{"report_id":"1b032ddb-bee0-45bb-a067-c9e4b1096d13","version":6,"status":"done","tags":[],"date":"2025-11-20T05:34:15Z","url":{"schema":"http","addr":"rcreaambientes.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=9574799","fqdn":"rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"216.245.214.84","port":0,"asn":46475,"as":"LIMESTONENETWORKS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"title":"rcreaambientes.com","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"rcreaambientes.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=9574799","fqdn":"rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"216.245.214.84","port":0,"asn":46475,"as":"LIMESTONENETWORKS","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-25T05:34:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-20T05:33:53Z","timestamp":1763616833,"ip_dst":{"addr":"172.18.0.9","port":60678,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-11-20T05:33:53.519571+0000\",\"flow_id\":957965213442315,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.251.101.162\",\"src_port\":443,\"dest_ip\":\"172.18.0.9\",\"dest_port\":60678,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.youstarsbuilding.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"6C:EE:31:86:12:67:B1:E5:51:37:5E:5B:1B:EE:91:82\",\"fingerprint\":\"6c:59:6d:db:78:b9:e1:f6:65:4d:54:40:d6:2a:a6:bf:73:06:95:7d\",\"sni\":\"obseu.youstarsbuilding.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-10-14T00:00:00\",\"notafter\":\"2026-01-12T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"80d47c47e3ce91bc3bd0a026dbd1664d\",\"string\":\"771,49196,5-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1219,\"bytes_toclient\":3929,\"start\":\"2025-11-20T05:33:53.401675+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"ww1.rcreaambientes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"ww1.rcreaambientes.com","ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2025-09-21","domain_rank":0,"first_seen":"2025-11-20T05:34:15.586726Z","last_seen":"2025-11-20T05:34:15.586726Z","alert_count":3,"request_count":3,"received_data":10848,"sent_data":1706,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"euob.youstarsbuilding.com","ip":{"addr":"54.240.174.43","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2022-08-01","domain_rank":2095641,"first_seen":"2023-10-25T16:14:24Z","last_seen":"2025-11-14T13:50:15.011624Z","alert_count":0,"request_count":1,"received_data":120403,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"obseu.youstarsbuilding.com","ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2022-08-01","domain_rank":1721811,"first_seen":"2023-11-07T16:47:12Z","last_seen":"2025-11-14T13:50:15.142478Z","alert_count":0,"request_count":7,"received_data":5748,"sent_data":5648,"comment":"","tags":null,"fingerprints":null},{"fqdn":"rcreaambientes.com","ip":{"addr":"77.247.183.155","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-09-21","domain_rank":0,"first_seen":"2025-11-20T05:34:15.588493Z","last_seen":"2025-11-20T05:34:15.588493Z","alert_count":0,"request_count":3,"received_data":10949,"sent_data":2105,"comment":"","tags":null,"fingerprints":[{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]},{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-20T05:33:53Z","timestamp":1763616833,"ip_dst":{"addr":"172.18.0.9","port":60678,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-11-20T05:33:53.519571+0000\",\"flow_id\":957965213442315,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.251.101.162\",\"src_port\":443,\"dest_ip\":\"172.18.0.9\",\"dest_port\":60678,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.youstarsbuilding.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"6C:EE:31:86:12:67:B1:E5:51:37:5E:5B:1B:EE:91:82\",\"fingerprint\":\"6c:59:6d:db:78:b9:e1:f6:65:4d:54:40:d6:2a:a6:bf:73:06:95:7d\",\"sni\":\"obseu.youstarsbuilding.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-10-14T00:00:00\",\"notafter\":\"2026-01-12T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"80d47c47e3ce91bc3bd0a026dbd1664d\",\"string\":\"771,49196,5-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1219,\"bytes_toclient\":3929,\"start\":\"2025-11-20T05:33:53.401675+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"euob.youstarsbuilding.com/sxp/i/25e455430bc0028d62ca88bfca3d4028.js","fqdn":"euob.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"54.240.174.43","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"be6e9820eb9ac1ad1989b7f8d6b5c35f","sha1":"93b080b4d6a9dc44d2d737755654fce912a72818","sha256":"f14235aca90fec47ee7ad0c5b3093277303309205b628191b5cc106cebf648eb","sha512":"717f9bb41c2cb4138efb1a2989125e2739393e5b53761c6766ac6682d4f029581a2042e2a7e43597049d85fa805614899523999969a37aab5a6682a5353a992e","ssdeep":"1536:Qu5y/b5E0bwM7sIo8L0SUs8LonlEzsjxM96nhXxwcTkYtsdlBnFIUtY0PVEWm/5M:QuQb7O8hzjnhGdhtNP8/kLP/VbZF","tlshash":"36c3d79db2e27025439334a5157f410ae27b5e503c4b8294d27ee9d4ac7ce8e817bfac","size":119877,"data":"","first_seen":"2025-11-19T09:44:46.168487Z","last_seen":"2026-01-07T15:04:54.175558Z","times_seen":5198,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"889ca9e2c79a3ce7aaadbcdfd0ce4ef5","sha1":"b05c2c051bae71f80cb8c289e5a42d4f96d323fa","sha256":"6477acf082d26199b6ce8346b93149b1b999233d9fe76b0340ebf43317cf98f8","sha512":"122a494d50a5e8077cdda40e8d6edb442bb9d89fff078852aad7f84fe24f1c58fe693f0388ca6c9453d1b33036da0b9c4e9fb394a18268e254d306ffc2ca57a3","ssdeep":"","tlshash":"46a002d4b4ed8125564583390104d91cf936c934c0d5701873f0466ca6e700a53610b2","size":62,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-05-20T04:34:57.092214Z","times_seen":365741,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ffa22f55ab6d1e3ae603e5d96d38f41d","sha1":"b1d42876ae72aca17fff66a3ef973c27f7b25c0e","sha256":"c8fdd2a04f062193ee77faa162ecc52088177a5e2d49bc674637032f87abb87a","sha512":"a5af6e13b41264d21cc1c28e8a230390b27954f56e2bff5378703ae9fa2a6592b765289785abf1871b751a99ac55d9765f3cec28818b74982ab02e05de92ebdd","ssdeep":"","tlshash":"6ed02ba339f589213abf10da9247e34834244404b8091610f81c45ca0d909979a6afcc","size":268,"data":"","first_seen":"2025-11-03T14:28:57.769228Z","last_seen":"2026-05-20T05:01:19.238632Z","times_seen":19378,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"6559111e4eae643ce013ce0821e91a02","sha1":"fa1086c9aa2cb2d14f5c13bceefe21511bcdae5a","sha256":"d72255f7e5ea4dfdf9821df800356367d0bc7df07ecd103bb660018cb1e4f400","sha512":"a6e3e096076dc152b69e95709dad8925c9c2799c23ad226b9ce7b6ee78936bea7300b66c92821ea0728ce7433d4f53787f27f5e7101f97e4d882be0a461fc051","ssdeep":"","tlshash":"407000000380020020c80233a200882af228003c00030200c008888800a808002080c2","size":25,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-05-20T04:34:57.088153Z","times_seen":365709,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"e5d8c139688b25ef77b263d88ea99150","sha1":"7abc9c61c4966543f66d150c0155bfac575f86a7","sha256":"53e5f34ac520035c7f124076d1e68c70a85c83cf68a339fa713b872b54126148","sha512":"1cd4eb192d987ea1b21f3b553eea3881c807f8bf4a5299982675d57314a0eaa084db1722c38d02eb73178660ecb1ca3667a795a512527f843f2526dc0a99dc20","ssdeep":"","tlshash":"7440000000003000033c0000000000c0000c00000000000000000c00030000000c0000","size":7,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-05-20T04:34:57.087257Z","times_seen":365747,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"5937039ebc998a5c89bc065fbcc7ac73","sha1":"61ef46f1281592b11f5a12ad5b2925dcedb910b3","sha256":"b753819c038971a0adbb679cc58cfa578e92ed78d897b1854ed83c38e6589514","sha512":"5709df1e63656fc8eaab2fc9fd9cc274c0239a3317fbeef2be2a7772b38b37eb1cbfe623e00c39dd10619673f4d6eb3a335022b64f06cdb868128138be15b278","ssdeep":"","tlshash":"f201784419f430b05a2674b98d0b91187939661b14058f64bb1c52d22fb90bad7aafec","size":724,"data":"","first_seen":"2025-11-20T05:34:19.677778Z","last_seen":"2025-11-20T05:34:19.677778Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"a721fadebac58116f06d5f8f84bcfe5a","sha1":"413588bc107bd1be0cbd14345fb68c9b8ba14b38","sha256":"912e5797a8e5f63052f4171a842ef7e90701101824c00a4dab15ce20f67605e0","sha512":"6604e4300d4690a817c03e803c0b7957170181effb5710cf86d602ebd6f52699864fd3a62ebd3b173dc58e24911266a2258a212e55acf3323f39a41d6f8ddc5d","ssdeep":"","tlshash":"12c08c7b3e8220304bdf765f285ca3083820800a68a3a6077c6c09ea4ff1f47551ab58","size":164,"data":"","first_seen":"2025-03-03T19:06:17.344232Z","last_seen":"2026-05-20T00:15:11.177467Z","times_seen":39163,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"b326b5062b2f0e69046810717534cb09","sha1":"5ffe533b830f08a0326348a9160afafc8ada44db","sha256":"b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b","sha512":"9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de","ssdeep":"","tlshash":"5430000000000000000000000000300c00000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:44Z","last_seen":"2026-05-20T04:37:16.887827Z","times_seen":391159,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-20T05:33:52.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ww1.rcreaambientes.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 02:27:52 GMT","end":"Sat, 10 Jan 2026 02:27:51 GMT"},"fingerprint":{"sha1":"AF:F7:F1:4F:20:D6:70:54:1B:84:49:90:4E:1C:EC:34:1D:9B:69:C8","sha256":"2F:08:9B:F9:5D:9C:5E:F4:5E:BE:7C:EC:2D:C9:27:5A:0A:32:5F:B2:45:E6:B9:65:43:C2:8B:80:C2:FB:95:17"}}},"request":{"raw":"GET /?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1 HTTP/1.1\r\nHost: ww1.rcreaambientes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nCookie: sid=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile\r\naccept-ch-lifetime: 30\r\nalt-svc: h3=\":50944\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 20 Nov 2025 05:33:53 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy, 0.0 Caddy\r\nx-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_L1EO12W3fmE0TxazeHwA1Ri0r/fFvVQttuy5wOJm6RfJAASqzg2O1JvUBLqe1H2aHTH96snj2qIkIJ2I47mK5g==\r\nx-buckets: bucket011,bucket077\r\nx-domain: rcreaambientes.com\r\nx-language: norwegian\r\nx-pcrew-blocked-reason: hosting network\r\nx-pcrew-ip-organization: Blix Solutions\r\nx-redirect: blank\r\nx-subdomain: ww1\r\nx-template: tpl_CleanPeppermintBlack_twoclick\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9359,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"65e06b13ac08578d19598084c6351405","sha1":"f439cc236615757de82907bfed4798d7b66a253a","sha256":"2a16254590a46bbab89dd3530224df9b09758d9db7302d9bb025807015e8ecf3","sha512":"ea3497aa36b3c909ffc6bbd111cb50ea3c84664e25a1d46ad508ceb1669696fd2bdd852147e471a7f53dbf6d5cfd8afd0381b064bd8142acb8267a0aedc97d2e","ssdeep":"192:3t51yilYoHI04F68FvAQKHJI7YoHsfO4ro2Tc/meFany:3TYoHcFJYoHsfO5/ms","tlshash":"e31296527ef3291c701b90a48be6a35932199107860acc6cbedc72bcdf4d1e49563f9c","first_seen":"2025-11-20T05:34:19.64266Z","last_seen":"2025-11-20T05:34:19.64266Z","times_seen":1,"resource_available":false,"data":null}},"time_used":452,"timings":{"blocked":201,"dns":142,"connect":1,"send":0,"wait":49,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"ww1.rcreaambientes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/munin/a/ls?t=691ea841\u0026token=f7fede7875bf0acd53fc47140d2d80f21deaa4e0","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","date":"2025-11-20T05:33:53.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ww1.rcreaambientes.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 02:27:52 GMT","end":"Sat, 10 Jan 2026 02:27:51 GMT"},"fingerprint":{"sha1":"AF:F7:F1:4F:20:D6:70:54:1B:84:49:90:4E:1C:EC:34:1D:9B:69:C8","sha256":"2F:08:9B:F9:5D:9C:5E:F4:5E:BE:7C:EC:2D:C9:27:5A:0A:32:5F:B2:45:E6:B9:65:43:C2:8B:80:C2:FB:95:17"}}},"request":{"raw":"GET /munin/a/ls?t=691ea841\u0026token=f7fede7875bf0acd53fc47140d2d80f21deaa4e0 HTTP/1.1\r\nHost: ww1.rcreaambientes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1\r\nCookie: sid=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 201 Created\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 86400\r\nalt-svc: h3=\":50944\"; ma=2592000\r\ndate: Thu, 20 Nov 2025 05:33:53 GMT\r\nserver: nginx\r\nvia: 1.1 Caddy\r\nx-log-success: 691ea841711d334cf04a6dc6\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"201","status_text":"Created","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T04:38:10.725155Z","times_seen":15467974,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"ww1.rcreaambientes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"euob.youstarsbuilding.com/sxp/i/25e455430bc0028d62ca88bfca3d4028.js","fqdn":"euob.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"54.240.174.43","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","date":"2025-11-20T05:33:53.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 18 May 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:29:53:45:CD:1F:37:FB:0A:5B:EE:BA:2B:10:20:63:7D:EE:AB:EB","sha256":"2F:1E:65:36:AB:FD:A7:A0:E2:EF:4F:B3:C2:81:B9:D4:40:D5:97:BE:7F:28:61:2C:32:1D:24:77:4B:21:66:37"}}},"request":{"raw":"GET /sxp/i/25e455430bc0028d62ca88bfca3d4028.js HTTP/1.1\r\nHost: euob.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.rcreaambientes.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 44285\r\ncontent-encoding: gzip\r\nserver: Caddy\r\ndate: Wed, 19 Nov 2025 21:38:59 GMT\r\ncache-control: max-age=43200\r\nexpires: Thu, 20 Nov 2025 09:38:58 GMT\r\netag: \"1d445-k7CAtNap3ETS1zd1VlT86RKnKBg\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: haejVSJzbhtfa9O19iosIB_NtWSZuBZjN-a4ftMLBUE8JhdW3PSjng==\r\nage: 28495\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":119877,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"data","md5":"be6e9820eb9ac1ad1989b7f8d6b5c35f","sha1":"93b080b4d6a9dc44d2d737755654fce912a72818","sha256":"f14235aca90fec47ee7ad0c5b3093277303309205b628191b5cc106cebf648eb","sha512":"717f9bb41c2cb4138efb1a2989125e2739393e5b53761c6766ac6682d4f029581a2042e2a7e43597049d85fa805614899523999969a37aab5a6682a5353a992e","ssdeep":"1536:Qu5y/b5E0bwM7sIo8L0SUs8LonlEzsjxM96nhXxwcTkYtsdlBnFIUtY0PVEWm/5M:QuQb7O8hzjnhGdhtNP8/kLP/VbZF","tlshash":"36c3d79db2e27025439334a5157f410ae27b5e503c4b8294d27ee9d4ac7ce8e817bfac","first_seen":"2025-11-19T09:44:46.168487Z","last_seen":"2026-01-07T15:04:54.175558Z","times_seen":5198,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":10,"dns":1,"connect":1,"send":0,"wait":2,"receive":1,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.rcreaambientes.com/favicon.ico","fqdn":"ww1.rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","date":"2025-11-20T05:33:53.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ww1.rcreaambientes.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 02:27:52 GMT","end":"Sat, 10 Jan 2026 02:27:51 GMT"},"fingerprint":{"sha1":"AF:F7:F1:4F:20:D6:70:54:1B:84:49:90:4E:1C:EC:34:1D:9B:69:C8","sha256":"2F:08:9B:F9:5D:9C:5E:F4:5E:BE:7C:EC:2D:C9:27:5A:0A:32:5F:B2:45:E6:B9:65:43:C2:8B:80:C2:FB:95:17"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ww1.rcreaambientes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1\r\nCookie: sid=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nalt-svc: h3=\":50944\"; ma=2592000\r\ncontent-type: image/x-icon\r\ndate: Thu, 20 Nov 2025 05:33:53 GMT\r\netag: \"670f7248-0\"\r\nlast-modified: Wed, 16 Oct 2024 07:59:04 GMT\r\nserver: nginx\r\nvia: 1.1 Caddy\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T04:38:10.725155Z","times_seen":15467974,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"ww1.rcreaambientes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126cedc134ec4f899e9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57138d642e17071a10acf9f29f671a87818b077e3c4af67a7f0c813cd737c2553750729154060b66525d92ea631c77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7b1024540ff4892a647b51acfb417a88a3a02690b352241e2ba8f3a3939c73ebcfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b0266eb6d24726bb89aa29dd5faa18f6d15bdc1c949260cb7b70c4c073d9689784baf3d9e8eb1f37a52ae2b9e7285062bcce32c4b643ae144602840c5ed485d49ac1afc57e882cd7deeddb36ae6c7c37957527d4ccc21c7580b23deb00a7cb0dba5aef33024b149466f14dcbc4ee27eec978d71be388cccb609e191c2dbd105452740926878f65a563d3c28c66eadc45f39320d3c0dbfd7888f0a91f6a7d9ce25b47cdbc045642acacee74b828cdbb2fb3b97bec38d9658759c609c5b42e914854b8f7c7387b46341120194105b6f3ce30c008dc444e432bf0a84bc385190ef6a4c2b9b46bdef0e7fa82e4b2f7494f20e64087b7457384426107ca655d7001ea69fb334096f9cb718b7ed6228da82accbe059a78115272531672c1b396ae783237d94c43ffc1c5a9f38f0a518cbaaf7c88ce747ddbd4133a61fa92c70073d753cc38dd7da25de3689da268bea82ef0dfcd8bcc5568fde125628570a58bb1ad1e9f6f2a6f72942c3f21b6c4068b8a4f9dfcecbc46d195c57358254dd550b717e811eb9363962e5175107e2c03be09dfc56a0ae70d95f0ac6a87dd478e6861fb443e3e95e9d10a58e66de7ce4d8b153b0156ae7b71d7edc562ca573e988d0fb39f80bd9248da41477d56a12637589c8c1e03f96fb2bcd32792d2ee06416efd29734a16c51650e699e9180d823b2786858d40d5c6eb8c4b28bf30b8076e4ade0c672693c20e1fce8abfcaf0eb50987ad4328a769ad65c93fff27d66b3c5158f\u0026cri=6yjNfdIapa\u0026ts=209\u0026cb=1763616833605","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","date":"2025-11-20T05:33:53.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Mon, 12 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6C:59:6D:DB:78:B9:E1:F6:65:4D:54:40:D6:2A:A6:BF:73:06:95:7D","sha256":"2B:E2:C2:72:0C:9A:E2:D0:00:6B:4E:3F:98:4A:18:74:C5:B6:AC:40:5F:B9:33:53:E5:66:1C:06:F8:97:6C:D4"}}},"request":{"raw":"GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126cedc134ec4f899e9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57138d642e17071a10acf9f29f671a87818b077e3c4af67a7f0c813cd737c2553750729154060b66525d92ea631c77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7b1024540ff4892a647b51acfb417a88a3a02690b352241e2ba8f3a3939c73ebcfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b0266eb6d24726bb89aa29dd5faa18f6d15bdc1c949260cb7b70c4c073d9689784baf3d9e8eb1f37a52ae2b9e7285062bcce32c4b643ae144602840c5ed485d49ac1afc57e882cd7deeddb36ae6c7c37957527d4ccc21c7580b23deb00a7cb0dba5aef33024b149466f14dcbc4ee27eec978d71be388cccb609e191c2dbd105452740926878f65a563d3c28c66eadc45f39320d3c0dbfd7888f0a91f6a7d9ce25b47cdbc045642acacee74b828cdbb2fb3b97bec38d9658759c609c5b42e914854b8f7c7387b46341120194105b6f3ce30c008dc444e432bf0a84bc385190ef6a4c2b9b46bdef0e7fa82e4b2f7494f20e64087b7457384426107ca655d7001ea69fb334096f9cb718b7ed6228da82accbe059a78115272531672c1b396ae783237d94c43ffc1c5a9f38f0a518cbaaf7c88ce747ddbd4133a61fa92c70073d753cc38dd7da25de3689da268bea82ef0dfcd8bcc5568fde125628570a58bb1ad1e9f6f2a6f72942c3f21b6c4068b8a4f9dfcecbc46d195c57358254dd550b717e811eb9363962e5175107e2c03be09dfc56a0ae70d95f0ac6a87dd478e6861fb443e3e95e9d10a58e66de7ce4d8b153b0156ae7b71d7edc562ca573e988d0fb39f80bd9248da41477d56a12637589c8c1e03f96fb2bcd32792d2ee06416efd29734a16c51650e699e9180d823b2786858d40d5c6eb8c4b28bf30b8076e4ade0c672693c20e1fce8abfcaf0eb50987ad4328a769ad65c93fff27d66b3c5158f\u0026cri=6yjNfdIapa\u0026ts=209\u0026cb=1763616833605 HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.rcreaambientes.com/\r\nCookie: cg_uuid=c5220b3a8288678e5a7ea266dcf2dd8c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\ndate: Thu, 20 Nov 2025 05:33:53 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\ncontent-length: 43\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"db04c7b378cb2db912c3ba8a5a774ee3","sha1":"dee34bd86c3484d31002182aa2b7caa4699126b8","sha256":"98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a","sha512":"826225fc21717d8861a05b9d2f959539aad2d2b131b2afed75d88fbca535e1b0d5a0da8ac69713a0876a0d467848a37a0a7f926aeafad8cf28201382d16466ab","ssdeep":"","tlshash":"6490000bca888002caa2c0302b8883022b88b0320228832e80bc30a8ee3b3a20c02000","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-05-20T04:34:57.069395Z","times_seen":384519,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/ct","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","date":"2025-11-20T05:33:53.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Mon, 12 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6C:59:6D:DB:78:B9:E1:F6:65:4D:54:40:D6:2A:A6:BF:73:06:95:7D","sha256":"2B:E2:C2:72:0C:9A:E2:D0:00:6B:4E:3F:98:4A:18:74:C5:B6:AC:40:5F:B9:33:53:E5:66:1C:06:F8:97:6C:D4"}}},"request":{"raw":"POST /ct HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 4387\r\nOrigin: https://ww1.rcreaambientes.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.rcreaambientes.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://ww1.rcreaambientes.com\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Thu, 20 Nov 2025 05:33:53 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\nset-cookie: cg_uuid=c5220b3a8288678e5a7ea266dcf2dd8c; Max-Age=29030400; Path=/; Expires=Thu, 22 Oct 2026 05:33:53 GMT; HttpOnly; Secure; SameSite=None\r\ntiming-allow-origin: https://ww1.rcreaambientes.com\r\ncontent-length: 1129\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3406,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4e522100b99c03afafec5ab0ef5d4434","sha1":"60fe86d86886bf910e53a8e1ec1603b4eb372748","sha256":"6408869a0ce30736bd7a9f2b2beae22742ef7e648cd4ba9ba712fd847cb67ecc","sha512":"1ce000f6ae054d6ce045865df2933166270c89f0b865a42a6d8b714f774e8b765a587e3d0121aaf8300ce9f40253a121fe355697be6f4b7caa2321dc2adbbcd6","ssdeep":"","tlshash":"006109582b26dd3b668c577f99312f5786f2532e32eb08e9a83b7f4405972959f52000","first_seen":"2025-11-20T05:34:19.662274Z","last_seen":"2025-11-20T05:34:19.662274Z","times_seen":1,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":120,"dns":1,"connect":34,"send":0,"wait":57,"receive":0,"ssl":82},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","date":"2025-11-20T05:33:54.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Mon, 12 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6C:59:6D:DB:78:B9:E1:F6:65:4D:54:40:D6:2A:A6:BF:73:06:95:7D","sha256":"2B:E2:C2:72:0C:9A:E2:D0:00:6B:4E:3F:98:4A:18:74:C5:B6:AC:40:5F:B9:33:53:E5:66:1C:06:F8:97:6C:D4"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2645\r\nOrigin: https://ww1.rcreaambientes.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.rcreaambientes.com/\r\nCookie: cg_uuid=c5220b3a8288678e5a7ea266dcf2dd8c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://ww1.rcreaambientes.com\r\ncontent-type: application/json\r\ndate: Thu, 20 Nov 2025 05:33:54 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T04:38:10.725155Z","times_seen":15467974,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","date":"2025-11-20T05:33:56.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Mon, 12 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6C:59:6D:DB:78:B9:E1:F6:65:4D:54:40:D6:2A:A6:BF:73:06:95:7D","sha256":"2B:E2:C2:72:0C:9A:E2:D0:00:6B:4E:3F:98:4A:18:74:C5:B6:AC:40:5F:B9:33:53:E5:66:1C:06:F8:97:6C:D4"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1787\r\nOrigin: https://ww1.rcreaambientes.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.rcreaambientes.com/\r\nCookie: cg_uuid=c5220b3a8288678e5a7ea266dcf2dd8c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://ww1.rcreaambientes.com\r\ncontent-type: application/json\r\ndate: Thu, 20 Nov 2025 05:33:56 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T04:38:10.725155Z","times_seen":15467974,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","date":"2025-11-20T05:33:58.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Mon, 12 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6C:59:6D:DB:78:B9:E1:F6:65:4D:54:40:D6:2A:A6:BF:73:06:95:7D","sha256":"2B:E2:C2:72:0C:9A:E2:D0:00:6B:4E:3F:98:4A:18:74:C5:B6:AC:40:5F:B9:33:53:E5:66:1C:06:F8:97:6C:D4"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1787\r\nOrigin: https://ww1.rcreaambientes.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.rcreaambientes.com/\r\nCookie: cg_uuid=c5220b3a8288678e5a7ea266dcf2dd8c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://ww1.rcreaambientes.com\r\ncontent-type: application/json\r\ndate: Thu, 20 Nov 2025 05:33:58 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T04:38:10.725155Z","times_seen":15467974,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","date":"2025-11-20T05:34:03.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Mon, 12 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6C:59:6D:DB:78:B9:E1:F6:65:4D:54:40:D6:2A:A6:BF:73:06:95:7D","sha256":"2B:E2:C2:72:0C:9A:E2:D0:00:6B:4E:3F:98:4A:18:74:C5:B6:AC:40:5F:B9:33:53:E5:66:1C:06:F8:97:6C:D4"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1790\r\nOrigin: https://ww1.rcreaambientes.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.rcreaambientes.com/\r\nCookie: cg_uuid=c5220b3a8288678e5a7ea266dcf2dd8c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://ww1.rcreaambientes.com\r\ncontent-type: application/json\r\ndate: Thu, 20 Nov 2025 05:34:03 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T04:38:10.725155Z","times_seen":15467974,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1","date":"2025-11-20T05:34:08.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Mon, 12 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6C:59:6D:DB:78:B9:E1:F6:65:4D:54:40:D6:2A:A6:BF:73:06:95:7D","sha256":"2B:E2:C2:72:0C:9A:E2:D0:00:6B:4E:3F:98:4A:18:74:C5:B6:AC:40:5F:B9:33:53:E5:66:1C:06:F8:97:6C:D4"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1790\r\nOrigin: https://ww1.rcreaambientes.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.rcreaambientes.com/\r\nCookie: cg_uuid=c5220b3a8288678e5a7ea266dcf2dd8c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://ww1.rcreaambientes.com\r\ncontent-type: application/json\r\ndate: Thu, 20 Nov 2025 05:34:08 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T04:38:10.725155Z","times_seen":15467974,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rcreaambientes.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=9574799","fqdn":"rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"77.247.183.155","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-20T05:33:52.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rcreaambientes.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 10:17:22 GMT","end":"Wed, 24 Dec 2025 10:17:21 GMT"},"fingerprint":{"sha1":"FB:76:8E:FA:C4:B9:AB:AC:42:E7:9D:DB:A7:6C:DB:78:16:C2:48:E4","sha256":"61:46:EE:FB:18:31:40:E3:B8:14:28:3F:64:37:76:CC:89:EA:8A:86:56:0F:F5:85:F3:26:5F:64:F7:15:A5:A2"}}},"request":{"raw":"GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=9574799 HTTP/1.1\r\nHost: rcreaambientes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile\r\ncache-control: max-age=0, private, must-revalidate\r\ncontent-length: 537\r\ncontent-type: text/html; charset=utf-8\r\ndate: Thu, 20 Nov 2025 05:33:52 GMT\r\nserver: Cowboy\r\nset-cookie: sid=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1; path=/; domain=.rcreaambientes.com; expires=Tue, 08 Dec 2093 08:47:59 GMT; max-age=2147483647; secure; HttpOnly\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]},{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]}],"data":{"size":537,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (537), with no line terminators","md5":"0aec13e3ca240ff6537ad6b70d249178","sha1":"96cbcb80027287285686bfcef38c5f27b8acead8","sha256":"78010ef1f66faa94fc7451caa12fea344cf2b9ba96e3ce30d07186d69ea20ca5","sha512":"bb4b347dbf1e13e663e737e666836355480f7c3d4bf3338107436e367e61bfd431f73e6f0f2ed1f13c22f3d23c4f28ea84da2aac2f73c21b2afb1df896e97dac","ssdeep":"","tlshash":"fdf020f70cabfc8de7d129824f68665085fdc1950860e01dd9d098a2be703ffdc18424","first_seen":"2025-11-20T05:34:19.671103Z","last_seen":"2025-11-20T05:34:19.671103Z","times_seen":1,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":78,"dns":37,"connect":16,"send":0,"wait":19,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rcreaambientes.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?ch=1\u0026js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTc2MzYyNDAzMiwiaWF0IjoxNzYzNjE2ODMyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMXNxMGFpMm1qYTQzZjVhdHM2cGJhZ2UiLCJuYmYiOjE3NjM2MTY4MzIsInRzIjoxNzYzNjE2ODMyNDYwNDMyfQ.JJHW9EDJffNfXbOiuHsUdHVtXc0a5P1Xvx759N8tBic\u0026sid=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1\u0026wsidchk=9574799","fqdn":"rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"77.247.183.155","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-20T05:33:52.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rcreaambientes.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 10:17:22 GMT","end":"Wed, 24 Dec 2025 10:17:21 GMT"},"fingerprint":{"sha1":"FB:76:8E:FA:C4:B9:AB:AC:42:E7:9D:DB:A7:6C:DB:78:16:C2:48:E4","sha256":"61:46:EE:FB:18:31:40:E3:B8:14:28:3F:64:37:76:CC:89:EA:8A:86:56:0F:F5:85:F3:26:5F:64:F7:15:A5:A2"}}},"request":{"raw":"GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?ch=1\u0026js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTc2MzYyNDAzMiwiaWF0IjoxNzYzNjE2ODMyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMXNxMGFpMm1qYTQzZjVhdHM2cGJhZ2UiLCJuYmYiOjE3NjM2MTY4MzIsInRzIjoxNzYzNjE2ODMyNDYwNDMyfQ.JJHW9EDJffNfXbOiuHsUdHVtXc0a5P1Xvx759N8tBic\u0026sid=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1\u0026wsidchk=9574799 HTTP/1.1\r\nHost: rcreaambientes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rcreaambientes.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=9574799\r\nCookie: sid=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncache-control: max-age=0, private, must-revalidate\r\ncontent-length: 11\r\ndate: Thu, 20 Nov 2025 05:33:52 GMT\r\nlocation: http://ww1.rcreaambientes.com/?subid1=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1\r\nserver: Cowboy\r\nset-cookie: sid=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1; path=/; domain=.rcreaambientes.com; expires=Tue, 08 Dec 2093 08:47:59 GMT; max-age=2147483647; secure; HttpOnly\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]},{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]}],"data":{"size":9359,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T04:38:10.725155Z","times_seen":15467974,"resource_available":true,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rcreaambientes.com/favicon.ico","fqdn":"rcreaambientes.com","domain":"rcreaambientes.com","tld":"com"},"ip":{"addr":"77.247.183.155","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rcreaambientes.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=9574799","date":"2025-11-20T05:33:52.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rcreaambientes.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 10:17:22 GMT","end":"Wed, 24 Dec 2025 10:17:21 GMT"},"fingerprint":{"sha1":"FB:76:8E:FA:C4:B9:AB:AC:42:E7:9D:DB:A7:6C:DB:78:16:C2:48:E4","sha256":"61:46:EE:FB:18:31:40:E3:B8:14:28:3F:64:37:76:CC:89:EA:8A:86:56:0F:F5:85:F3:26:5F:64:F7:15:A5:A2"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rcreaambientes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rcreaambientes.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=9574799\r\nCookie: sid=7fb0f786-c5d2-11f0-ad21-a03ca4ae50b1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: max-age=0, private, must-revalidate\r\ncontent-length: 9\r\ndate: Thu, 20 Nov 2025 05:33:52 GMT\r\nserver: Cowboy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]},{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]}],"data":{"size":9,"size_decoded":0,"mime_type":"image/x-icon","magic":"ASCII text, with no line terminators","md5":"d8f4a1993546cc4b850cde3599e27aec","sha1":"094b763b4cfcc0b05e5d040581cd513c3ca08067","sha256":"907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9","sha512":"7c696247f98aa6fe4e1df001fd6029abbbccf45b122d65dfdede8f8a400cda775387c657f96bd1e4e52da7409187892b1f0786c54d835d2e44227b2e1335eaf6","ssdeep":"","tlshash":"4a50000c0003030c0000003000c00030000c03000c0000300000c00c00000000c000cc","first_seen":"2023-03-08T07:11:06Z","last_seen":"2026-05-20T00:23:46.489062Z","times_seen":19918,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}