{"report_id":"c43e239e-2a84-46b2-9684-3b48ccf3ecad","version":6,"status":"done","tags":[],"date":"2026-03-27T06:34:48Z","url":{"schema":"http","addr":"mail-track.knigolove.com.ua/sl/Nzc3MDU0MTo4MzIzMTU5/e5003df7bb516ac2712d4a1b5d940f40fc61ds9/","fqdn":"mail-track.knigolove.com.ua","domain":"knigolove.com.ua","tld":"com.ua"},"ip":{"addr":"188.40.60.215","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","fqdn":"surl.lu","domain":"surl.lu","tld":"lu"},"title":"Surli redirect page","dom":{"size":12151,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (515)","md5":"ac731a99ea7e6d345891bbe3a0f49993","sha1":"a8aa9f7f1f7bb3daa9c4c84aa6b337a6108690eb","sha256":"bcd366f51d9e9f8399f2b6d992d2cf87391afe4637e1540c17e384b2e2b15196","sha512":"5fb40aa41ebec330ca4232dbd4ba4894740d407efa908f031eabf081fecf2b928d1d2b3e1984b7662725c4f4c6aedb668a561bcd636a33b943420a1c7ac4abf7","ssdeep":"192:l5/mOG/eG/FTs/TZC2lCCUCRJgV5iR26Ng:7/mOG/eGtI/TY2sClRJgPiRvg","tlshash":"33421d7224f0186b01a3c5c567b56b4aafc6e50bc61f6941b2fe07d11fe6c83ee07568","dom_hash":"domhash9098ce449fa74caa5caa15c0a01bb26e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mail-track.knigolove.com.ua/sl/Nzc3MDU0MTo4MzIzMTU5/e5003df7bb516ac2712d4a1b5d940f40fc61ds9/","fqdn":"mail-track.knigolove.com.ua","domain":"knigolove.com.ua","tld":"com.ua"},"ip":{"addr":"188.40.60.215","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-01T06:34:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"surl.lu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"mail-track.knigolove.com.ua","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"mail-track.knigolove.com.ua","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"surl.li","ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":44461,"first_seen":"2014-02-25T07:36:20Z","last_seen":"2026-03-22T22:06:39.641543Z","alert_count":0,"request_count":9,"received_data":845781,"sent_data":4052,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"t0.gstatic.com","ip":{"addr":"172.217.20.164","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2013-05-06T20:22:05Z","last_seen":"2026-03-20T07:07:18.690157Z","alert_count":0,"request_count":1,"received_data":1426,"sent_data":547,"comment":"","tags":null,"fingerprints":null},{"fqdn":"web-screen.com","ip":{"addr":"172.67.192.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-08-29","domain_rank":1367715,"first_seen":"2022-09-03T06:37:52Z","last_seen":"2026-03-22T22:06:39.1592Z","alert_count":0,"request_count":2,"received_data":42279,"sent_data":912,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"surl.lu","ip":{"addr":"172.67.193.150","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":607659,"first_seen":"2025-02-18T15:01:35.564658Z","last_seen":"2026-03-25T06:32:06.357939Z","alert_count":16,"request_count":4,"received_data":556727,"sent_data":2585,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"www.google.com","ip":{"addr":"142.251.154.119","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2026-03-22T22:38:17.64832Z","alert_count":0,"request_count":1,"received_data":1060,"sent_data":733,"comment":"","tags":null,"fingerprints":null},{"fqdn":"mail-track.knigolove.com.ua","ip":{"addr":"46.4.94.80","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2015-12-18","domain_rank":0,"first_seen":"2024-12-16T22:28:26.221562Z","last_seen":"2026-01-22T12:20:21.924934Z","alert_count":2,"request_count":1,"received_data":13852,"sent_data":560,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-03-22T22:23:33.61086Z","alert_count":0,"request_count":1,"received_data":465305,"sent_data":428,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pagead2.googlesyndication.com","ip":{"addr":"142.251.38.98","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2003-01-21","domain_rank":610,"first_seen":"2012-05-21T07:15:40Z","last_seen":"2026-03-23T15:53:42.913873Z","alert_count":0,"request_count":1,"received_data":163130,"sent_data":455,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"surl.li/js/app.js","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d8a472bfaabee4826bc04811d12d8817","sha1":"391357f08af1d21f5a622f335dee8b98f9ad0232","sha256":"daa508ed5c947290ed09b90e2aba9d5926b25629fea1e4d8f3779c2988832823","sha512":"837273b4aa98a12a7d9835edc8e293321ef76f80db5d31c2e66cc448356ca392cab3508b6c962ba1616425d472ba26b7f565b5a8c69949a037fc9312b4854fca","ssdeep":"3072:uY65wNkj+GpYE7yd3nBXs+ucmHCdumj+qzGtL/mLzCQ:Nawuj+GN7yd3gt4umjyR/mv7","tlshash":"2024098d72c5b07243ab7066807f450bb23b1c9d980da018f699d4d97d78e8a623bf7d","size":218000,"data":"","first_seen":"2026-01-16T08:42:33.849321Z","last_seen":"2026-03-31T02:54:33.082631Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.li/js/ykw.js","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"252f999227b344b147926cb60484b993","sha1":"589cae256028bcdcb31e5bbf7b6f2d3611f75966","sha256":"400c3de130e8d280240bd0ebfcd6f69ecfe30187ca3fba2e81fd9ea311ea16e3","sha512":"c0d30cc3addc52f2e84b33703043e6d885f2c6c33e3780b326fec78e42fd9f11fb53bd0428aa27405098cbe78efb9dadc7e7b6e6390a5cbde31acaa43644826a","ssdeep":"1536:6ryAt7U53DhtPWdiM69ZGK5+4RzcUbxmyBWogfLsNApEjmUkocpPVIDTBGMEtc/U:mghLPYUlc/UHLycqv8YgLKP","tlshash":"dca3f9ddb2c6b06247a7717940bf540bf2366999680d8400f125e8e5bc78b8e923bf7d","size":107080,"data":"","first_seen":"2026-03-27T06:34:52.246023Z","last_seen":"2026-03-31T02:54:33.069859Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","fqdn":"surl.lu","domain":"surl.lu","tld":"lu"},"ip":{"addr":"172.67.193.150","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c0f166cf4c3e762b88802531c63b0795","sha1":"670b7ae49ea4c03d6f3a8d6fb1f9ec6914fd5cf7","sha256":"521f3d0dbd411ae6c7d972175a4c048f6dc35153e5191e9fdda37c167812ed9e","sha512":"da0e70db346049341222c84ecf5a44159aeba7ae026afd08f650d6dee2038a7417a70e92fb408ca1c177d5d1b8de37744c432733953e7f7296b49f9b36f8cd04","ssdeep":"","tlshash":"06d08c8c2a5b0c7161bb3a458b7f7200b4066123a1924e213d0fa3448f21e2bd744918","size":233,"data":"","first_seen":"2025-03-18T08:10:25.112948Z","last_seen":"2026-03-31T02:53:06.493742Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.li/js/preview.js","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4943a4d3f830d8282607b463ba973b4f","sha1":"cc5eb1ca8297bea977e1db4435aa7982e32b247f","sha256":"a1f7ee596eca803539ea908266b364c66802df81b88556b15a1e75211c4e6a80","sha512":"bab9b22cdb35b1399084ca343fba52de4020fc1ce6a3ab3deab2e51bc3e12ca686f8991712ceacdb599526edd16af5cb407322716a543c724c1527a54e3fc08c","ssdeep":"1536:ZryAt7U53DhtvLQdiM64ZGK5+LRzcUbxmyBWSguLsNAa1jYGXMWpP6cDoSbMEFQr:zgh1ruuGcWgbbc37Bv7YgyzF","tlshash":"15b309ddb2c6b06247a771b940bf550bf2362999680d8400f125e8e5bc78b4e923bf7d","size":108307,"data":"","first_seen":"2026-03-24T12:48:11.084716Z","last_seen":"2026-03-31T02:54:33.065143Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-1XMEBMTSWM","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"329f3ba66ce1f8dfcdeff97583cb3dfe","sha1":"b1d35f30f6685aa2632093b06b3e0d5a6752b454","sha256":"4c7962a830db3d3fa9a568a356e60f2bfa0e7811b8b9c1202ea7561f4b49d132","sha512":"6d65b7ed3523bc2815469a6893d691ec434acde6a01ed6c43e7e898617cc106e0062ea61049ba9e6758a5159e432d0ce389346f736ee4ebe1e69336b4065645a","ssdeep":"6144:t6ORjaFCE9VJlQGXHIzs8WVP1W+rwkQdqQtYTc0HdZgQ0:iCEfJlbIY8CmOp0","tlshash":"48a409ceb3d674615396e478903f01cba57b29e2b44cc8a6f189cce42e7465a4267f3c","size":464701,"data":"","first_seen":"2026-03-27T06:34:52.263029Z","last_seen":"2026-03-27T06:34:52.263029Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"surl.li/js/app.js","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:26.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.li","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Mar 2026 02:02:02 GMT","end":"Mon, 08 Jun 2026 03:02:00 GMT"},"fingerprint":{"sha1":"A9:51:E2:3E:79:5C:A8:64:B1:77:88:6B:04:2A:D3:BF:FF:79:36:D5","sha256":"9F:2D:B3:2F:5C:DF:15:B4:F8:8E:FF:4A:14:16:58:1F:1B:F1:4A:20:8D:B2:4D:35:94:1D:3B:5A:F0:4A:A3:6B"}}},"request":{"raw":"GET /js/app.js HTTP/1.1\r\nHost: surl.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:26 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Tue, 17 Feb 2026 08:49:07 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"69942b83-35390\"\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Authorization, Content-Type\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RemAsL2T1qPwyJmEx%2FPqsMVOyGoa%2FsI3DhMFRLhwlpZqYGbFcjqlWM21riNS1JtF%2BjzewJKVJfkmHjXv91opRHh0rGbItCkmUll7PL1UH4lf63OVSxJ7gVw%3D\"}]}\r\ncf-ray: 9e2c5e8d4aa6568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":218000,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65475)","md5":"d8a472bfaabee4826bc04811d12d8817","sha1":"391357f08af1d21f5a622f335dee8b98f9ad0232","sha256":"daa508ed5c947290ed09b90e2aba9d5926b25629fea1e4d8f3779c2988832823","sha512":"837273b4aa98a12a7d9835edc8e293321ef76f80db5d31c2e66cc448356ca392cab3508b6c962ba1616425d472ba26b7f565b5a8c69949a037fc9312b4854fca","ssdeep":"3072:uY65wNkj+GpYE7yd3nBXs+ucmHCdumj+qzGtL/mLzCQ:Nawuj+GN7yd3gt4umjyR/mv7","tlshash":"2024098d72c5b07243ab7066807f450bb23b1c9d980da018f699d4d97d78e8a623bf7d","first_seen":"2026-01-16T08:42:33.849321Z","last_seen":"2026-03-31T02:54:33.082631Z","times_seen":32,"resource_available":true,"data":null}},"time_used":261,"timings":{"blocked":66,"dns":30,"connect":1,"send":0,"wait":119,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.li/fonts/icons/surli/surl-icons.woff2?cjv3fr#iefix","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:27.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.li","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Mar 2026 02:02:02 GMT","end":"Mon, 08 Jun 2026 03:02:00 GMT"},"fingerprint":{"sha1":"A9:51:E2:3E:79:5C:A8:64:B1:77:88:6B:04:2A:D3:BF:FF:79:36:D5","sha256":"9F:2D:B3:2F:5C:DF:15:B4:F8:8E:FF:4A:14:16:58:1F:1B:F1:4A:20:8D:B2:4D:35:94:1D:3B:5A:F0:4A:A3:6B"}}},"request":{"raw":"GET /fonts/icons/surli/surl-icons.woff2?cjv3fr HTTP/1.1\r\nHost: surl.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://surl.lu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.li/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:27 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 4084\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Mar 2026 12:47:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"69c287dc-ff4\"\r\naccess-control-allow-origin: https://surl.lu\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Authorization, Content-Type\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tYB9ainZDkh2DELC2wOJB4%2FS3fkPBtF4khihNlrTkjr0U8t%2FHTKdky3onp%2BEW51a9ri%2BJBjgOuZoyKyz4yVPOqEP4e4cIKnG%2Bh470IqZqIiDflZJ62FcJFA%3D\"}]}\r\ncf-ray: 9e2c5e8efc86568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4084,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 4084, version 1.0","md5":"83b2e9b85b0905c4c03e19decebd20f9","sha1":"5d1db83dcc4b9f8a0b4c63b7237b166ad97dde10","sha256":"41fac2431a924d33a2175550360f1d86a34a95be7a82e6c44630fa594ebd2340","sha512":"5bedfe3b8bfd4222062fb1c0b6a1e86fb844a64a79d40b3fded8a8e334639390941009eed465fdf3400c1cc47e5280ebe7dc7ce335948d93632556b7e83dc33b","ssdeep":"","tlshash":"a6816dde0c1c1b07fa2aa975f1c826ef0ca03557a5e68e589e6c9b27055325281ff0e7","first_seen":"2025-08-02T02:52:28.998826Z","last_seen":"2026-03-31T02:54:33.066239Z","times_seen":97,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t0.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=https://www.google.com/search?sca_esv=9f0c11a6d5544012\u0026size=16#lrd=0x40d4d3bf1eac3895:0x5c9378e16f23e73e,3,,,,","fqdn":"t0.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.20.164","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:27.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:21:09 GMT","end":"Mon, 18 May 2026 18:21:08 GMT"},"fingerprint":{"sha1":"D5:23:F9:83:DE:D4:E8:AB:85:EF:63:D4:2C:6E:62:44:96:04:04:8E","sha256":"D3:04:E0:CB:3E:1B:51:D2:DD:21:AB:B5:3E:6D:E3:40:D7:D5:1E:07:D1:8A:BF:8C:CC:01:FC:AE:92:1F:69:2D"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=https://www.google.com/search?sca_esv=9f0c11a6d5544012\u0026size=16 HTTP/1.1\r\nHost: t0.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://surl.lu/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ncontent-location: https://ssl.gstatic.com/images/branding/googleg_gradient/2x/googleg_gradient_standard_192dp.png\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 542\r\ndate: Fri, 27 Mar 2026 06:34:27 GMT\r\nexpires: Fri, 03 Apr 2026 06:34:27 GMT\r\ncache-control: public, max-age=604800\r\nlast-modified: Sun, 07 Sep 2025 02:19:41 GMT\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":542,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"872491aabd1eb7245422bc502149d1bb","sha1":"0eb86cd549cbbc10cf9b840d0dab59fa215e02f3","sha256":"b56590020f4358262fc1bcf467f75b6d3780f02a385039b4c724ad6a46cb9f41","sha512":"d31ad22e343c30054ae3811b4ee5a14e1b95d06be81922dff09a7fe471de23c1917a8fa15b70873c75cfb737041ec473be857240c7b19fd9d926f08ef3a6b823","ssdeep":"","tlshash":"f6f0e1b22196bdaaac9e11f59be04161fa21955124e4823b0c4caca42532699c0c05cd","first_seen":"2025-09-30T07:16:28.271297Z","last_seen":"2026-03-27T06:34:52.240103Z","times_seen":6,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":77,"dns":28,"connect":8,"send":0,"wait":17,"receive":1,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web-screen.com/storage/screenshots/2026/03/71036b1a-2bb0-4554-b812-fe22e01d9f1d.png","fqdn":"web-screen.com","domain":"web-screen.com","tld":"com"},"ip":{"addr":"172.67.192.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:28.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web-screen.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Mar 2026 11:29:55 GMT","end":"Tue, 16 Jun 2026 12:27:02 GMT"},"fingerprint":{"sha1":"10:E1:CB:51:D5:2E:66:29:17:11:4F:2E:22:9F:A8:3E:8A:23:61:20","sha256":"56:9D:19:D2:C5:C4:4E:64:58:4D:48:15:50:56:66:00:C8:8B:97:5F:C6:15:2D:FE:DB:3E:BC:7F:7E:7E:23:A9"}}},"request":{"raw":"GET /storage/screenshots/2026/03/71036b1a-2bb0-4554-b812-fe22e01d9f1d.png HTTP/1.1\r\nHost: web-screen.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 27 Mar 2026 06:34:28 GMT\r\ncontent-type: image/png\r\ncontent-length: 27260\r\nlast-modified: Tue, 24 Mar 2026 09:30:30 GMT\r\npriority: u=4,i=?0\r\netag: \"69c259b6-6a7c\"\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\ncache-control: max-age=86400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DQ3W%2Bu3ONlBRkjo0VzvScWc%2BxLSq8sNK3KF8ffZ137l60DJt%2BseqVlwAdzOmlP8jtZ3Hmk6l7bfPbqxoalbBq%2BJepWEuCH2VaWA8gLvP81BpljCKPtPm57hbBua%2BM0Q22Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e2c5e970952c759-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27260,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 800 x 800, 8-bit/color RGB, non-interlaced","md5":"2a6e6e2f2ef6ecb77308d0c4e3529cba","sha1":"8feab085d20bf30aae94b0ba98c9a0c5706f2d98","sha256":"ae0ab6ad6de2852490148353540a2b597e77fd6124d9896bfda9cfcfefadf1fb","sha512":"786d14218a0e681c637c213ced149cbd2e459a779361b7950bc61be67df9c095d1acca17ed2db82786ed94d911ac845b5009c97cd38d6e3384a6ad1b3d1fae74","ssdeep":"384:byPuTAJPt3owMhhwm4OOCpPuimLyv4tVS9BNrsZA5SxQox4MWMpb0N2:GPGwF3oC3GGimy19BNI+SxQoxBW20c","tlshash":"00c25cccf4e72e55930c2a731a1647bb952f72590294cd34f28ac712b6fb386c7619a2","first_seen":"2026-03-27T06:34:52.243996Z","last_seen":"2026-03-27T06:34:52.243996Z","times_seen":1,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.li/img/surllu-logo.svg","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:26.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.li","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Mar 2026 02:02:02 GMT","end":"Mon, 08 Jun 2026 03:02:00 GMT"},"fingerprint":{"sha1":"A9:51:E2:3E:79:5C:A8:64:B1:77:88:6B:04:2A:D3:BF:FF:79:36:D5","sha256":"9F:2D:B3:2F:5C:DF:15:B4:F8:8E:FF:4A:14:16:58:1F:1B:F1:4A:20:8D:B2:4D:35:94:1D:3B:5A:F0:4A:A3:6B"}}},"request":{"raw":"GET /img/surllu-logo.svg HTTP/1.1\r\nHost: surl.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:26 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Mar 2026 12:47:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Authorization, Content-Type\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vlJ41cJbWzbS2mnlXywe9DekHsIOHaRaUXOPLT5%2F2OSJU20mdjbUhBjY6yXKEJVpElzTMEoKUmpWIPJAUfomCF0mtoVBT6YTYgPDoAnckKIIQ9h0nGz102g%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"69c287dc-392e\"\r\ncontent-encoding: br\r\ncf-ray: 9e2c5e8d4aa5568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14638,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2ec84522d8f26cdc4a7e8c7c5cb5e7a5","sha1":"b3311641e069064dd08f24b4ab6108905730a3e8","sha256":"91bf015a2807525bee44b7f7afd012bb5c20eb23f67a256a54668f536c2a76a5","sha512":"4e94f60c59b8f4f5f749f41f2584f6898a0113f11057c212156212f404c03a54baf29a39b45982ca4365cca70caa1cf7821fd7b53a13154e4c30b5169317d674","ssdeep":"384:OljeRdOoA6PH2tuclTTSF8CuhHGPf76KifH63uUUdbFdxjD9d:wqvOBm1gEj6K46eUidND9d","tlshash":"ad6294cc7fb687f4f950e2fa979264b4760b59e63a41c920c35a1d68b58050c6e3bccb","first_seen":"2025-02-18T15:01:40.574731Z","last_seen":"2026-03-31T02:53:06.491643Z","times_seen":36,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":68,"dns":0,"connect":0,"send":0,"wait":165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.li/js/ykw.js","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:26.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.li","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Mar 2026 02:02:02 GMT","end":"Mon, 08 Jun 2026 03:02:00 GMT"},"fingerprint":{"sha1":"A9:51:E2:3E:79:5C:A8:64:B1:77:88:6B:04:2A:D3:BF:FF:79:36:D5","sha256":"9F:2D:B3:2F:5C:DF:15:B4:F8:8E:FF:4A:14:16:58:1F:1B:F1:4A:20:8D:B2:4D:35:94:1D:3B:5A:F0:4A:A3:6B"}}},"request":{"raw":"GET /js/ykw.js HTTP/1.1\r\nHost: surl.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:26 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Mar 2026 12:47:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"69c287dc-1a248\"\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Authorization, Content-Type\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pSyGwuAcVRtgJW4jIOlDNCTvd%2B74cPpGHJirz2jZGy7dSxCA4Rq9%2Fn2FtqFB81BnGAQtE%2FPpHtCjyYvCKOLHjZ7HX%2BWBdATscbgspuS4szznYQCfp1hL5xA%3D\"}]}\r\ncf-ray: 9e2c5e8d5aa9568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":107080,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65473)","md5":"252f999227b344b147926cb60484b993","sha1":"589cae256028bcdcb31e5bbf7b6f2d3611f75966","sha256":"400c3de130e8d280240bd0ebfcd6f69ecfe30187ca3fba2e81fd9ea311ea16e3","sha512":"c0d30cc3addc52f2e84b33703043e6d885f2c6c33e3780b326fec78e42fd9f11fb53bd0428aa27405098cbe78efb9dadc7e7b6e6390a5cbde31acaa43644826a","ssdeep":"1536:6ryAt7U53DhtPWdiM69ZGK5+4RzcUbxmyBWogfLsNApEjmUkocpPVIDTBGMEtc/U:mghLPYUlc/UHLycqv8YgLKP","tlshash":"dca3f9ddb2c6b06247a7717940bf540bf2366999680d8400f125e8e5bc78b8e923bf7d","first_seen":"2026-03-27T06:34:52.246023Z","last_seen":"2026-03-31T02:54:33.069859Z","times_seen":4,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":64,"dns":27,"connect":3,"send":0,"wait":134,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.li/fonts/roboto/Roboto-Regular.woff2","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:27.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.li","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Mar 2026 02:02:02 GMT","end":"Mon, 08 Jun 2026 03:02:00 GMT"},"fingerprint":{"sha1":"A9:51:E2:3E:79:5C:A8:64:B1:77:88:6B:04:2A:D3:BF:FF:79:36:D5","sha256":"9F:2D:B3:2F:5C:DF:15:B4:F8:8E:FF:4A:14:16:58:1F:1B:F1:4A:20:8D:B2:4D:35:94:1D:3B:5A:F0:4A:A3:6B"}}},"request":{"raw":"GET /fonts/roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: surl.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://surl.lu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.li/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:27 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 50500\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Mar 2026 12:47:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"69c287dc-c544\"\r\naccess-control-allow-origin: https://surl.lu\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Authorization, Content-Type\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MtoZ0jG37XMqqpbh3L0OvAQORlJFHNwSmv22UBtN6HcCJ9787P2y6X5GDHMQmnPv345EUF2LK3T9Mbwv%2Fv9IbIOe5AthRzP2PZb3f7H8MIDZwCuDl9ekHtY%3D\"}]}\r\ncf-ray: 9e2c5e8efc82568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 50500, version 1.0","md5":"1efeecb22c1fa9be1b80b84c2bc17e90","sha1":"9c697b61864f8c8ae0ee8619c2abe682ea76df82","sha256":"119137e9432c2f78b8cb427d4e6beb54b6715bdbe09f94755e6cb3201cba73b7","sha512":"6d8e1a1c36e3f60ba12de22453d1c5af19758dedce0200c76d00bfb5f13e2f533311a2753ce38393fa34e46c46bfb464b89102588385df6b89144e95d9460a77","ssdeep":"1536:nILefiU0MM00YZcWH31MlHce4MWBYssplnDiQ/RQq+:nILWilMl2WHl5Mvnu8L+","tlshash":"2133020067d137998c0da5953b8bbe85d6d7ccee2d1e95c2584cef900977adea18f0c4","first_seen":"2024-01-24T08:51:56Z","last_seen":"2026-03-31T02:54:33.070875Z","times_seen":122,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":176,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.li/fonts/nunito/NunitoSans-Regular.woff2","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:27.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.li","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Mar 2026 02:02:02 GMT","end":"Mon, 08 Jun 2026 03:02:00 GMT"},"fingerprint":{"sha1":"A9:51:E2:3E:79:5C:A8:64:B1:77:88:6B:04:2A:D3:BF:FF:79:36:D5","sha256":"9F:2D:B3:2F:5C:DF:15:B4:F8:8E:FF:4A:14:16:58:1F:1B:F1:4A:20:8D:B2:4D:35:94:1D:3B:5A:F0:4A:A3:6B"}}},"request":{"raw":"GET /fonts/nunito/NunitoSans-Regular.woff2 HTTP/1.1\r\nHost: surl.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://surl.lu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.li/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:27 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 49860\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Mar 2026 12:47:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"69c287dc-c2c4\"\r\naccess-control-allow-origin: https://surl.lu\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Authorization, Content-Type\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T3iJcfcgsnTX7c35%2F8SaqOK0kzf6Nbn74%2Fdz7j2FyX2FRmeERqc9To%2FCkhKkcX0TsAPMptbiGZN2Pl28eJqyIRCYnnzqIPFJUMmJ4haSoo%2BPJ07X5NEYqZA%3D\"}]}\r\ncf-ray: 9e2c5e8efc83568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49860,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 49860, version 1.0","md5":"dbd8e68f1d076b0cf712adcc68693466","sha1":"3cb1db7f5c7a26bf19b7b69309d005174579cfca","sha256":"39013799c20464613b6d2160d33de634464e1801f4c80d294ae1ce3e15d955f4","sha512":"220ebd2a034b7bfda273062a03dc3b678f1a703a1c6e2025a2efb119038c13fe42fe1a969cff41ce284d0aa9b578b54b61c09638e8df11ffa2d83447b5c111ea","ssdeep":"768:v5nD5jn5w/ykRSfaMuxEeoSNgXDn5thcn5F0wkHK0pxVCy8SN/FshnkGz6A:v5nDJ5w/wfOK7qnj4KW8kF9CF","tlshash":"3023f1d0efac5b29c7cea376741c32c773f297ab92be0094c4b1b47942744659a8624b","first_seen":"2025-08-02T02:52:28.972263Z","last_seen":"2026-03-31T02:54:33.080526Z","times_seen":97,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":143,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.li/fonts/rubik/Rubik-Medium.woff2","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:27.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.li","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Mar 2026 02:02:02 GMT","end":"Mon, 08 Jun 2026 03:02:00 GMT"},"fingerprint":{"sha1":"A9:51:E2:3E:79:5C:A8:64:B1:77:88:6B:04:2A:D3:BF:FF:79:36:D5","sha256":"9F:2D:B3:2F:5C:DF:15:B4:F8:8E:FF:4A:14:16:58:1F:1B:F1:4A:20:8D:B2:4D:35:94:1D:3B:5A:F0:4A:A3:6B"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Medium.woff2 HTTP/1.1\r\nHost: surl.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://surl.lu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.li/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:27 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 40796\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Mar 2026 12:47:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"69c287dc-9f5c\"\r\naccess-control-allow-origin: https://surl.lu\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Authorization, Content-Type\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5HAH%2Fw5ZOa32mNcH05yUvTfYgFKt7VAzuPkqfHtzfjKbcb%2B5UqF6qD%2B97t%2FmTgYcO1ID8pSCLkG6ENvAjyOAMqPjPQCDy1ecszVXruZK89%2FAbYQ0e%2BlgM8I%3D\"}]}\r\ncf-ray: 9e2c5e8efc84568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40796, version 1.0","md5":"bf270b1e1a75dec8f87a5f9336c09fb9","sha1":"1de7e9766f41f77abf0c4bb313c5b67e5bd2b89e","sha256":"127f77bcea183d6ef8c2be83355c73ab113bc6c827d8ac6fe170d21e5c045f56","sha512":"9e198fc4a52cab0b32efe178d7cc9c61e1b79ce49ff5d8f7052d0109f086cbe5b2058be3860c757d257633127db492c9f8c5e283d54c6ee14696730924174777","ssdeep":"768:bbLKm9Wnxrh9U/AZvAra1qlqxlej0cD9cyd8XOPfjO7ydj:d9MoAtcaQlqxkAcDVuX2S7+j","tlshash":"0603f134b9baa51ccef40a3d60b5fc7a4b440ef44abb12a650a7611d61f7880ff095d1","first_seen":"2025-06-28T23:46:03.352382Z","last_seen":"2026-03-31T02:54:33.072761Z","times_seen":101,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.lu/getMetaInfo","fqdn":"surl.lu","domain":"surl.lu","tld":"lu"},"ip":{"addr":"172.67.193.150","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:27.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.lu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Mar 2026 19:31:28 GMT","end":"Wed, 24 Jun 2026 20:29:05 GMT"},"fingerprint":{"sha1":"77:3A:1D:D8:0D:F9:7F:37:01:16:76:B7:F8:E6:55:AA:D8:43:9D:88","sha256":"C5:CF:83:57:F3:00:38:1E:80:15:1B:4C:8E:AE:DF:8A:BF:78:DC:0A:51:24:35:26:79:96:21:0C:39:5B:A2:45"}}},"request":{"raw":"POST /getMetaInfo HTTP/1.1\r\nHost: surl.lu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-CSRF-TOKEN: \r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 408\r\nOrigin: https://surl.lu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut\r\nCookie: fingerprint=3992332955\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":408,"data":"url=https%3A%2F%2Fwww.google.com%2Fsearch%3Fsca_esv%3D9f0c11a6d5544012%26si%3DAMgyJEtREmoPL4P1I5IDCfuA8gybfVI2d5Uj7QMwYCZHKDZ-Ex92riBc4L-hhon5hNy8O_wzrKg-5Lr_bI50hgxvZBekT__KYZkuyGN_sRGXPHi6oz_srvlLnQG7ZaUeY1xSYIxfkV7E%26q%3DKnyholav%2BReviews%26sa%3DX%26ved%3D2ahUKEwi10-n02_GQAxVdSlUIHZtVDhgQ0bkNegQIJhAE%26biw%3D1536%26bih%3D695%26dpr%3D1.25%23lrd%3D0x40d4d3bf1eac3895%3A0x5c9378e16f23e73e%2C3%2C%2C%2C%2C"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ncontent-type: application/json\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nx-powered-by: PHP/8.2.27\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 06:34:28 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OfA9QEb84m8rCl5JvspXMApdw%2B%2BdhnEflOfQ%2BoD6YVgC4fa7nGbCsAyEiTODjBCSMfEYQzK8anqJIFUAGoZLFVJxlVCe1izDECUtVcui00%2BlTZeOBPkwmR0C\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e2c5e940fbb712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":52,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"12ceba98a2e9497f6aefd67d16d149fb","sha1":"572508263648d899e6b17c7c6c333dc3ffee2317","sha256":"482f22fca67460f0f2f749d9a781b40b47008d3f0f862b4bb3298c4e679f6231","sha512":"4b49d7bba9d7a5662846f3e991637b6cf204ec62309a8c42840b603d6a63b543adafecac7949ba87bf7105b0ced8669926cf0855e9a5525b5952b64bb5b79e5c","ssdeep":"","tlshash":"94900212a9655c1b025aa6611ca4544c6d69470a50a150406ca198952860dc5f4a1061","first_seen":"2026-03-27T06:34:52.248862Z","last_seen":"2026-03-27T06:34:52.248862Z","times_seen":1,"resource_available":false,"data":null}},"time_used":494,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":494,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"surl.lu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail-track.knigolove.com.ua/sl/Nzc3MDU0MTo4MzIzMTU5/e5003df7bb516ac2712d4a1b5d940f40fc61ds9/","fqdn":"mail-track.knigolove.com.ua","domain":"knigolove.com.ua","tld":"com.ua"},"ip":{"addr":"46.4.94.80","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-27T06:34:25.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail-track.knigolove.com.ua","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 23:13:52 GMT","end":"Sat, 02 May 2026 23:13:51 GMT"},"fingerprint":{"sha1":"B6:89:B8:04:6F:E9:28:61:A9:2E:07:2F:13:F0:16:05:97:E1:B5:35","sha256":"B5:90:21:C3:E9:2B:2F:81:84:62:03:22:24:8E:95:29:CE:67:61:B1:30:C7:88:5D:C8:0B:C3:43:44:EF:1B:71"}}},"request":{"raw":"GET /sl/Nzc3MDU0MTo4MzIzMTU5/e5003df7bb516ac2712d4a1b5d940f40fc61ds9/ HTTP/1.1\r\nHost: mail-track.knigolove.com.ua\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 06:34:26 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\naccept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List\r\npermissions-policy: ch-ua-model=(self), ch-ua-platform-version=(self), ch-ua-full-version-list=(self)\r\nlocation: https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13402,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":705,"timings":{"blocked":252,"dns":129,"connect":34,"send":0,"wait":200,"receive":0,"ssl":87},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"mail-track.knigolove.com.ua","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"mail-track.knigolove.com.ua","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"surl.li/js/preview.js","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:26.705Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.li","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Mar 2026 02:02:02 GMT","end":"Mon, 08 Jun 2026 03:02:00 GMT"},"fingerprint":{"sha1":"A9:51:E2:3E:79:5C:A8:64:B1:77:88:6B:04:2A:D3:BF:FF:79:36:D5","sha256":"9F:2D:B3:2F:5C:DF:15:B4:F8:8E:FF:4A:14:16:58:1F:1B:F1:4A:20:8D:B2:4D:35:94:1D:3B:5A:F0:4A:A3:6B"}}},"request":{"raw":"GET /js/preview.js HTTP/1.1\r\nHost: surl.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:26 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Mar 2026 12:47:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"69c287dc-1a713\"\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Authorization, Content-Type\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mj8BR4RLX1eDSXoL8s37U73Nx4CM9BbmYM8pmJWoJjAn%2F7CeI9zRVQzQlcCbtWQV%2B7PuCPLWmTZsarIGQg%2F9hcUbyvNtqxUCkI05zWnJXKNeOabIFOcWlaY%3D\"}]}\r\ncf-ray: 9e2c5e8d4aa2568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":108307,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65469)","md5":"4943a4d3f830d8282607b463ba973b4f","sha1":"cc5eb1ca8297bea977e1db4435aa7982e32b247f","sha256":"a1f7ee596eca803539ea908266b364c66802df81b88556b15a1e75211c4e6a80","sha512":"bab9b22cdb35b1399084ca343fba52de4020fc1ce6a3ab3deab2e51bc3e12ca686f8991712ceacdb599526edd16af5cb407322716a543c724c1527a54e3fc08c","ssdeep":"1536:ZryAt7U53DhtvLQdiM64ZGK5+LRzcUbxmyBWSguLsNAa1jYGXMWpP6cDoSbMEFQr:zgh1ruuGcWgbbc37Bv7YgyzF","tlshash":"15b309ddb2c6b06247a771b940bf550bf2362999680d8400f125e8e5bc78b4e923bf7d","first_seen":"2026-03-24T12:48:11.084716Z","last_seen":"2026-03-31T02:54:33.065143Z","times_seen":5,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":59,"dns":27,"connect":3,"send":0,"wait":145,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.lu/js/trans/global.json","fqdn":"surl.lu","domain":"surl.lu","tld":"lu"},"ip":{"addr":"172.67.193.150","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:27.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.lu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Mar 2026 19:31:28 GMT","end":"Wed, 24 Jun 2026 20:29:05 GMT"},"fingerprint":{"sha1":"77:3A:1D:D8:0D:F9:7F:37:01:16:76:B7:F8:E6:55:AA:D8:43:9D:88","sha256":"C5:CF:83:57:F3:00:38:1E:80:15:1B:4C:8E:AE:DF:8A:BF:78:DC:0A:51:24:35:26:79:96:21:0C:39:5B:A2:45"}}},"request":{"raw":"GET /js/trans/global.json HTTP/1.1\r\nHost: surl.lu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut\r\nCookie: fingerprint=3992332955\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 27 Mar 2026 06:34:28 GMT\r\ncontent-type: application/json\r\nlast-modified: Tue, 24 Mar 2026 12:47:24 GMT\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\netag: W/\"69c287dc-83d74\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1pskmbAzxxdr2mxbqu3834pWdyzrd8%2B6VG0ibnFveDc593D7pR4mMsxiOZx7WEed1KxWzek7ENTRV6kpCMoV4ZkXSZsT1v2DUxTHzSFbd3wxez0q7eAMsvzy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e2c5e93ffb7712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":540020,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"a190fc8575083cbf2a1dc5ef1c89c4c4","sha1":"bf9c695974e1f718b4add7db50370dde93a1ce7a","sha256":"7fd4723efef02eb501bb32d3cc15faf5fc3c3e61100ff5405c623528c89e3e4a","sha512":"35ed34fc4195dca50ab5701435a1ace98c5a434d76e978020edb33e3a16ccbb87ea6cfcdcf021549b872dce1d44fd7a751233072d530be17c38f161396e00908","ssdeep":"12288:TCQP4/mdW6TgbzHm+EWOc03tBIhAweEJhoDuKiGbl:TCQP4/mdW6TgbzHm+EWOc03tBIhAwY","tlshash":"85b484d7e3f222ad158431e1ea76aedcb1949c61c110c73fccbe4acfc159610a276b99","first_seen":"2026-01-22T17:54:36.964658Z","last_seen":"2026-03-31T02:54:33.081587Z","times_seen":30,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":240,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"surl.lu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"surl.li/css/app.css","fqdn":"surl.li","domain":"surl.li","tld":"li"},"ip":{"addr":"172.67.69.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:26.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.li","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Mar 2026 02:02:02 GMT","end":"Mon, 08 Jun 2026 03:02:00 GMT"},"fingerprint":{"sha1":"A9:51:E2:3E:79:5C:A8:64:B1:77:88:6B:04:2A:D3:BF:FF:79:36:D5","sha256":"9F:2D:B3:2F:5C:DF:15:B4:F8:8E:FF:4A:14:16:58:1F:1B:F1:4A:20:8D:B2:4D:35:94:1D:3B:5A:F0:4A:A3:6B"}}},"request":{"raw":"GET /css/app.css HTTP/1.1\r\nHost: surl.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:26 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 25 Feb 2026 15:21:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"699f1366-3bf5a\"\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Authorization, Content-Type\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VVomeCxvgh9ZB2KO3C2BJ9WvO7gEXEOxfJd%2BXshIwc7Xrf1hvHi9Pn%2BmOkzI5sdcw%2Fd2lbe1cej298ciXmo8w3pjzqMBYoRaZVO56K1AwGWtlcAEzz3A1U8%3D\"}]}\r\ncf-ray: 9e2c5e8d5aaa568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":245594,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65305)","md5":"b9075b81b05b362a4ca7ae8c521b6e34","sha1":"7bf07973ad6c4f2fe6e5095d76c5764e533d1394","sha256":"ddecb03d752517e1d74ed1217a47e5264a7669fdabdbb655a092d493a06e9143","sha512":"7b21ded9c15a4f1e36aae3ce6743e72ccf1e7c16dd3fa61737b1f97004721547231c2ffbf5e824b17b724e5b42ec0cd46e8e275450dc4afe6facf8b1fa20f804","ssdeep":"1536:6XdeklE52AWwDEBi8QGc3JE7f0/GJTq3SYiLENM6HN26UrOJOzUJOJOJ+z4/3gEb:6Xb0uNq3SYiLENM6HN26Ur2gEb","tlshash":"b634d7a2f592202eb213c1667990ba6dd61f5041d7564fbbf02b3778c6e61c62933f38","first_seen":"2026-02-28T07:23:12.977531Z","last_seen":"2026-03-31T02:54:33.088241Z","times_seen":15,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":73,"dns":36,"connect":3,"send":0,"wait":125,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web-screen.com/img/plug.jpg","fqdn":"web-screen.com","domain":"web-screen.com","tld":"com"},"ip":{"addr":"172.67.192.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:26.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web-screen.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Mar 2026 11:29:55 GMT","end":"Tue, 16 Jun 2026 12:27:02 GMT"},"fingerprint":{"sha1":"10:E1:CB:51:D5:2E:66:29:17:11:4F:2E:22:9F:A8:3E:8A:23:61:20","sha256":"56:9D:19:D2:C5:C4:4E:64:58:4D:48:15:50:56:66:00:C8:8B:97:5F:C6:15:2D:FE:DB:3E:BC:7F:7E:7E:23:A9"}}},"request":{"raw":"GET /img/plug.jpg HTTP/1.1\r\nHost: web-screen.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:26 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13510\r\nserver: cloudflare\r\nlast-modified: Mon, 29 Aug 2022 13:27:44 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"630cbed0-34c6\"\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\ncache-control: max-age=86400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4EGNVKajkbXfYWjw7USsKXEp30%2FnNXing9Q4EB%2FrY9wbF2%2FHxBKPYWdCpP4OcmSbac6kGfxrIfr8KBwbqYg7bmgOsMWnmsmjPm%2BMu0QjByE4XhXY%2BqvePv1pT2%2Bkln7juw%3D%3D\"}]}\r\ncf-ray: 9e2c5e8d5d123181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13510,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1280 x 720, 8-bit/color RGB, non-interlaced","md5":"6448aca5739995f3b9c1b3c5e50ce7a0","sha1":"f50fa07327f55f864a42698fd8fa86270f35da9b","sha256":"856f999ea580bfa2f03ce5872b848246a66492f17675693e2f429938250d231a","sha512":"75bb6f28ac72ff035a986b9fdf531b28516ee87e9f7ef0723c5cabb09425369b0a4f94e05da23fb9cbfd8864e3e543adee149945725c6884a37de86a185bd160","ssdeep":"192:mEQqVknSxJqTz2u3t6CQsubTdjf9G9hgSctIiVhdGSo2:mrqmnSfqTwFbFnhISo2","tlshash":"43520188bab56e65c43ca7ac34eb172d30f3df0475c1fe9d8b5c0d115bca4aa8b06598","first_seen":"2023-05-08T15:49:55Z","last_seen":"2026-03-31T02:54:33.063616Z","times_seen":268,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":76,"dns":35,"connect":5,"send":0,"wait":113,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-1XMEBMTSWM","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:26.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:19:44 GMT","end":"Mon, 18 May 2026 18:19:43 GMT"},"fingerprint":{"sha1":"5D:21:36:26:B5:1D:67:14:0D:6A:68:D3:7C:EB:39:6E:A1:45:8C:29","sha256":"BC:A5:DD:5A:08:3A:33:49:76:BB:EB:18:9C:45:17:80:A1:3E:31:5F:BA:F9:93:28:C7:76:A0:97:FF:E9:3F:1C"}}},"request":{"raw":"GET /gtag/js?id=G-1XMEBMTSWM HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 27 Mar 2026 06:34:26 GMT\r\nexpires: Fri, 27 Mar 2026 06:34:26 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 154456\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":464701,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"329f3ba66ce1f8dfcdeff97583cb3dfe","sha1":"b1d35f30f6685aa2632093b06b3e0d5a6752b454","sha256":"4c7962a830db3d3fa9a568a356e60f2bfa0e7811b8b9c1202ea7561f4b49d132","sha512":"6d65b7ed3523bc2815469a6893d691ec434acde6a01ed6c43e7e898617cc106e0062ea61049ba9e6758a5159e432d0ce389346f736ee4ebe1e69336b4065645a","ssdeep":"6144:t6ORjaFCE9VJlQGXHIzs8WVP1W+rwkQdqQtYTc0HdZgQ0:iCEfJlbIY8CmOp0","tlshash":"48a409ceb3d674615396e478903f01cba57b29e2b44cc8a6f189cce42e7465a4267f3c","first_seen":"2026-03-27T06:34:52.263029Z","last_seen":"2026-03-27T06:34:52.263029Z","times_seen":1,"resource_available":true,"data":null}},"time_used":304,"timings":{"blocked":95,"dns":1,"connect":21,"send":0,"wait":43,"receive":61,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=https://www.google.com/search?sca_esv=9f0c11a6d5544012\u0026si=AMgyJEtREmoPL4P1I5IDCfuA8gybfVI2d5Uj7QMwYCZHKDZ-Ex92riBc4L-hhon5hNy8O_wzrKg-5Lr_bI50hgxvZBekT__KYZkuyGN_sRGXPHi6oz_srvlLnQG7ZaUeY1xSYIxfkV7E\u0026q=Knyholav+Reviews\u0026sa=X\u0026ved=2ahUKEwi10-n02_GQAxVdSlUIHZtVDhgQ0bkNegQIJhAE\u0026biw=1536\u0026bih=695\u0026dpr=1.25#lrd=0x40d4d3bf1eac3895:0x5c9378e16f23e73e,3,,,,","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.251.154.119","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:27.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:21:55 GMT","end":"Mon, 18 May 2026 18:21:54 GMT"},"fingerprint":{"sha1":"EA:E6:47:26:9A:0B:B3:6C:6B:AE:E8:B9:D6:BC:75:92:2C:FE:B8:ED","sha256":"5F:49:E5:ED:4A:20:39:8A:4E:34:2D:41:2D:FE:BF:2A:79:ED:E6:DF:13:0A:2A:AD:38:8B:BC:21:9A:73:31:20"}}},"request":{"raw":"GET /s2/favicons?domain=https://www.google.com/search?sca_esv=9f0c11a6d5544012\u0026si=AMgyJEtREmoPL4P1I5IDCfuA8gybfVI2d5Uj7QMwYCZHKDZ-Ex92riBc4L-hhon5hNy8O_wzrKg-5Lr_bI50hgxvZBekT__KYZkuyGN_sRGXPHi6oz_srvlLnQG7ZaUeY1xSYIxfkV7E\u0026q=Knyholav+Reviews\u0026sa=X\u0026ved=2ahUKEwi10-n02_GQAxVdSlUIHZtVDhgQ0bkNegQIJhAE\u0026biw=1536\u0026bih=695\u0026dpr=1.25 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t0.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=https://www.google.com/search?sca_esv=9f0c11a6d5544012\u0026size=16\r\ncontent-type: text/html; charset=UTF-8\r\nx-content-type-options: nosniff\r\ndate: Fri, 27 Mar 2026 06:34:27 GMT\r\nexpires: Fri, 27 Mar 2026 07:04:27 GMT\r\ncache-control: public, max-age=1800\r\nserver: sffe\r\ncontent-length: 367\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":542,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":55,"dns":0,"connect":8,"send":0,"wait":18,"receive":2,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.lu/getPreview","fqdn":"surl.lu","domain":"surl.lu","tld":"lu"},"ip":{"addr":"172.67.193.150","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:27.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.lu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Mar 2026 19:31:28 GMT","end":"Wed, 24 Jun 2026 20:29:05 GMT"},"fingerprint":{"sha1":"77:3A:1D:D8:0D:F9:7F:37:01:16:76:B7:F8:E6:55:AA:D8:43:9D:88","sha256":"C5:CF:83:57:F3:00:38:1E:80:15:1B:4C:8E:AE:DF:8A:BF:78:DC:0A:51:24:35:26:79:96:21:0C:39:5B:A2:45"}}},"request":{"raw":"POST /getPreview HTTP/1.1\r\nHost: surl.lu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-CSRF-TOKEN: \r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 408\r\nOrigin: https://surl.lu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut\r\nCookie: fingerprint=3992332955\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":408,"data":"url=https%3A%2F%2Fwww.google.com%2Fsearch%3Fsca_esv%3D9f0c11a6d5544012%26si%3DAMgyJEtREmoPL4P1I5IDCfuA8gybfVI2d5Uj7QMwYCZHKDZ-Ex92riBc4L-hhon5hNy8O_wzrKg-5Lr_bI50hgxvZBekT__KYZkuyGN_sRGXPHi6oz_srvlLnQG7ZaUeY1xSYIxfkV7E%26q%3DKnyholav%2BReviews%26sa%3DX%26ved%3D2ahUKEwi10-n02_GQAxVdSlUIHZtVDhgQ0bkNegQIJhAE%26biw%3D1536%26bih%3D695%26dpr%3D1.25%23lrd%3D0x40d4d3bf1eac3895%3A0x5c9378e16f23e73e%2C3%2C%2C%2C%2C"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ncontent-type: application/json\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nx-powered-by: PHP/8.2.27\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 06:34:28 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UpnzfPvhQ8VvxKgQpiFnDK1BQCaNAx90thUD063OHnOvQ2ZW%2FOdQd%2Fs4P73oH5qraq9MhqEtGcY%2F94jUA9rd1P2cCR1AKg%2FXl2oBqq3Y%2BJvC4Fc1uxifm5FJ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e2c5e940fba712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":100,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"0d63dbfdec8dbd01f98b3e867e7294cd","sha1":"681f3bf527db79df88ca5198dbdd92b2359a90b7","sha256":"00ce4c863dd173666753354aadb2e31ce736ecdc3b0340ef82dbbbb8a0bb4f2e","sha512":"69785477299d7c2a62491ffdd14fe046ee2dff3a73186e6d2dd7c09b1324d6cf8d1f7ebfc870315858cb1ed9a620662aa3988ab387a1e3712103310ad8533efe","ssdeep":"","tlshash":"cab012eba441d131948cc7de640eb48b0a226039e06ce0c36c33a434a50ee5a7326281","first_seen":"2026-03-27T06:34:52.264837Z","last_seen":"2026-03-27T06:34:52.264837Z","times_seen":1,"resource_available":false,"data":null}},"time_used":471,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":471,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"surl.lu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagead2.googlesyndication.com/pagead/js/adsbygoogle.js","fqdn":"pagead2.googlesyndication.com","domain":"googlesyndication.com","tld":"com"},"ip":{"addr":"142.251.38.98","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","date":"2026-03-27T06:34:28.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.g.doubleclick.net","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:19:43 GMT","end":"Mon, 18 May 2026 18:19:42 GMT"},"fingerprint":{"sha1":"21:A2:E6:EE:4C:99:51:30:B3:D1:47:40:21:C6:D3:C7:53:15:76:90","sha256":"2F:9C:8D:95:47:FE:81:36:B3:00:2A:CA:41:C9:76:97:65:0D:06:A5:9B:80:76:2E:E4:31:1D:8D:BD:8F:C8:98"}}},"request":{"raw":"GET /pagead/js/adsbygoogle.js HTTP/1.1\r\nHost: pagead2.googlesyndication.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://surl.lu/\r\nOrigin: https://surl.lu\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nlink: \u003chttps://googleads.g.doubleclick.net\u003e; rel=\"preconnect\"; crossorigin\r\nvary: Accept-Encoding\r\ndate: Fri, 27 Mar 2026 06:34:28 GMT\r\nexpires: Fri, 27 Mar 2026 06:34:28 GMT\r\ncache-control: private, max-age=3600, stale-while-revalidate=3600\r\ncontent-type: text/javascript; charset=UTF-8\r\netag: 2571483134342121410\r\naccess-control-allow-origin: *\r\nx-content-type-options: nosniff\r\ncontent-disposition: attachment; filename=\"f.txt\"\r\ncontent-encoding: br\r\nserver: cafe\r\ncontent-length: 55741\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":162340,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4816)","md5":"23e83feb5e923c100965695672221411","sha1":"72435389a05e519172b6ce2908eb0d4ce82ab974","sha256":"115ffa2f2d88de37e08b747e57926b8aa59cbde916df06f32c59478f4a756cce","sha512":"ab3d86a3bdd5bc7155a98db8be48f8ab2c64ddade33df12fbd26a78c35138ced7c7ceeeff4fa2a19e78e3058a210530b711494be65c41475b1f7f2944dea653e","ssdeep":"3072:hb+jbFNci1ZPTYRUxUt683vjfqcLr1zSPlQtVzaaSeMUIyvzniy774Gp3ROovYX+:hb+jbDcQtTYRUxUB3vjfrr1mlQjzXd/H","tlshash":"fff30a9a7192bcb3876389e5406f0107b42d9863f40cc8b0f2d8ded97a649759277fac","first_seen":"2026-03-27T06:34:52.267024Z","last_seen":"2026-03-27T06:34:52.267024Z","times_seen":1,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":78,"dns":4,"connect":20,"send":0,"wait":44,"receive":34,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"surl.lu/ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut","fqdn":"surl.lu","domain":"surl.lu","tld":"lu"},"ip":{"addr":"172.67.193.150","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-27T06:34:26.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"surl.lu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Mar 2026 19:31:28 GMT","end":"Wed, 24 Jun 2026 20:29:05 GMT"},"fingerprint":{"sha1":"77:3A:1D:D8:0D:F9:7F:37:01:16:76:B7:F8:E6:55:AA:D8:43:9D:88","sha256":"C5:CF:83:57:F3:00:38:1E:80:15:1B:4C:8E:AE:DF:8A:BF:78:DC:0A:51:24:35:26:79:96:21:0C:39:5B:A2:45"}}},"request":{"raw":"GET /ohctmz?utm_source=sendpulse\u0026utm_medium=email\u0026utm_campaign=ts-vesni-vs-zavantazhuyut HTTP/1.1\r\nHost: surl.lu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 06:34:26 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: PHP/8.2.27\r\ncache-control: no-cache, private\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=atOJij%2FHN2c9YTTWWqX4tfsmsydwGAjh9CPLad7Z7%2FXggi95GDL60vidrq7JhIb3BI%2BIDvdUeEWVqN0m93v90J%2BL%2FNKGhygIdz9WAytFuhN9%2F5R0LjgEtR1J\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9e2c5e8a0c421525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":13402,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (469)","md5":"9547a6fc78f37c56ac1cfef47f0133bb","sha1":"87875a3c549bc0f5ecf1e17e0107d3c974226c87","sha256":"6e36c75191b8a396ba96c38581cf6c54c76c120a78a5b5922b64617541234afb","sha512":"a550093fe409bc43eebda52f0b5b3639db045ac85b96cf03e31e48298e32d0e1bd62d52b30b5e4e730c126aad28c37151b15fd29cada7c04d1c0a4582117f44f","ssdeep":"192:lR/LnG/4SFTy/bzzCoxkCm4CTbgF5wHTvu:T/LnG/Lm/3WoHmBTbgfwzvu","tlshash":"f052fb7224f0186b01a3c4c46bb56b4aafc5e54bc61fa541b2fe07c51fe6c93ee07568","first_seen":"2026-03-27T06:34:52.268415Z","last_seen":"2026-03-27T06:34:52.268415Z","times_seen":1,"resource_available":true,"data":null}},"time_used":354,"timings":{"blocked":61,"dns":41,"connect":1,"send":0,"wait":231,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"surl.lu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"surl.lu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}