71e93daaa9ae7c433ebdcf71d2e113f01a1813dd5c5a85d2d98681fdc5688806fddefbc878ae242b7ac46f28d4ccc70067c0ef77ac11f7945dd62fef3d0c0b55c676e74dffc1bf59bf89338553a584f8cb64815e0423bd521747754c7dd1a76eb8058c8c8b64ebde60feb122d185e5e85689f0bf1f293ec6a95a44fab9025d0ee2c7e474ae2887f840fda272a076cb309553d61ccbac20da1327e5ae8e7b363f610236165517abe39071db02b646525e20f8b54bc385110cffbdc3a7b56cc3ebf8e18ff8aef657523df94f9aab5a66845f7818d167416c6af47bb36b1ec3eadd7e8d61d33996ad2cccd5118b2f4a78741076019ddee5dc347b5692184797d2c7bdf4ca1b78dcc7ec7cedb1130abc9b732e75ebd29c0f75a52d975e811be4379b11d3c811fabb2cb19ce2afe74f088c9b6709d32ad7deeab90a8e28714f5186625151afa25887ec17c29999ca55d3dae23a0a5f00ea5ae27bd516cfda18d4205f33037a2b6deb31e39d2117fd36d2adf529cb9b1cc8250ff0422d68c6b78f680fb928aad002d0052d121ee9793e88aed768c95f2288c54ef0cdd7fe9c509a00006007f87625529e98104efa61a5eccb2d93c1b34d0e2db060201416905403b3dbfc120c996270d38b951e8a87f8dd5323ba30bb006a4ade17752ac7da055d9987a0c4e8b713e23aa272c76785d644d6e7a66e6bb39a529acdacb8d6f7dedf2850dea57c028935d918c21d93a674ef8c989763b894b2a1a51224d3a290a7019402d71a047e002f9fc26e6ace6ff80189cc6bed4e68b7300b8d61a1926d2cf425245614dea1ab72db881b603b12728396cfb0802c9e07f6b0207dc5d9431a0141752b66a05af3892708adfc899bb3b4acfaed936bb7b8\u0026cri=DEgUmmUAs8\u0026ts=255\u0026cb=1780380221939","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww38.novostikqbne.click/","date":"2026-06-02T06:03:41.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Sat, 09 May 2026 00:00:00 GMT","end":"Fri, 07 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:BC:A9:21:63:E0:B6:9A:20:C7:07:EC:3A:69:03:A1:17:C1:42:A4","sha256":"02:6B:C6:85:E6:24:7C:BE:F0:52:8D:76:04:40:96:61:C7:23:C2:DA:A4:38:F5:F9:19:BB:7C:6D:04:4E:7E:E7"}}},"request":{"raw":"GET /tracker/tc_imp.gif?e=37dfbd8ee84e001262eec43dea45889c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd16300423945201573c0c5b92bc631934aa67e260db4cf1976fa5553bf90d257c17c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e729c6b25f21492eaeaef4c7917fea8fdc5fe905cf0c6c67ccbecfe3f465908de5798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d1219b7e6ad5dd7e8324c28cbdeddcb3ba4a71e93daaa9ae7c433ebdcf71d2e113f01a1813dd5c5a85d2d98681fdc5688806fddefbc878ae242b7ac46f28d4ccc70067c0ef77ac11f7945dd62fef3d0c0b55c676e74dffc1bf59bf89338553a584f8cb64815e0423bd521747754c7dd1a76eb8058c8c8b64ebde60feb122d185e5e85689f0bf1f293ec6a95a44fab9025d0ee2c7e474ae2887f840fda272a076cb309553d61ccbac20da1327e5ae8e7b363f610236165517abe39071db02b646525e20f8b54bc385110cffbdc3a7b56cc3ebf8e18ff8aef657523df94f9aab5a66845f7818d167416c6af47bb36b1ec3eadd7e8d61d33996ad2cccd5118b2f4a78741076019ddee5dc347b5692184797d2c7bdf4ca1b78dcc7ec7cedb1130abc9b732e75ebd29c0f75a52d975e811be4379b11d3c811fabb2cb19ce2afe74f088c9b6709d32ad7deeab90a8e28714f5186625151afa25887ec17c29999ca55d3dae23a0a5f00ea5ae27bd516cfda18d4205f33037a2b6deb31e39d2117fd36d2adf529cb9b1cc8250ff0422d68c6b78f680fb928aad002d0052d121ee9793e88aed768c95f2288c54ef0cdd7fe9c509a00006007f87625529e98104efa61a5eccb2d93c1b34d0e2db060201416905403b3dbfc120c996270d38b951e8a87f8dd5323ba30bb006a4ade17752ac7da055d9987a0c4e8b713e23aa272c76785d644d6e7a66e6bb39a529acdacb8d6f7dedf2850dea57c028935d918c21d93a674ef8c989763b894b2a1a51224d3a290a7019402d71a047e002f9fc26e6ace6ff80189cc6bed4e68b7300b8d61a1926d2cf425245614dea1ab72db881b603b12728396cfb0802c9e07f6b0207dc5d9431a0141752b66a05af3892708adfc899bb3b4acfaed936bb7b8\u0026cri=DEgUmmUAs8\u0026ts=255\u0026cb=1780380221939 HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.novostikqbne.click/\r\nCookie: cg_uuid=0107018984d28fa8c052514de7de0866\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\ndate: Tue, 02 Jun 2026 06:03:41 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\ncontent-length: 43\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"db04c7b378cb2db912c3ba8a5a774ee3","sha1":"dee34bd86c3484d31002182aa2b7caa4699126b8","sha256":"98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a","sha512":"826225fc21717d8861a05b9d2f959539aad2d2b131b2afed75d88fbca535e1b0d5a0da8ac69713a0876a0d467848a37a0a7f926aeafad8cf28201382d16466ab","ssdeep":"","tlshash":"6490000bca888002caa2c0302b8883022b88b0320228832e80bc30a8ee3b3a20c02000","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-03T16:52:33.688678Z","times_seen":392229,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/fonts/montserrat_regular/montserrat_regular.woff","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-06-02T06:03:42.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 26 May 2026 18:21:12 GMT","end":"Mon, 24 Aug 2026 19:19:23 GMT"},"fingerprint":{"sha1":"8C:97:00:DB:02:53:A7:1D:41:E8:EA:C5:AB:03:19:FF:BF:30:6A:DF","sha256":"3A:CC:B8:B0:F1:D6:36:06:79:F1:62:23:A5:4D:87:F2:D8:A4:92:F2:C3:74:10:77:F4:C9:12:11:F8:E0:B7:ED"}}},"request":{"raw":"GET /__media__/fonts/montserrat_regular/montserrat_regular.woff HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://realtimesearchresults.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncontent-length: 24744\r\naccess-control-allow-origin: *\r\nedge-control: downstream-ttl=1d\r\nvia: 1.1 google\r\ndate: Tue, 02 Jun 2026 06:03:42 GMT\r\ncache-control: public, max-age=604800\r\nlast-modified: Mon, 16 May 2016 10:39:41 GMT\r\netag: \"60a8-532f33dedf540\"\r\ncontent-type: font/woff\r\nage: 299123\r\nx-cache-status: hit\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6I4wOSY32VweikDZmWY6fNgsYy5zLyh2AZ4kIs1UuB21DRR71%2Fg%2FX7q6IOBge4wWIAjeCaROuUiYdqWKaz4pDeOeocKQTGeaSgu5JfExz3YWZ7456%2FMZog9Zy1qmswum6lQjuTKdNw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a05441a5099aa0f0-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24744,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 24744, version 1.0","md5":"987e102655eee6557d9e5de5eda2dbd7","sha1":"9cfb173085bc54a3e7a4f377e5184cba87ad7a67","sha256":"1354d1ffff7cde96f66dd463a7a9d9bc627c2ea55c1a12c7f0b5c63594622c3e","sha512":"bccd46bbc05dc333869797877f2702294f24f697bd5cf8c42210092d74ddb261b301fa1cb09f79ddc2fb1dc5a54acb3aabde5454920ab195fc906cfddf1be75a","ssdeep":"768:Vw0BKrqrg0KoirVY+RpyVvAfeiCONpPkIw31R:q0BKH0Koiu+Tyqfe1cCH31R","tlshash":"80b2d138a2776205f24c16f579030b361dda21ba925e47bb062360ae1db9a4cd18a24f","first_seen":"2025-04-10T23:48:29.909914Z","last_seen":"2026-06-03T16:56:56.408239Z","times_seen":171177,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/mon","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.novostikqbne.click/","date":"2026-06-02T06:03:42.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Sat, 09 May 2026 00:00:00 GMT","end":"Fri, 07 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:BC:A9:21:63:E0:B6:9A:20:C7:07:EC:3A:69:03:A1:17:C1:42:A4","sha256":"02:6B:C6:85:E6:24:7C:BE:F0:52:8D:76:04:40:96:61:C7:23:C2:DA:A4:38:F5:F9:19:BB:7C:6D:04:4E:7E:E7"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2936\r\nOrigin: http://ww38.novostikqbne.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.novostikqbne.click/\r\nCookie: cg_uuid=0107018984d28fa8c052514de7de0866\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2936,"data":"e=37dfbd8ee84e001262eec43dea45889c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd16300423945201573c0c5b92bc631934aa67e260db4cf1976fa5553bf90d257c17c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e729c6b25f21492eaeaef4c7917fea8fdc5fe905cf0c6c67ccbecfe3f465908de5798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d1219b7e6ad5dd7e8324c28cbdeddcb3ba4a71e93daaa9ae7c433ebdcf71d2e113f01a1813dd5c5a85d2d98681fdc5688806fddefbc878ae242b7ac46f28d4ccc70067c0ef77ac11f7945dd62fef3d0c0b55c676e74dffc1bf59bf89338553a584f8cb64815e0423bd521747754c7dd1a76eb8058c8c8b64ebde60feb122d185e5e85689f0bf1f293ec6a95a44fab9025d0ee2c7e474ae2887f840fda272a076cb309553d61ccbac20da1327e5ae8e7b363f610236165517abe39071db02b646525e20f8b54bc385110cffbdc3a7b56cc3ebf8e18ff8aef657523df94f9aab5a66845f7818d167416c6af47bb36b1ec3eadd7e8d61d33996ad2cccd5118b2f4a78741076019ddee5dc347b5692184797d2c7bdf4ca1b78dcc7ec7cedb1130abc9b732e75ebd29c0f75a52d975e811be4379b11d3c811fabb2cb19ce2afe74f088c9b6709d32ad7deeab90a8e28714f5186625151afa25887ec17c29999ca55d3dae23a0a5f00ea5ae27bd516cfda18d4205f33037a2b6deb31e39d2117fd36d2adf529cb9b1cc8250ff0422d68c6b78f680fb928aad002d0052d121ee9793e88aed768c95f2288c54ef0cdd7fe9c509a00006007f87625529e98104efa61a5eccb2d93c1b34d0e2db060201416905403b3dbfc120c996270d38b951e8a87f8dd5323ba30bb006a4ade17752ac7da055d9987a0c4e8b713e23aa272c76785d644d6e7a66e6bb39a529acdacb8d6f7dedf2850dea57c028935d918c21d93a674ef8c989763b894b2a1a51224d3a290a7019402d71a047e002f9fc26e6ace6ff80189cc6bed4e68b7300b8d61a1926d2cf425245614dea1ab72db881b603b12728396cfb0802c9e07f6b0207dc5d9431a014124\u0026cri=DEgUmmUAs8\u0026sf=0\u0026dc=ZGxocGAXcGdnPWdwZ2dwZxY7IDk5cGcWZ2dgcGcWYWRnZHBnFmRlbGxwZxZkZGJncGcWZGVjZXBnFmRkYmRwZxZkZWZncGcWZXBnFmdhcGcWZGdgY3BnFmRnYGJwYBFzZmRocGIXcGdnInBnZ3BmFGRiZ3BnFnBnZz1wZ2dwZhRhZ3BnFnBnZzcKcGdncGYUY3BiEXNiZGhwYhdwZ2c8OzZwZ2dwZhRkcGcWcGdnNwpwZ2dwZhRlcGIRc2RhZGhwYhdwZ2cmcGdncGYUZHBnFnBnZzcKcGdncGYUZXBiEXNkYGxocGIXcGdnMGVwZ2dwZhRwZ2cjezIwIRc0ISEwJyxwZ2U8JnBnZTs6IXBnZTRwZ2UzIDs2ITw6O3BnZ3BnFnBnZzcKcGdncGYUZXBiEXNmZ2NocGAXcGIXcGdnN3BnZ3BmFGVwZxZwZ2cmcGdncGYUcGdnZHBnZ3BiEXBnFnBiF3BnZzdwZ2dwZhRlcGcWcGdnJnBnZ3BmFHBnZ2RwZ2dwYhFwYBFzYGdlaHBiF3BnZyVwZ2dwZhRwZ2cCPDtmZ3BnZ3BnFnBnZzlwZ2dwZhRwYBdwZ2cwO3gABnBnZ3BnFnBnZzA7cGdncGARcGcWcGdnPTZwZ2dwZhRhbXBnFnBnZyIyI3BnZ3BmFHBnZxgwJjRwZ2dwZxZwZ2ciMidwZ2dwZhRwZ2c5OSM4JTwlMHBnZ3BnFnBnZzcKcGdncGYUYWRwYhFzbWJhaHBiF3BnZyZwZ2dwZhRlcGcWcGdnMHBnZ3BmFHBnZwUgNzk8Nh4wLBYnMDEwOyE8NDlwZ2U8JnBnZTs6IXBnZTEwMzw7MDFwZ2dwZxZwZ2c3CnBnZ3BmFGVwYhE%3D\u0026cp=1\u0026gtm=-\u0026gac=-\u0026uvid=cafad457599635b7830aea17231b38ce2a1ba41e\u0026tb=1\u0026ich=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=1053\u0026mo=0\u0026pn=2334\u0026spn=1279\u0026sck=-\u0026fp=464\u0026f_mt=\u0026s_mt=\u0026t_mt=\u0026l_mt=\u0026m_mt=0"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.novostikqbne.click\r\ncontent-type: application/json\r\ndate: Tue, 02 Jun 2026 06:03:43 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"novostikqbne.click/favicon.ico","fqdn":"novostikqbne.click","domain":"novostikqbne.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://novostikqbne.click/","date":"2026-06-02T06:03:36.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sofooter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 May 2026 10:33:11 GMT","end":"Sun, 16 Aug 2026 10:33:10 GMT"},"fingerprint":{"sha1":"73:DB:4C:7E:3B:5D:09:11:E2:B1:9A:AC:DD:3D:1E:4C:F6:94:24:F6","sha256":"11:27:66:89:E1:D3:87:70:0D:89:C7:93:B7:A8:2F:BD:67:8F:3D:16:A3:43:F8:F4:B4:0A:11:40:58:4A:31:54"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: novostikqbne.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://novostikqbne.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":338,"timings":{"blocked":0,"dns":1,"connect":160,"send":0,"wait":0,"receive":0,"ssl":177},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bql.php?vgd_len=5525\u0026\u0026vgd_l2type=dmola\u0026fp=1bShOX6_IcwmizPz8rYZKZe3K8--bqx2cGSrNT0skh-eEtxXkFf7T5Y5eMOkr6X9pYuaaYYj50SwsQFLm_Lyq21uDfo0IDPGvDgRU_NzQRsoWrXw3n_i_wD5N0fWBFfoBwFwOxZ-H3U%3D\u0026cme=JkUtMYSHbhroJoLEV1P6ynnwWqe6olmonnf4wjdMKusBx-_ePCAq5aaFahpScRCvNLofpXrNy_MtDbt7SJCb7fS0p1rSwWqjr1H9rIiViBuzen6LR0VtyHQMbUqQKAWvmsg5euehUy0uOgCIahUivP87l8ihUmN9SiP-4ct71meht-QPdzs3avUQtNaXGAaiODL-KF_mE_G2khDAzzsfkgNwlsXS27nXAFASOejksGdf1kFwdJyG1hvHnR9E0Fb4z9ELE3GU8LE%3D%7C%7CWtJPvijWHRsfBv4nOZN-Vs0s0qvvEfG0%7CxDcVMoSqRIQDfv_JL75cx9XTaMeBamEKspei768oYTo-beB13aMmWw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7Cc-_FJbPIlnhwqJ_83OUa0Nd2fqVdcUBOEQm5x2kk4sdHVe0hfztLH6UYUlGDmpA_7cIvufH0qTyVWPjxVgZ31ya-GXztxgD9VSnIGKGae9EVW5VGvGy-muPPTfmbahD1CHrr5duPcQqGU2EcXPCE9aiLAstJ9zlpgnKrKRc3ZsJg_YPdVGzzzZCl3as2QJc-pfcUdPyZoDYLvnfJ0Lw7fcMXVlBSaExTYey_AXrHqs0ZZ1-d84USubSDS4J8BacAI5pNH4pcv8e0qM3UmIo-TY8wZCV8ppX4yiwAIHEyVC6AbCYvsYcO4rYIJUo5yU6xj6DCA9O__S_I729Mm1iHInIftDUghBBdnP9F1bdIzcmGvop3j9VU1-Xq2qsxA9oN3tjRNqfx2cyrng8KQ_URUsSl3FRTwBQ9ue2kwZ8L1CCHew0TCWX1UvxxxSEq2iRvlCpuE92keWjQ1YREMS4qQhGEjA3l7B35c6V-WJTdbqCuJB9iByMqx26YD_gS1Rgmixw1v-VCaTgx3QUMKtlSpbLK8nWAbUq9HKgmv6upPxzTXUgIZ9zPXa1td_iRptco77612GWxww2QF0o45ZAoYLtEeFwU8w4d6siErauS_IovTgJmY2WpsKBkByWTeE9UT16-_TBOY0U66ZM_Qwtt_RBZOpRAhB5yl9aarFC_A0uxCf3Yrw-03-4sLaogtYFL6_OQhyHGl2ZVtmtc4SV3Qngad9ptOzCZYcZAy0sbd6xBeOmTv5EOAgTDbq2icXGSdYWwju_ZBVVycPsaqVb7lqUhjEUdmoeqzRnm5ZiLOwU6sSmnrgPezN1u_RQAeabjraG9lEHRompgVqoopA4Y9kjsvlMGiZTeV1q9DbKMo1T0nEGztStcx3xIRsLuLvvOoVCjFOPk7YM%3D%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026ctst=Default\u0026ksu=360\u0026fdkt=362\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Sportske+Novosti\u0026kwt[]=362\u0026kbc[]=novosti\u0026kwp[]=1\u0026kid[]=26840960\u0026kbc2[]=akp%3D2%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D11.3997%7C7%3D0.0119%7C8%3D060202%7C13%3D0.0083%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79286190953610343393573994752\u0026kwd[]=Dakine+Backpacks\u0026kwt[]=362\u0026kbc[]=kine\u0026kwp[]=2\u0026kid[]=7591986\u0026kbc2[]=akp%3D11%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D24412%7Cclpr%3D0.786500%7Ccllvl%3D5%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79324876579838011527164592384\u0026kwd[]=Hrvatska%2C+Vijesti\u0026kwt[]=362\u0026kbc[]=novosti\u0026kwp[]=3\u0026kid[]=209333177\u0026kbc2[]=akp%3D4%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D85555%7Cclpr%3D0.565200%7Ccllvl%3D5%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79363562206065679660755190016\u0026kwd[]=Kine+Sports+Bar\u0026kwt[]=362\u0026kbc[]=kine\u0026kwp[]=4\u0026kid[]=16524473\u0026kbc2[]=akp%3D15%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D40076%7Cclpr%3D0.772300%7Ccllvl%3D5%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79402247832293347794345787648\u0026kwd[]=Louis+Vuitton+Bags\u0026kwt[]=362\u0026kbc[]=kine\u0026kwp[]=5\u0026kid[]=7591989\u0026kbc2[]=akp%3D7%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D7811%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D40179%7Cclpr%3D0.863000%7Ccllvl%3D1%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79228162514268841193188098304\u0026v=1\u0026gdpr=1\u0026geo=59.93%7C10.82\u0026lper=100\u0026vgde_sa_ijp=%7B%227E8O%22%3A9%2C%22L77%22%3Ak1jQJ%2C%22E-jM8zd%22%3Ak1jQJ%7D\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170764258\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=LJ1j78YJQJ1LNwLJQxj7Q.NmY\u0026cid=8CU6073RK\u0026vi=1780380221920541288\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=0\u0026vgd_tsce=L1248-S1248\u0026vgd_l3_sc=03\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=62307\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_intc_log=%7B%22impl_type%22%3A%22skp%22%2C%22xvip%22%3A%22208.91.196.46%22%7D\u0026vgd_ifrmode=14\u0026sbdrId=\u0026verid=\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2152792582145708008\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=3301\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001780380221515015326356485136\u0026rc=0\u0026rand=1780380222475\u0026acid=undefined\u0026matm=1780380222475\u0026vgde_ltimesrc=u\u0026vgde_ltime=hWW\u0026vgde_rtime=hhW\u0026vgde_etm=uX\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AX9W%2C%22QNLLQ71L7%22%3AfXA%2C%22QNLLLJzOJL%22%3Auh%2C%22QNLLJ-JN%22%3Afh%7D\u0026vgd_lhl=2347\u0026vgd_sbSup=1\u0026vgd_nrrs=62307\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-06-02T06:03:42.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 26 May 2026 18:21:12 GMT","end":"Mon, 24 Aug 2026 19:19:23 GMT"},"fingerprint":{"sha1":"8C:97:00:DB:02:53:A7:1D:41:E8:EA:C5:AB:03:19:FF:BF:30:6A:DF","sha256":"3A:CC:B8:B0:F1:D6:36:06:79:F1:62:23:A5:4D:87:F2:D8:A4:92:F2:C3:74:10:77:F4:C9:12:11:F8:E0:B7:ED"}}},"request":{"raw":"GET /bql.php?vgd_len=5525\u0026\u0026vgd_l2type=dmola\u0026fp=1bShOX6_IcwmizPz8rYZKZe3K8--bqx2cGSrNT0skh-eEtxXkFf7T5Y5eMOkr6X9pYuaaYYj50SwsQFLm_Lyq21uDfo0IDPGvDgRU_NzQRsoWrXw3n_i_wD5N0fWBFfoBwFwOxZ-H3U%3D\u0026cme=JkUtMYSHbhroJoLEV1P6ynnwWqe6olmonnf4wjdMKusBx-_ePCAq5aaFahpScRCvNLofpXrNy_MtDbt7SJCb7fS0p1rSwWqjr1H9rIiViBuzen6LR0VtyHQMbUqQKAWvmsg5euehUy0uOgCIahUivP87l8ihUmN9SiP-4ct71meht-QPdzs3avUQtNaXGAaiODL-KF_mE_G2khDAzzsfkgNwlsXS27nXAFASOejksGdf1kFwdJyG1hvHnR9E0Fb4z9ELE3GU8LE%3D%7C%7CWtJPvijWHRsfBv4nOZN-Vs0s0qvvEfG0%7CxDcVMoSqRIQDfv_JL75cx9XTaMeBamEKspei768oYTo-beB13aMmWw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7Cc-_FJbPIlnhwqJ_83OUa0Nd2fqVdcUBOEQm5x2kk4sdHVe0hfztLH6UYUlGDmpA_7cIvufH0qTyVWPjxVgZ31ya-GXztxgD9VSnIGKGae9EVW5VGvGy-muPPTfmbahD1CHrr5duPcQqGU2EcXPCE9aiLAstJ9zlpgnKrKRc3ZsJg_YPdVGzzzZCl3as2QJc-pfcUdPyZoDYLvnfJ0Lw7fcMXVlBSaExTYey_AXrHqs0ZZ1-d84USubSDS4J8BacAI5pNH4pcv8e0qM3UmIo-TY8wZCV8ppX4yiwAIHEyVC6AbCYvsYcO4rYIJUo5yU6xj6DCA9O__S_I729Mm1iHInIftDUghBBdnP9F1bdIzcmGvop3j9VU1-Xq2qsxA9oN3tjRNqfx2cyrng8KQ_URUsSl3FRTwBQ9ue2kwZ8L1CCHew0TCWX1UvxxxSEq2iRvlCpuE92keWjQ1YREMS4qQhGEjA3l7B35c6V-WJTdbqCuJB9iByMqx26YD_gS1Rgmixw1v-VCaTgx3QUMKtlSpbLK8nWAbUq9HKgmv6upPxzTXUgIZ9zPXa1td_iRptco77612GWxww2QF0o45ZAoYLtEeFwU8w4d6siErauS_IovTgJmY2WpsKBkByWTeE9UT16-_TBOY0U66ZM_Qwtt_RBZOpRAhB5yl9aarFC_A0uxCf3Yrw-03-4sLaogtYFL6_OQhyHGl2ZVtmtc4SV3Qngad9ptOzCZYcZAy0sbd6xBeOmTv5EOAgTDbq2icXGSdYWwju_ZBVVycPsaqVb7lqUhjEUdmoeqzRnm5ZiLOwU6sSmnrgPezN1u_RQAeabjraG9lEHRompgVqoopA4Y9kjsvlMGiZTeV1q9DbKMo1T0nEGztStcx3xIRsLuLvvOoVCjFOPk7YM%3D%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026ctst=Default\u0026ksu=360\u0026fdkt=362\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Sportske+Novosti\u0026kwt[]=362\u0026kbc[]=novosti\u0026kwp[]=1\u0026kid[]=26840960\u0026kbc2[]=akp%3D2%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D11.3997%7C7%3D0.0119%7C8%3D060202%7C13%3D0.0083%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79286190953610343393573994752\u0026kwd[]=Dakine+Backpacks\u0026kwt[]=362\u0026kbc[]=kine\u0026kwp[]=2\u0026kid[]=7591986\u0026kbc2[]=akp%3D11%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D24412%7Cclpr%3D0.786500%7Ccllvl%3D5%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79324876579838011527164592384\u0026kwd[]=Hrvatska%2C+Vijesti\u0026kwt[]=362\u0026kbc[]=novosti\u0026kwp[]=3\u0026kid[]=209333177\u0026kbc2[]=akp%3D4%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D85555%7Cclpr%3D0.565200%7Ccllvl%3D5%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79363562206065679660755190016\u0026kwd[]=Kine+Sports+Bar\u0026kwt[]=362\u0026kbc[]=kine\u0026kwp[]=4\u0026kid[]=16524473\u0026kbc2[]=akp%3D15%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D40076%7Cclpr%3D0.772300%7Ccllvl%3D5%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79402247832293347794345787648\u0026kwd[]=Louis+Vuitton+Bags\u0026kwt[]=362\u0026kbc[]=kine\u0026kwp[]=5\u0026kid[]=7591989\u0026kbc2[]=akp%3D7%7C%7Cfp%3Dna%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Cclid_fz%3D-2%7Cclid_serp%3D7811%7C24%3D0%7C25%3D0%7C22%3D8.0865%7C23%3D8.9299%7C7%3D0.0092%7C8%3D060202%7C13%3D0.0098%7C14%3D060203%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D40179%7Cclpr%3D0.863000%7Ccllvl%3D1%7Cokt%3D362%7Cbdkt%3D362\u0026ktd[]=79228162514268841193188098304\u0026v=1\u0026gdpr=1\u0026geo=59.93%7C10.82\u0026lper=100\u0026vgde_sa_ijp=%7B%227E8O%22%3A9%2C%22L77%22%3Ak1jQJ%2C%22E-jM8zd%22%3Ak1jQJ%7D\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170764258\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=LJ1j78YJQJ1LNwLJQxj7Q.NmY\u0026cid=8CU6073RK\u0026vi=1780380221920541288\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=0\u0026vgd_tsce=L1248-S1248\u0026vgd_l3_sc=03\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=62307\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_intc_log=%7B%22impl_type%22%3A%22skp%22%2C%22xvip%22%3A%22208.91.196.46%22%7D\u0026vgd_ifrmode=14\u0026sbdrId=\u0026verid=\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2152792582145708008\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=3301\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001780380221515015326356485136\u0026rc=0\u0026rand=1780380222475\u0026acid=undefined\u0026matm=1780380222475\u0026vgde_ltimesrc=u\u0026vgde_ltime=hWW\u0026vgde_rtime=hhW\u0026vgde_etm=uX\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AX9W%2C%22QNLLQ71L7%22%3AfXA%2C%22QNLLLJzOJL%22%3Auh%2C%22QNLLJ-JN%22%3Afh%7D\u0026vgd_lhl=2347\u0026vgd_sbSup=1\u0026vgd_nrrs=62307\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\ncontent-type: text/javascript\r\nexpires: Mon, 01 Jun 2026 06:03:42 GMT\r\npragma: no-cache\r\ntiming-allow-origin: *\r\ndate: Tue, 02 Jun 2026 06:03:42 GMT\r\ncontent-length: 15\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o5TtNaOTj9CVz1mTEh5nAe6k%2FFieTPKJy3kDFcQc45V7igB0R024nIO0nBfSaYhs1YDKvWqnSDXL%2B3QvgJUglqjL0r4lnfOVEc1oXZgmye9%2F9O95kOxojmhap4fJzUzwah3Ujl93sQ%3D%3D\"}]}\r\ncf-ray: a05441a6a9b2a0f0-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-06-03T16:56:56.398915Z","times_seen":189370,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bqi.php?vgd_len=1893\u0026\u0026vgd_aref=0\u0026vgd_tsce=L1248-S1248\u0026vgd_l2type=dmola\u0026vgd_ydspr=0\u0026vgd_cdv=O3269\u0026vgd_cage=0\u0026vgd_pgids=0\u0026vgd_pdtid=1\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026lf=3\u0026prid=8PR11258V\u0026cid=8CU6073RK\u0026crid=848515096\u0026requrl=http%3A%2F%2Fnovostikqbne.click\u0026vi=1780380221920541288\u0026ugd=4\u0026cc=NO\u0026sc=03\u0026gdpr=1\u0026vgd_acid=undefined\u0026hvsid=00001780380221515015326356485136\u0026cme=JkUtMYSHbhroJoLEV1P6ynnwWqe6olmonnf4wjdMKusBx-_ePCAq5aaFahpScRCvNLofpXrNy_MtDbt7SJCb7fS0p1rSwWqjr1H9rIiViBuzen6LR0VtyHQMbUqQKAWvmsg5euehUy0uOgCIahUivP87l8ihUmN9SiP-4ct71meht-QPdzs3avUQtNaXGAaiODL-KF_mE_G2khDAzzsfkgNwlsXS27nXAFASOejksGdf1kFwdJyG1hvHnR9E0Fb4z9ELE3GU8LE%3D%7C%7CWtJPvijWHRsfBv4nOZN-Vs0s0qvvEfG0%7CxDcVMoSqRIQDfv_JL75cx9XTaMeBamEKspei768oYTo-beB13aMmWw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7Cc-_FJbPIlnhwqJ_83OUa0Nd2fqVdcUBOEQm5x2kk4sdHVe0hfztLH6UYUlGDmpA_7cIvufH0qTyVWPjxVgZ31ya-GXztxgD9VSnIGKGae9EVW5VGvGy-muPPTfmbahD1CHrr5duPcQqGU2EcXPCE9aiLAstJ9zlpgnKrKRc3ZsJg_YPdVGzzzZCl3as2QJc-pfcUdPyZoDYLvnfJ0Lw7fcMXVlBSaExTYey_AXrHqs0ZZ1-d84USubSDS4J8BacAI5pNH4pcv8e0qM3UmIo-TY8wZCV8ppX4yiwAIHEyVC6AbCYvsYcO4rYIJUo5yU6xj6DCA9O__S_I729Mm1iHInIftDUghBBdnP9F1bdIzcmGvop3j9VU1-Xq2qsxA9oN3tjRNqfx2cyrng8KQ_URUsSl3FRTwBQ9ue2kwZ8L1CCHew0TCWX1UvxxxSEq2iRvlCpuE92keWjQ1YREMS4qQhGEjA3l7B35c6V-WJTdbqCuJB9iByMqx26YD_gS1Rgmixw1v-VCaTgx3QUMKtlSpbLK8nWAbUq9HKgmv6upPxzTXUgIZ9zPXa1td_iRptco77612GWxww2QF0o45ZAoYLtEeFwU8w4d6siErauS_IovTgJmY2WpsKBkByWTeE9UT16-_TBOY0U66ZM_Qwtt_RBZOpRAhB5yl9aarFC_A0uxCf3Yrw-03-4sLaogtYFL6_OQhyHGl2ZVtmtc4SV3Qngad9ptOzCZYcZAy0sbd6xBeOmTv5EOAgTDbq2icXGSdYWwju_ZBVVycPsaqVb7lqUhjEUdmoeqzRnm5ZiLOwU6sSmnrgPezN1u_RQAeabjraG9lEHRompgVqoopA4Y9kjsvlMGiZTeV1q9DbKMo1T0nEGztStcx3xIRsLuLvvOoVCjFOPk7YM%3D%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026fp=1bShOX6_IcwmizPz8rYZKZe3K8--bqx2cGSrNT0skh-eEtxXkFf7T5Y5eMOkr6X9pYuaaYYj50SwsQFLm_Lyq21uDfo0IDPGvDgRU_NzQRsoWrXw3n_i_wD5N0fWBFfoBwFwOxZ-H3U%3D\u0026vgd_rensize=1280_1024\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=830\u0026%21iCm=\u0026.Cm=\u00263~VCm=\u00269_3VV=A\u00269ey=\u0026Bm.V=A\u0026Bm.V~9qe=\u0026C9e~p=nFj%21GrLjS%3Ab5j%7Cw3nj%3AcDkWCKWKC%28WQ%28\u0026CqCm=H\u0026INVc=\u0026Im=\u0026JCm=nccDaLd~waL0iwa~m~wnLrmwAh0dhrdiDLrL\u0026Jphc=J93\u0026KBm=a\u0026Kq.39c=H\u0026Npqe.=H\u0026NqT.=H\u0026P.p.=\u0026Pi94~~43Z.=\u0026Pmq.V=\u0026Tee.q=A\u0026V3uKVp=Tee.%3A%2F%2F9JyJqeCIui93W~pC~I\u0026_q.h=H\u0026cq=\u0026eq~3=7A0an\u0026h.sK=\u0026hicpNCm=y0\u0026hmJ_hC9=\u0026hme0=\u0026hmeA=\u0026hmy=\u0026htmlsrc=1\u0026h~e=oEf8cB%2FdBVEdK%2F%299h99u3%2FccuEBV9hcO389\u0026i3=H\u0026iCm=\u0026iCmy0=\u0026ih3=\u0026imVfm=\u0026kkdd=H3%7Ch%7Cnu3H%2AA9\u0026m3~___=\u0026m_Vc=A\u0026p0eP.3=m_Jph\u0026qC83=AALaZtnD\u0026qimVfm=\u0026qqpm=%7B%22qq~~%22%3A%22%292%22%2C%22qq~eP%22%3A%22JqpJ%22%2C%22qqC.%22%3A%22%22%2C%22qqq~%22%3A%22Hd%22%2C%22qq8C.%22%3A%22%22%7D\u0026q~=Hd\u0026tpid=\u0026yC=ArnHdnH00AD0HLaA0nn\u0026~Cm=ns5tHrdX1\u0026~T9_0=Jqya4C9e~\u0026~T9_d=Do2ALRDar\u0026~VCm=nanLALHDt\u0026~e.Cm=\u0026~my=2d0tD\u0026~~=%292\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001780380221515015326356485136\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152792582145708008%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=ujEWXfWaMkRUjUzibKoT2SgpFN8z9RHLjRyShy1eiEawpF88-QvRS21sd7snJBYl4WFbPBtDxcZe5EIpwqzsRMQZgPJ-YUiTnLehiAljmOvEFTtLZDStnSQShSnxBGS4HUbz-bdx4PbSKfgoHOb-xUXhiDZEqmqTOe5kVqGb2E5BXQ8EdfNEMG7Dhk9W2jcxbyRcfpDFIGQ%3D\u0026tchkpts=%7B%22prel2%22%3A1780380221714%7D\u0026stime=1780380221714\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F%252521p%252521M%253Dg%2526%252521yn~T%253DXZh_oKEhi%25253Aqrh%25257CS9Xh%25253AmDte%252521WeW%252521%25252AeB%25252A%2526%252528%252521M%253D%2526%252529nn%252528p%253DI%25260%252521%253DIKXgsXgxxIDxgEwIxXX%252619.W1T%253D%252529nn%252528%25253A%25252F%25252Fyb0bpn%252521F.jy9e~T%252521~F%25264M%2525281%253DI%25264M%2525281~ypn%253D%25269~1%252521M%253D%2526FM%253D%2526FP1m%253D%2526Gp%252528N%253Dg%2526H%252528T%252528%253D%2526HMp%2525281%253D%2526HjyY~~Y97%252528%253D%2526M9~GGG%253D%2526N%252528lW%253D%2526NM0%253D%2526NMbGN%252521y%253D%2526NMnI%253D%2526NMnx%253D%2526NjmTP%252521M%253D0x%2526N~n%253DQd3Lm4%25252Fs41dsW%25252F5yNyy.9%25252Fmm.d41yNmf9Ly%2526PTpn%252528%253Dg%2526Pp%252529%252528%253Dg%2526TxnH%2525289%253DMGbTN%2526W4M%253Dw%2526Wp%2525289ym%253Dg%2526_j%252521M%253D%2526b%252521M%253DXmmDwEs~SwExjSw~M~SXEKMSINxsNKsjDEKE%2526bTNm%253Dby9%2526htmlsrc%253D1%2526j%252521M%253D%2526j%252521M0x%253D%2526j9%253Dg%2526jM13M%253D%2526jN9%253D%2526kkdd%253DuW%25257CW%25257CH9%25252Ahnu3A%2526mp%253D%2526np~9%253DuIxwX%2526p%252521L9%253DIIEw78XD%2526pjM13M%253D%2526ppTM%253D%25257B%252522pp~~%252522%25253A%2525225c%252522%25252C%252522pp~nH%252522%25253A%252522bpTb%252522%25252C%252522pp%252521%252528%252522%25253A%252522%252522%25252C%252522ppp~%252522%25253A%252522gs%252522%25252C%252522ppL%252521%252528%252522%25253A%252522%252522%25257D%2526p~%253Dgs%2526tpid%253D%2526yG911%253DI%2526yn0%253D%2526~%252521M%253DXlr8gKsOk%2526~%252529yGs%253DDQcIEADwK%2526~%252529yGx%253Dbp0wY%252521yn~%2526~1%252521M%253DXwXEIEgD8%2526~M0%253Dcsx8D%2526~n%252528%252521M%253D%2526~~%253D5c%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-06-02T06:03:43.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 26 May 2026 18:21:12 GMT","end":"Mon, 24 Aug 2026 19:19:23 GMT"},"fingerprint":{"sha1":"8C:97:00:DB:02:53:A7:1D:41:E8:EA:C5:AB:03:19:FF:BF:30:6A:DF","sha256":"3A:CC:B8:B0:F1:D6:36:06:79:F1:62:23:A5:4D:87:F2:D8:A4:92:F2:C3:74:10:77:F4:C9:12:11:F8:E0:B7:ED"}}},"request":{"raw":"GET /bqi.php?vgd_len=1893\u0026\u0026vgd_aref=0\u0026vgd_tsce=L1248-S1248\u0026vgd_l2type=dmola\u0026vgd_ydspr=0\u0026vgd_cdv=O3269\u0026vgd_cage=0\u0026vgd_pgids=0\u0026vgd_pdtid=1\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026lf=3\u0026prid=8PR11258V\u0026cid=8CU6073RK\u0026crid=848515096\u0026requrl=http%3A%2F%2Fnovostikqbne.click\u0026vi=1780380221920541288\u0026ugd=4\u0026cc=NO\u0026sc=03\u0026gdpr=1\u0026vgd_acid=undefined\u0026hvsid=00001780380221515015326356485136\u0026cme=JkUtMYSHbhroJoLEV1P6ynnwWqe6olmonnf4wjdMKusBx-_ePCAq5aaFahpScRCvNLofpXrNy_MtDbt7SJCb7fS0p1rSwWqjr1H9rIiViBuzen6LR0VtyHQMbUqQKAWvmsg5euehUy0uOgCIahUivP87l8ihUmN9SiP-4ct71meht-QPdzs3avUQtNaXGAaiODL-KF_mE_G2khDAzzsfkgNwlsXS27nXAFASOejksGdf1kFwdJyG1hvHnR9E0Fb4z9ELE3GU8LE%3D%7C%7CWtJPvijWHRsfBv4nOZN-Vs0s0qvvEfG0%7CxDcVMoSqRIQDfv_JL75cx9XTaMeBamEKspei768oYTo-beB13aMmWw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7Cc-_FJbPIlnhwqJ_83OUa0Nd2fqVdcUBOEQm5x2kk4sdHVe0hfztLH6UYUlGDmpA_7cIvufH0qTyVWPjxVgZ31ya-GXztxgD9VSnIGKGae9EVW5VGvGy-muPPTfmbahD1CHrr5duPcQqGU2EcXPCE9aiLAstJ9zlpgnKrKRc3ZsJg_YPdVGzzzZCl3as2QJc-pfcUdPyZoDYLvnfJ0Lw7fcMXVlBSaExTYey_AXrHqs0ZZ1-d84USubSDS4J8BacAI5pNH4pcv8e0qM3UmIo-TY8wZCV8ppX4yiwAIHEyVC6AbCYvsYcO4rYIJUo5yU6xj6DCA9O__S_I729Mm1iHInIftDUghBBdnP9F1bdIzcmGvop3j9VU1-Xq2qsxA9oN3tjRNqfx2cyrng8KQ_URUsSl3FRTwBQ9ue2kwZ8L1CCHew0TCWX1UvxxxSEq2iRvlCpuE92keWjQ1YREMS4qQhGEjA3l7B35c6V-WJTdbqCuJB9iByMqx26YD_gS1Rgmixw1v-VCaTgx3QUMKtlSpbLK8nWAbUq9HKgmv6upPxzTXUgIZ9zPXa1td_iRptco77612GWxww2QF0o45ZAoYLtEeFwU8w4d6siErauS_IovTgJmY2WpsKBkByWTeE9UT16-_TBOY0U66ZM_Qwtt_RBZOpRAhB5yl9aarFC_A0uxCf3Yrw-03-4sLaogtYFL6_OQhyHGl2ZVtmtc4SV3Qngad9ptOzCZYcZAy0sbd6xBeOmTv5EOAgTDbq2icXGSdYWwju_ZBVVycPsaqVb7lqUhjEUdmoeqzRnm5ZiLOwU6sSmnrgPezN1u_RQAeabjraG9lEHRompgVqoopA4Y9kjsvlMGiZTeV1q9DbKMo1T0nEGztStcx3xIRsLuLvvOoVCjFOPk7YM%3D%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026fp=1bShOX6_IcwmizPz8rYZKZe3K8--bqx2cGSrNT0skh-eEtxXkFf7T5Y5eMOkr6X9pYuaaYYj50SwsQFLm_Lyq21uDfo0IDPGvDgRU_NzQRsoWrXw3n_i_wD5N0fWBFfoBwFwOxZ-H3U%3D\u0026vgd_rensize=1280_1024\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\ncontent-type: text/javascript\r\nexpires: Mon, 01 Jun 2026 06:03:43 GMT\r\npragma: no-cache\r\ndate: Tue, 02 Jun 2026 06:03:43 GMT\r\ncontent-length: 15\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CX04wtwTxxhptKv8TBMyAaUj4nnWMTdGFsJS2%2BhxMWlGbn70x4J9khp20vbf%2B9mCyKbhnFe5XbgrKetnUmJfkOv8nYQQeq6E2rqhlCjKEK68IATphxj8iQk9PLisNQfC%2FkxKzxNhUQ%3D%3D\"}]}\r\ncf-ray: a05441acda47a0f0-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":15,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-06-03T16:56:56.398915Z","times_seen":189370,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.northwavepoint.com/mon","fqdn":"obseu.northwavepoint.com","domain":"northwavepoint.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.novostikqbne.click/","date":"2026-06-02T06:03:44.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.northwavepoint.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Sat, 09 May 2026 00:00:00 GMT","end":"Fri, 07 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:BC:A9:21:63:E0:B6:9A:20:C7:07:EC:3A:69:03:A1:17:C1:42:A4","sha256":"02:6B:C6:85:E6:24:7C:BE:F0:52:8D:76:04:40:96:61:C7:23:C2:DA:A4:38:F5:F9:19:BB:7C:6D:04:4E:7E:E7"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.northwavepoint.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2076\r\nOrigin: http://ww38.novostikqbne.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.novostikqbne.click/\r\nCookie: cg_uuid=0107018984d28fa8c052514de7de0866\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2076,"data":"e=37dfbd8ee84e001262eec43dea45889c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17070100b1eabfd72e30d69183042b3e18f6646541c2628b70cd16300423945201573c0c5b92bc631934aa67e260db4cf1976fa5553bf90d257c17c84ffe1fbe85ddcd34b0360eff60c4aa4b6c8b00235f6301da834035a227f1a2c4e95f32e203d6eb65b93edf75c4409d6279f0795abe57567a48db482eb8dfb7e400b623eb02d703bb487578a99571733a795d9b65908d6ea5576ea78cb3224c7a22d7862f30fdd91e4b7c1b39180aa48a32606f1bb6b81c389ea1e729c6b25f21492eaeaef4c7917fea8fdc5fe905cf0c6c67ccbecfe3f465908de5798b215084ebc32f1f17f46973bad55638fcd2e92ccb42bf4cad9b5f854cc3d1219b7e6ad5dd7e8324c28cbdeddcb3ba4a71e93daaa9ae7c433ebdcf71d2e113f01a1813dd5c5a85d2d98681fdc5688806fddefbc878ae242b7ac46f28d4ccc70067c0ef77ac11f7945dd62fef3d0c0b55c676e74dffc1bf59bf89338553a584f8cb64815e0423bd521747754c7dd1a76eb8058c8c8b64ebde60feb122d185e5e85689f0bf1f293ec6a95a44fab9025d0ee2c7e474ae2887f840fda272a076cb309553d61ccbac20da1327e5ae8e7b363f610236165517abe39071db02b646525e20f8b54bc385110cffbdc3a7b56cc3ebf8e18ff8aef657523df94f9aab5a66845f7818d167416c6af47bb36b1ec3eadd7e8d61d33996ad2cccd5118b2f4a78741076019ddee5dc347b5692184797d2c7bdf4ca1b78dcc7ec7cedb1130abc9b732e75ebd29c0f75a52d975e811be4379b11d3c811fabb2cb19ce2afe74f088c9b6709d32ad7deeab90a8e28714f5186625151afa25887ec17c29999ca55d3dae23a0a5f00ea5ae27bd516cfda18d4205f33037a2b6deb31e39d2117fd36d2adf529cb9b1cc8250ff0422d68c6b78f680fb928aad002d0052d121ee9793e88aed768c95f2288c54ef0cdd7fe9c509a00006007f87625529e98104efa61a5eccb2d93c1b34d0e2db060201416905403b3dbfc120c996270d38b951e8a87f8dd5323ba30bb006a4ade17752ac7da055d9987a0c4e8b713e23aa272c76785d644d6e7a66e6bb39a529acdacb8d6f7dedf2850dea57c028935d918c21d93a674ef8c989763b894b2a1a51224d3a290a7019402d71a047e002f9fc26e6ace6ff80189cc6bed4e68b7300b8d61a1926d2cf425245614dea1ab72db881b603b12728396cfb0802c9e07f6b0207dc5d9431a014124\u0026cri=DEgUmmUAs8\u0026sf=0\u0026dc=\u0026cp=3\u0026gtm=-\u0026gac=-\u0026uvid=cafad457599635b7830aea17231b38ce2a1ba41e\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=3057\u0026mo=0\u0026pn=4336\u0026spn=1279\u0026sck=-\u0026fp=464\u0026f_mt=\u0026s_mt=\u0026t_mt=\u0026l_mt=\u0026m_mt=0\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.novostikqbne.click\r\ncontent-type: application/json\r\ndate: Tue, 02 Jun 2026 06:03:45 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"obseu.northwavepoint.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}