{"report_id":"8b74f7b3-712c-49e2-a4eb-17e0d7987363","version":6,"status":"done","tags":[],"date":"2025-12-27T08:32:24Z","url":{"schema":"http","addr":"us2.froxysite.com/","fqdn":"us2.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"173.239.8.164","port":0,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"ww9.froxysite.com/","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"title":"froxysite.com","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"us2.froxysite.com/","fqdn":"us2.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"173.239.8.164","port":0,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-31T08:32:24Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":9}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-27T08:32:01Z","timestamp":1766824321,"ip_dst":{"addr":"74.206.228.78","port":80,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.21","port":59734,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Win32/Zonebac Traffic Redirect","source":"{\"timestamp\":\"2025-12-27T08:32:01.914090+0000\",\"flow_id\":47281575412670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":59734,\"dest_ip\":\"74.206.228.78\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2030821,\"rev\":1,\"signature\":\"ET ADWARE_PUP Win32/Zonebac Traffic Redirect\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_09_01\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_01\"]}},\"http\":{\"hostname\":\"froxysite.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://us2.froxysite.com/\",\"http_method\":\"POST\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":163},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":12,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":822,\"bytes_toclient\":564,\"start\":\"2025-12-27T08:32:01.246718+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-27T08:32:06Z","timestamp":1766824326,"ip_dst":{"addr":"172.18.0.21","port":35998,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-12-27T08:32:06.081570+0000\",\"flow_id\":1485447079785311,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.251.101.162\",\"src_port\":443,\"dest_ip\":\"172.18.0.21\",\"dest_port\":35998,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.youstarsbuilding.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"70:FA:13:EE:FF:82:23:36:52:0A:5D:4D:41:EE:90:F5\",\"fingerprint\":\"1d:e0:7a:77:9e:39:3d:b5:85:c1:3d:30:3e:e7:35:c5:fe:d1:7e:38\",\"sni\":\"obseu.youstarsbuilding.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-12-03T00:00:00\",\"notafter\":\"2026-03-03T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"80d47c47e3ce91bc3bd0a026dbd1664d\",\"string\":\"771,49196,5-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1080,\"bytes_toclient\":3922,\"start\":\"2025-12-27T08:32:05.979807+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"ww9.froxysite.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"searchnowexpert.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"threatfox","sensor_type":"Blocklist","title":"ThreatFox","description":"ThreatFox","scan_date":"","alert":"FAKEUPDATES","trigger":"euob.youstarsbuilding.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js","verdict":"malicious","severity":"medium","comment":"FAKEUPDATES","link":"https://threatfox.abuse.ch/","meta":null}],"urlquery":null},"summary":[{"fqdn":"obseu.youstarsbuilding.com","ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2022-08-01","domain_rank":1721811,"first_seen":"2023-11-07T16:47:12Z","last_seen":"2025-12-26T16:00:25.198806Z","alert_count":0,"request_count":7,"received_data":5574,"sent_data":5504,"comment":"","tags":null,"fingerprints":null},{"fqdn":"l.cdn-fileserver.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-08","domain_rank":962880,"first_seen":"2025-04-11T15:28:22.753596Z","last_seen":"2025-12-22T00:45:46.644635Z","alert_count":9,"request_count":3,"received_data":2629,"sent_data":8509,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"us2.froxysite.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2017-01-09","domain_rank":0,"first_seen":"2025-12-27T08:32:24.516043Z","last_seen":"2025-12-27T08:32:24.516043Z","alert_count":0,"request_count":3,"received_data":886,"sent_data":1247,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"s.cdn-fileserver.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-08","domain_rank":1473336,"first_seen":"2025-04-11T18:11:28.393379Z","last_seen":"2025-12-22T01:17:39.843901Z","alert_count":9,"request_count":3,"received_data":45355,"sent_data":1498,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"yfdnzf.com","ip":{"addr":"208.91.196.46","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2025-07-22","domain_rank":2024004,"first_seen":"2025-07-30T08:54:33.879776Z","last_seen":"2025-12-23T00:32:59.099884Z","alert_count":0,"request_count":1,"received_data":9966,"sent_data":544,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ww9.froxysite.com","ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"domain_registered":"2017-01-09","domain_rank":0,"first_seen":"2025-12-27T08:32:24.507585Z","last_seen":"2025-12-27T08:32:24.507585Z","alert_count":4,"request_count":4,"received_data":16744,"sent_data":2139,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"searchnowexpert.com","ip":{"addr":"199.191.50.135","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2025-02-14","domain_rank":388819,"first_seen":"2025-05-24T11:23:51.072376Z","last_seen":"2025-12-24T14:06:46.384764Z","alert_count":1,"request_count":1,"received_data":67735,"sent_data":1288,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"msadsscale.microsoft.com","ip":{"addr":"13.107.213.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"1991-05-02","domain_rank":241518,"first_seen":"2025-01-13T10:51:37Z","last_seen":"2025-12-22T13:58:53.557144Z","alert_count":0,"request_count":1,"received_data":73333,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]},{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]}]},{"fqdn":"s.yimg.com","ip":{"addr":"87.248.119.252","port":443,"asn":203220,"as":"Yahoo-UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"1997-05-14","domain_rank":4553,"first_seen":"2012-05-20T22:45:00Z","last_seen":"2025-12-22T01:23:05.075519Z","alert_count":0,"request_count":1,"received_data":13535,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache Traffic Server","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"froxysite.com","ip":{"addr":"74.206.228.78","port":80,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"domain_registered":"2017-01-09","domain_rank":0,"first_seen":"2025-12-27T08:32:24.511499Z","last_seen":"2025-12-27T08:32:24.511499Z","alert_count":1,"request_count":2,"received_data":712,"sent_data":889,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"euob.youstarsbuilding.com","ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2022-08-01","domain_rank":2095641,"first_seen":"2023-10-25T16:14:24Z","last_seen":"2025-12-26T16:00:25.064492Z","alert_count":1,"request_count":1,"received_data":120403,"sent_data":456,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"ww9.froxysite.com/","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"7477034f5e76c61acf52e6ba4e0c73fd","sha1":"29805ea6fda72e565f46c8f103248a1ea8ad5d49","sha256":"c49d4517332e612c7143895fee73f6a5e743795835a69989ca1300cb65bd428c","sha512":"304cfa40436d3da55013e258e86a23e045a1d5f74c26b160adca77318b9fe5d7e2e25e00ef20a4926bfd96cfab830e34f25b7fdda1d335c4502dd8592cc6dac4","ssdeep":"","tlshash":"de21e09618f200256bbb30ee4e0b404571756c1b5296da06bc0c66402f68965db76baa","size":1344,"data":"","first_seen":"2025-12-27T08:32:31.401729Z","last_seen":"2025-12-27T08:32:31.401729Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww9.froxysite.com/","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"b326b5062b2f0e69046810717534cb09","sha1":"5ffe533b830f08a0326348a9160afafc8ada44db","sha256":"b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b","sha512":"9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de","ssdeep":"","tlshash":"5430000000000000000000000000300c00000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:44Z","last_seen":"2026-05-13T17:12:15.903993Z","times_seen":386802,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"searchnowexpert.com","domain":"searchnowexpert.com","tld":"com"},"ip":{"addr":"199.191.50.135","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"fe43622b86a9293f7d94436142bdfdc6","sha1":"01ef22d8f3292bea2b0cfa63e49be5ee758899eb","sha256":"f06061820c8cc9e6d88231bddef898d9ce4a8326f6e00e30e0aca3f924ad3dd4","sha512":"a8cf2feaa0a396472300a52b5d37f123be2249d274c947da255ba4f99a644139d92e010b65461b9575a4e63cddb1e717a085282c435d182186b0e51885f654d5","ssdeep":"","tlshash":"3e70008880202a0000e0080c030323b0238080a88cc28000822ea0033080e030288a8a","size":24,"data":"","first_seen":"2025-03-08T00:25:13.703666Z","last_seen":"2026-05-13T17:12:15.920858Z","times_seen":173391,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"searchnowexpert.com","domain":"searchnowexpert.com","tld":"com"},"ip":{"addr":"199.191.50.135","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"3f13d4f343e9a9e1eedaac13e27b7775","sha1":"7534c79e66d786c43aae64a59ce4ef5e6f6ab000","sha256":"494ff739a50f6775b4fa6facaa9f6ea813df5bae0c78bb237ec4daa6e21dfa67","sha512":"50e117ad7bc6b3a4e9434cb2822bfb8152e1ae5add6fdfa00f6b20c308233dc0db8c6eb7bf5840c4d03dcec295890313a287bd8869d32339efc0d8953854c107","ssdeep":"192:3y+0rVyUei6ceaVK9qKSQea+75pkuESH3MMpuAwFQ9ffeAJufjW8rWa:QZyBIvxQ2kuESH3MMpuAwFQ9ffeAJufz","tlshash":"a3d1769b58a9c651817d689e3c7c6e4f68c9364c92cc294fcbc2f998487fa75df0068c","size":6470,"data":"","first_seen":"2025-12-27T08:32:31.405533Z","last_seen":"2025-12-27T08:32:31.405533Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bql.php?vgd_len=4984\u0026\u0026vgd_l2type=dmola\u0026fp=AWe2oiQv8U3qVM9_tPQyxNEz_O9kDWAFbQA6nslem2gkt4HEbsvIflX9ZpSvn5aUWZH03UPCabq1E1_2eAa8we-9kk0KnfkDsZsne2ZukYcMbg5MYMveDdkhZ6oVZNlGeN9nbOS4RSM%3D\u0026cme=ZITqtOuWKoZXnlL5v1XDJF5LWf-6SIhozeF2EKHsbUHgBHlWhXsmyckFcn4r031-khDlVjl80IpBCv-bVnau29UuKxaVOlRo4rRybS1JRWo95YaWSblVHMswJW3ueP4ZIVMFWbfvOF9VAIbY68ZQTMXkJ6wJ-815mB-FovbtcxMbBmwFCTpv_kQIi5AKWgYpT-BG3P7ihTZcEqL705mr53uK4Geum4hyZVcfmBsAKtLBR7TtroujChMc0qdwPLbR06U0dbfOyV0%3D%7C%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7CWtJPvijWHRsm4z5jCfkPsQmv8-urF4NW%7CxDcVMoSqRIS0rkK9RdWsEJeKJclSYZ6JHbdJclf2k9g%3D%7Cv_FGwiaAKkWSjB3mqK05Sm6vszKpRUy2Nzsgt_NRSmLzzYbHHHnjmQ%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7Cmr5YxB_Ky2PXFNW2SL-voPavwPKj4VhvI84GUkFvEChFEYbcFJGy3-P9NZt95GowMD2_GbARfwz0RmvvWWRpbPa10lF0sBfBLlgsaGqLD3h5I4fGpKLu9IWOJli64CnsqDQaPFzWTwx5G8OO3q8D9aGlUH3sFy_i35y_dWG4J7IK5jC4NeDUUn6R1xB6u0Plq4WXbdbU4QQCZIQtjmWUi7vFJcjS0vxcgrA9vb-rgV5QXkJARm-LiXD_rhb8tA_wcCcdtzFyu7pqiGzSaU0YDoUKiRvy_370-swe4jV3uGFXJsi1fsfMN2VtHC7JxvskVkDGniBux0lpz699xH7qqOYWR4-U2G4TNmtavQEbJ2dyToE05mqsVetGnPD6gSpkYNYAB0OIqJHTqmijWW3KqU3BYPN9tKB2eBZ0qRDtH_Fi7XX1LqsCsnJN9KDNff-4hJImbSM16wVdyuYYDdsVrFFlZPtYakt8dW-0uAdnJaAcJr2zOL5oeTmEvlTtA_dYRdIIBNCbdvWSMN_RjOdLSl62OaqwMWyTADMCnH_b9r4gzHmatoyHHwlvfhH1KIn2UpeSidEPaXS69RQrwLBVqBM62Y1jsM9_pNPfSYGXJij-GtXa3FLuPYu5LUoaJXn-aG37JAELrzt_EVcWwLL-HJfRz956T9C1YNZO-vBp3Uc%3D%7C\u0026ksu=360\u0026fdkt=210\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Proxy+Web+Browser\u0026kwt[]=210\u0026kbc[]=4297\u0026kwp[]=1\u0026kid[]=144781208\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-2%7Crla%3D61.01%7Crlhp%3D80.00%7Clr%3D0.22%7C17%3D555.56%7C18%3D555.56%7C5%3D18%7C6%3D1%7C16%3D1%7C19%3D35748.53%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D130153%7Cclpr%3D0.897900%7Ccllvl%3D5%7Cokt%3D210%7Cbdkt%3D210\u0026ktd[]=75557865977714153882112\u0026klg[]=en\u0026kwd[]=Free+Proxy\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=2\u0026kid[]=11640855\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D10325%7Cakp%3D7%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D130153%7Cclpr%3D0.932200%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=75557865977714154279168\u0026klg[]=\u0026kwd[]=Fast+Secure+Internet+VPN\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=3\u0026kid[]=1325772725\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D10321%7Cakp%3D14%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D31649%7Cclpr%3D0.875600%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=17174784\u0026klg[]=\u0026kwd[]=Best+Anonymous+Browsing+Browser\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=4\u0026kid[]=1237128525\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D5494%7Cakp%3D4%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D21210%7Cclpr%3D0.890600%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=75557865977714154279168\u0026klg[]=\u0026kwd[]=VPN+for+Safe+Online+Browsing\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=5\u0026kid[]=1326043865\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D10317%7Cakp%3D15%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D136968%7Cclpr%3D0.872300%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=17174784\u0026klg[]=\u0026v=1\u0026gdpr=1\u0026geo=59.91%7C10.74\u0026lper=100\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170762275\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=QJ1LNwzmBJ-EJL7.NmY\u0026cid=8CU230732\u0026vi=1766824325487138225\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=2\u0026vgd_tsce=L1091-S1091\u0026vgd_l3_sc=03\u0026vgd_refdomain=froxysite.com\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=16630\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_ifrmode=14\u0026sbdrId=\u0026verid=\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2151436992598469975\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=2616\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001766824325928015326356486351\u0026rc=0\u0026rand=1766824327019\u0026acid=undefined\u0026matm=1766824327019\u0026vgde_ltimesrc=u\u0026vgde_ltime=iXW\u0026vgde_rtime=iHX\u0026vgde_etm=uW\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AWHu%2C%22QNLLQ71L7%22%3AWf%2C%22QNLLLJzOJL%22%3Aff%2C%22QNLLJ-JN%22%3AAX%7D\u0026vgd_lhl=2076\u0026vgd_sbSup=1\u0026vgd_nrrs=16630\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","size":15,"data":"","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-05-13T17:12:15.881654Z","times_seen":175569,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"euob.youstarsbuilding.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js","fqdn":"euob.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ab2ddfd9871e5b38a5a9225bb63c22c4","sha1":"cf15b5202bd2006c17fba162ff63c7cfa967faa0","sha256":"38ac2911b1bd7669eb602921ee19bbad89caf9dff0ad356cadd2073b27f64d6a","sha512":"506b5713dd0efbe965a93b57be2cb44b1c17b6f3653053b42a46c0fb6fe9877dc69f9c3b02011dbcd44f356d1bf427649f370e8d6a8ef08551af9cf8ea250f4e","ssdeep":"1536:Qu5y/b5E0bwM7sIo8L0SUs8LonlEzsjxM96nhXxwcTkYtsdlBnFIUtY0PVEWm/5l:QuQb7O8hzjnhGdhtNP8/kLP/V+ZF","tlshash":"cdc3d79db2e27025439334a5157f410ae27b5e503c4b8294d27ee9d4ac7ce8e817bfac","size":119877,"data":"","first_seen":"2025-11-19T10:05:19.366722Z","last_seen":"2026-01-07T23:37:36.594718Z","times_seen":4508,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww9.froxysite.com/","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"889ca9e2c79a3ce7aaadbcdfd0ce4ef5","sha1":"b05c2c051bae71f80cb8c289e5a42d4f96d323fa","sha256":"6477acf082d26199b6ce8346b93149b1b999233d9fe76b0340ebf43317cf98f8","sha512":"122a494d50a5e8077cdda40e8d6edb442bb9d89fff078852aad7f84fe24f1c58fe693f0388ca6c9453d1b33036da0b9c4e9fb394a18268e254d306ffc2ca57a3","ssdeep":"","tlshash":"46a002d4b4ed8125564583390104d91cf936c934c0d5701873f0466ca6e700a53610b2","size":62,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-05-13T17:12:15.927906Z","times_seen":361946,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yfdnzf.com/?dn=froxysite.com\u0026pid=9PO755G95","fqdn":"yfdnzf.com","domain":"yfdnzf.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"0ec835bb9107a2fe8d1e548083782ba0","sha1":"b2a9d613a2a0411c06421c2efc75b13e44d8d3d3","sha256":"2e0b64110262608ebae67df8bcf8688ba9e07e2d2c7ad19608a33207d229e3aa","sha512":"09b753900615af08a06b996f960f7e0659f9eaef3a6158211743b38b1e85515ea323f39f5cd7e6772a9427f1cf3bfa9001ba27e08e9be2cb5197211bf45f9150","ssdeep":"192:T+7w6+Moii9ni1lEcp5hjQPQhMLGAvJ+7w6+Moii9ni1lEcp5hjQPQhCQB1vcweY:Oq81mc81yAvQq81mc8RUBT","tlshash":"9302081601bb5c1049db0022cf7eefdff0de9e1b6cee6c0c65888808616eba71d619b5","size":8850,"data":"","first_seen":"2025-12-27T08:32:31.408822Z","last_seen":"2025-12-27T08:32:31.408822Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww9.froxysite.com/","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"4b525cf8ebd962811007b8d5664ed332","sha1":"3d6e339a2e51071280db0f7e0e72f4beff1b7e3f","sha256":"9a2fc2de09ddd5dbe83a33b037c4519972a252103614203019dec30522301fdd","sha512":"b8a7dfd8f65660c948daea9a5177f217a66dc3246bcc7acfefadf6c35c761208f9a99c73cd960e6081e0765b370ffbb178151bf792784c05de5c822b56ebb936","ssdeep":"","tlshash":"79c08c7b3c8220304edf725e281c93883860c206a883a202fc2c08ed4ff1e47323ab58","size":164,"data":"","first_seen":"2025-10-01T08:32:45.366407Z","last_seen":"2026-05-13T17:12:15.902812Z","times_seen":72342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww9.froxysite.com/","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"6559111e4eae643ce013ce0821e91a02","sha1":"fa1086c9aa2cb2d14f5c13bceefe21511bcdae5a","sha256":"d72255f7e5ea4dfdf9821df800356367d0bc7df07ecd103bb660018cb1e4f400","sha512":"a6e3e096076dc152b69e95709dad8925c9c2799c23ad226b9ce7b6ee78936bea7300b66c92821ea0728ce7433d4f53787f27f5e7101f97e4d882be0a461fc051","ssdeep":"","tlshash":"407000000380020020c80233a200882af228003c00030200c008888800a808002080c2","size":25,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-05-13T17:12:15.93256Z","times_seen":361918,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww9.froxysite.com/","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"e5d8c139688b25ef77b263d88ea99150","sha1":"7abc9c61c4966543f66d150c0155bfac575f86a7","sha256":"53e5f34ac520035c7f124076d1e68c70a85c83cf68a339fa713b872b54126148","sha512":"1cd4eb192d987ea1b21f3b553eea3881c807f8bf4a5299982675d57314a0eaa084db1722c38d02eb73178660ecb1ca3667a795a512527f843f2526dc0a99dc20","ssdeep":"","tlshash":"7440000000003000033c0000000000c0000c00000000000000000c00030000000c0000","size":7,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-05-13T17:12:15.931815Z","times_seen":361955,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"searchnowexpert.com","domain":"searchnowexpert.com","tld":"com"},"ip":{"addr":"199.191.50.135","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"8c853ea3b86eb442da6a862a164a37c0","sha1":"d5277b2346edf6f0a31aeaad013e5f88d9f158a2","sha256":"852dd73c7c34b0e514e88468ab19afad16ec5b794a62e4b1e01421491e3aacb6","sha512":"f4a29ba9fb068c007d9daa475dfb9e8470933834d205ed18749e85b5d5d386f696bba3ea570a847c3c4181442c2a5e00e3ef0313c48e6c8b3da05cd7825d5eb3","ssdeep":"","tlshash":"7cf0276c8fdb502029b5910e329ff2c1b498909732a3c409f5dc82040f42a1e97792fc","size":472,"data":"","first_seen":"2025-12-27T08:32:31.412527Z","last_seen":"2025-12-27T08:32:31.412527Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"searchnowexpert.com","domain":"searchnowexpert.com","tld":"com"},"ip":{"addr":"199.191.50.135","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"f0052e6ff5392cdd80ec0cf59e6c9e28","sha1":"010e58da4b8b8e23fbf278ff1307fbf85537cded","sha256":"e44aa47e3a2115bacba019ee5797e043de737eb7288243daf8566b0cbdd493f2","sha512":"542f9b2d5adca94510cf6952dd474bf0e46875212f96c258417739aa318df76ebd540c0be95334a097c3b57decd468558eb8b775fcd5612c0f7073d0bf26c4e7","ssdeep":"768:GK75wr3AY52v4YPgIkLPXBuvdf/rAf1/cnqipO3pSOk+GTtqgVK:b75+F5TY4DPRuvdru/Sqi+gc","tlshash":"bc23d7dc34c2745617673562422f2d4bf17b1a507a4ecc40e5b9e9a63c3c65f8a23e8e","size":47116,"data":"","first_seen":"2025-12-24T13:13:08.788742Z","last_seen":"2025-12-29T13:17:49.447162Z","times_seen":1528,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"searchnowexpert.com","domain":"searchnowexpert.com","tld":"com"},"ip":{"addr":"199.191.50.135","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"7ea336f637477485ccd6f9a5b167bd7d","sha1":"8153e4b97c42ab5b73f2f577b43043c8c9283b4b","sha256":"ce4d01ea989bb3b9243f9917fe20a39064135a99b2f3b8cd6832cccb10006b96","sha512":"1ac3fbd0a0c12ef1eacf5dc2a5848e72574bc9ebab4b159fbd080d02b3c49320e5862be0d7404e6ded0c2e2c8c0c43f84d93b966d200007782e282bbab8b3c65","ssdeep":"","tlshash":"c6f0e5b694b3c8285b0f264673ffd684145043e45c05764df1ede49a03e1d4cc0d9eaa","size":481,"data":"","first_seen":"2025-03-08T00:25:13.728891Z","last_seen":"2026-05-13T17:12:15.933269Z","times_seen":173059,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"searchnowexpert.com","domain":"searchnowexpert.com","tld":"com"},"ip":{"addr":"199.191.50.135","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"2e8be5ce7a18d21c61ddaa3be3fd99ea","sha1":"7d2e7dcc6e15405e8d20e4287f271756e7f874f3","sha256":"5211c581ce1e9891281e16e8820398ab1f3a835b862b9e168bbffffe8e66ea19","sha512":"202c8e96e23f05dc95606ba0b7b318973a6ce95f22f28d05b4fe3762f335f0db7d989c73f8f0fc4e55cfa2b4c4980bc17433b8132ffba6b6975658322e7eb308","ssdeep":"","tlshash":"a6b02b103d301002007a0183c874c4290136d8f3330044d44b003cec908e440605e74c","size":122,"data":"","first_seen":"2025-04-02T18:01:59.542907Z","last_seen":"2026-05-13T17:12:15.933964Z","times_seen":172560,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"ww9.froxysite.com/","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-27T08:32:05.158Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ww9.froxysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://froxysite.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Dec 2025 08:32:05 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile\r\nAccept-Ch-Lifetime: 30\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nVia: 0.0 Caddy\r\nX-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_asQfIQVOEvfpadZmmPXRSqDCCIFW+uhVhIncQDe7cQocOWAK7DF35HdwI2KOshZE8wHScjSB+/v9L02dAmKsNA==\r\nX-Buckets: bucket011\r\nX-Domain: froxysite.com\r\nX-Language: norwegian\r\nX-Pcrew-Blocked-Reason: hosting network\r\nX-Pcrew-Ip-Organization: Blix Solutions\r\nX-Redirect: skenzo\r\nX-Subdomain: ww9\r\nX-Template: tpl_CleanPeppermintBlack_twoclick\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15347,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (512)","md5":"bbba6c2fb2cc224e2d5f139b1cd66853","sha1":"e13989b135497001454876928e6d867d77b4528d","sha256":"d44a0f476a52a316fa10f35d103c1f7c7d408679e2145c61e25bb59a37b6fa8c","sha512":"be3550fd6f2759933ee3c27019232cfe6be746b628fef85f625642a3e58538e9592879bd450cd3c1eb8c5617e5ea6ae156be5b314635eb5a59e9dbf541acd35d","ssdeep":"192:lR8pKfsTxcYoHSiF57zA5GYJuOJdt+/eZGJ0llPx8YoHsfOBro2Tc/8SSy:lexcYoHSiF5Kno/cCYoHsfO2/x","tlshash":"b662b7436be31515b11b80a98f9aa74932189107d60fcdacfaec77a8df4c4d461a3f9c","first_seen":"2025-12-27T08:32:31.374573Z","last_seen":"2025-12-27T08:32:31.374573Z","times_seen":1,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":32,"dns":1,"connect":31,"send":0,"wait":78,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"ww9.froxysite.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww9.froxysite.com/chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.EjYtszAijFc-j_AI5dBQB0bnD26EgRJI5hrzQd5-zCIswn_VF89kHA.IbZajikO8Yb60u8m9rS6AA.j4bJLvBVXW0EXG_iHh4enH5THEwnStWazPFKpHqJEs_5b3GkkViDIc4HotWq-0-kshxWzHCnB0Y39Mpdmbp1PevtI0Kh7xYzBJzA1FNFEtl6ZvdnB3wlSSGH5u3rpXG4TZQaJP6LlPnw-ffqwFFqclkIL__4Wh_UCRfNuq4-IO7q5U8zqeZsejE6Mv4Ak1uQCbgDLcNoiy99QH2W4Yjxb8Cj04EYpLy3U18Mqa7LSPllF6j04VES5XfHbPz6oRJ_ykwkCo_HjJRNBi7tAY3-Cg.ea7miO6J2VWvHxnhVmPvww\u0026t=694f9985\u0026token=6b8747b02306b2a7af7fa41cedbf6d436f3602bb","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:05.300Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.EjYtszAijFc-j_AI5dBQB0bnD26EgRJI5hrzQd5-zCIswn_VF89kHA.IbZajikO8Yb60u8m9rS6AA.j4bJLvBVXW0EXG_iHh4enH5THEwnStWazPFKpHqJEs_5b3GkkViDIc4HotWq-0-kshxWzHCnB0Y39Mpdmbp1PevtI0Kh7xYzBJzA1FNFEtl6ZvdnB3wlSSGH5u3rpXG4TZQaJP6LlPnw-ffqwFFqclkIL__4Wh_UCRfNuq4-IO7q5U8zqeZsejE6Mv4Ak1uQCbgDLcNoiy99QH2W4Yjxb8Cj04EYpLy3U18Mqa7LSPllF6j04VES5XfHbPz6oRJ_ykwkCo_HjJRNBi7tAY3-Cg.ea7miO6J2VWvHxnhVmPvww\u0026t=694f9985\u0026token=6b8747b02306b2a7af7fa41cedbf6d436f3602bb HTTP/1.1\r\nHost: ww9.froxysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://ww9.froxysite.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Sat, 27 Dec 2025 08:32:05 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"9fe3cb2b7313dc79bb477bc8fde184a7","sha1":"4d7b3cb41e90618358d0ee066c45c76227a13747","sha256":"32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864","sha512":"c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db","ssdeep":"","tlshash":"2cc08c26351e2c0c96a322b402c36a50d092c3304c5a19004600420371c31168ac3315","first_seen":"2023-04-05T07:27:09Z","last_seen":"2026-05-13T17:12:15.871526Z","times_seen":90666,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"ww9.froxysite.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww9.froxysite.com/favicon.ico","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:05.399Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ww9.froxysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww9.froxysite.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Dec 2025 08:32:05 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 0\r\nLast-Modified: Wed, 16 Oct 2024 07:59:04 GMT\r\nConnection: keep-alive\r\nETag: \"670f7248-0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T17:27:39.929878Z","times_seen":15121638,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"ww9.froxysite.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/ct","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:05.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"POST /ct HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 4366\r\nOrigin: http://ww9.froxysite.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww9.froxysite.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":4366,"data":"id=92098\u0026url=http%3A%2F%2Fww9.froxysite.com%2F\u0026sf=0\u0026tpi=\u0026ch=AdsDeli%20-%20iFrame\u0026uvid=6b8747b02306b2a7af7fa41cedbf6d436f3602bb\u0026tsf=0\u0026tsfmi=\u0026tsfu=\u0026cb=1766824325973\u0026hl=4\u0026op=0\u0026ag=2881387774\u0026rand=049576502786119161599218762661220808278029117275271025885802192206850190522272361005952820\u0026fs=1280x1024\u0026fst=1280x1024\u0026np=win32\u0026nv=\u0026ref=http%3A%2F%2Ffroxysite.com%2F\u0026ss=1280x1024\u0026nc=0\u0026at=\u0026di=W1siZWYiLDM3ODNdLFsiYWJuY2giLDExXSxbLTEwLCItIl0sWy0xNSwiLSJdLFstMTgsIlsxLDAsMCwwXSJdLFstMjcsIi0iXSxbLTQxLCItIl0sWy00NiwiMCJdLFstNDksIi0iXSxbLTUzLCIwMDEiXSxbLTUsIi0iXSxbLTYzLCItIl0sWy02NSwiLSJdLFstNjYsIi0iXSxbLTEyLCJcIjFcIiJdLFstNTIsIi0iXSxbLTIsIjgsSXNOOW5HbldiQVlBSXhOZlFhT3FHRTBDRkFRc2NHMDBJbmhPYllCQUtZVU96UU82RVgwMjBJbUdMY3U2MnVyZFAvYzJkMnBObVZaQXdmMy8vOHo3OUdySGExV3UzT21YUFB2ZSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstNTcsIlMzbFJUVTFKU2dNV0ZseE1WbHNYUUZaTVNrMVlTMHBiVEZCVlhWQlhYaGRhVmxRV1NrRkpGbEFXRHdvUFh3RmJBUXdCWHc4QkNGaGFXdzViWDFnUFh3d0JDbGdBRHc4S0NWZ1hVMG9EQ0FNQkR3c0tDaFVPQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBCV1RFcE5XRXRLVzB4UVZWMVFWMTRYV2xaVUZrcEJTUlpRRmc4S0QxOEJXd0VNQVY4UEFRaFlXbHNPVzE5WUQxOE1BUXBZQUE4UENnbFlGMU5LQXdnREFROE5DZ2dWU2x4TmJWQlVYRlpNVFJsUldGZGRWVnhMRXc0SUFCWk5GMXhCU1ZaTFRVb1dCWGxSVFUxSlNnTVdGbHhNVmxzWFFGWk1TazFZUzBwYlRGQlZYVkJYWGhkYVZsUVdTZz09Il0sWy00LCItIl0sWy03MiwiRXhVPSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6NjEsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwibGx2bXBpcGVcIixcInNlZlwiOjQ5NDE5NTA0MyxcInNlY1wiOlwiXCJ9Il0sWy04LCItIl0sWy0xNCwiLSJdLFstMzgsImksLTEsLTEsMCwwLDExLDAsMSwzMSw3OSwtMSwwLCwxNjksNTIyLDUyMSJdLFstNDAsIjM3Il0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwib25SVEJGYWlsdXJlXCIsXCJvblJUQlN1Y2Nlc3NcIixcIk5vdGlmeVBhaW50RXZlbnRcIixcIl9fY3RjZ19jdF85MjA5OF9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstNjEsIi0iXSxbLTYyLCI1OCJdLFstNzQsIi0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiXX0iXSxbLTIxLCItIl0sWy0yMywiKyJdLFstMjksIi0iXSxbLTM3LCItIl0sWy03LCItIl0sWy02NCwiLSJdLFstMzIsIjAiXSxbLTQyLCI4ODMzOTkwMTYiXSxbLTQ3LCJVVEMsZW4tVVMsbGF0bixncmVnb3J5Il0sWy01OCwiLSJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMTAxMDAxMTAxMTAwMDAwMDEwIl0sWy03MywiRWhRPSJdLFstMTcsIjQ4Il0sWy0zMywiLSJdLFstNDQsIjAsNSwwLDUiXSxbLTQ1LCI3NTIsMCwwLDcxOSwwLDAsNzYxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTEsIkxpbnV4IHg4Nl82NCJdLFstNTEsIi0iXSxbLTY5LCJXaW4zMnx8fDQ4fC18LSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTM0LCItIl0sWy0zNSwiWzE3NjY4MjQzMjU4NDIsMF0iXSxbLTYwLCItIl0sWy03MCwiLSJdLFstOSwiLSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDEyODAsMTAyNCwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwwLDAsMCwwLFwiLVwiLFwiLVwiLDEyODAsMTAyNCxudWxsXSJdLFstMjUsIi0iXSxbLTI2LCItIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNTUsIjAiXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCI5ODMyMjYyOTBcIixcIjI4NzI4OTkzMjBcIixcIl8zXCIsXCIyODcyODk5MzIwXCJdLFwiZFwiOltdLFwiYlwiOltdLFwic1wiOjF9Il0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTY3LCItIl0sWy0xMywiLSJdLFstMjQsIltdIl0sWyJibmNoIiw1NTZdLFstMzksIltcIjIwMTAwMTAxXCIsMixcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLFwiMjAxODEwMDEwMDAwMDBcIixudWxsLGZhbHNlLG51bGwsZmFsc2UsbnVsbCw1LHRydWUsZmFsc2UsbnVsbCwwLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlXSJdLFstNDgsIltcIi1cIixcIi1cIixcIi1cIixcIi1cIixcIi1cIl0iXSxbLTY4LCItIl0sWy0xNiwiMCJdLFstMjAsIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJmYWxzZSJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMDAwMSJdLFstNTAsIi0iXSxbLTU5LCItIl0sWyJkZGIiLCIwLDgsMSwxLDAsMywwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDMsMCwwLDAsMiwwLDEsMCwwLDAsMCwxLDIsMzgsMCwxNiwwLDMsMCwwLDAsMSwwLDAsMCwwLDIsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCJdLFsiY2IiLCIxLDAsMCwwLDEsMCwwLDAsMSwzLDQsMCw2NSwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDEiXV0%3D\u0026dep=0\u0026pre=0\u0026sdd=\u0026cri=GZUDLlzGJl\u0026pto=829\u0026ver=65\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1766824325.TBMBy1zlpmfzupb6\u0026suid=1.1766824325.xb6q4s4Eqm2M871A\u0026tuid=1.1766824325.xu7Rcv4B8T5Kvyv7\u0026fbc=-\u0026gtm=-\u0026it=5%2C136%2C29\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=\u0026sck=-\u0026io=aGA2Oi15fzZz"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww9.froxysite.com\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 27 Dec 2025 08:32:06 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\nset-cookie: cg_uuid=89c4a5d26f1b03660a4930d101d9697b; Max-Age=29030400; Path=/; Expires=Sat, 28 Nov 2026 08:32:06 GMT; HttpOnly; Secure; SameSite=None\r\ntiming-allow-origin: http://ww9.froxysite.com\r\ncontent-length: 1098\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3274,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fcaca06d3215585a170b8bbfcb7110b1","sha1":"7f41ecc771a6fe48812a15cbbbc8e2120aaf2eb6","sha256":"6d784af351b6829007fb514e753b73ff6bcbb6f080e399af6248ae1f9e539f9c","sha512":"feeb77705de363419bcd96be2847053b84da2bfea9ccbe94e17e81c5d2a986a6962976794168ecab725e4348f183037497eb416066870fa2065e3079d4a1cc7f","ssdeep":"","tlshash":"ff61e96ca14eece311dd62e169d3ca874b529f66db4e340bb5ae729105c7360fc0b062","first_seen":"2025-12-27T08:32:31.379379Z","last_seen":"2025-12-27T08:32:31.379379Z","times_seen":1,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":103,"dns":1,"connect":32,"send":0,"wait":46,"receive":0,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bping.php?mspa=0\u0026crid=774272680\u0026vgd_rpth=%2Fola\u0026gdpr=1\u0026vgd_tsce=L1091\u0026vgd_setup=c21\u0026lper=100\u0026vgd_asn=50304\u0026cid=8CU230732\u0026hvsid=00001766824325928015326356486351\u0026r=1766824325929\u0026vgd_oreqf=one\u0026requrl=http%3A%2F%2Ffroxysite.com\u0026wshp=0\u0026vgd_cage=43\u0026cc=NO\u0026ssld=%7B%22QQNN%22%3A%22Ia%22%2C%22QQN75%22%3A%22mQjm%22%2C%22QQ8E%22%3A%22%22%2C%22QQQN%22%3A%229A%22%7D\u0026vi=1766824325487138225\u0026lf=6\u0026wsip=170762434\u0026vgd_oresf=one\u0026prid=8PR11258V\u0026ugd=4\u0026sc=03\u0026vgd_cdv=O2494\u0026vgd_l2type=dmola\u0026vgd_wlstp=0\u0026vgd_len=530\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yfdnzf.com/?dn=froxysite.com\u0026pid=9PO755G95","date":"2025-12-27T08:32:06.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /bping.php?mspa=0\u0026crid=774272680\u0026vgd_rpth=%2Fola\u0026gdpr=1\u0026vgd_tsce=L1091\u0026vgd_setup=c21\u0026lper=100\u0026vgd_asn=50304\u0026cid=8CU230732\u0026hvsid=00001766824325928015326356486351\u0026r=1766824325929\u0026vgd_oreqf=one\u0026requrl=http%3A%2F%2Ffroxysite.com\u0026wshp=0\u0026vgd_cage=43\u0026cc=NO\u0026ssld=%7B%22QQNN%22%3A%22Ia%22%2C%22QQN75%22%3A%22mQjm%22%2C%22QQ8E%22%3A%22%22%2C%22QQQN%22%3A%229A%22%7D\u0026vi=1766824325487138225\u0026lf=6\u0026wsip=170762434\u0026vgd_oresf=one\u0026prid=8PR11258V\u0026ugd=4\u0026sc=03\u0026vgd_cdv=O2494\u0026vgd_l2type=dmola\u0026vgd_wlstp=0\u0026vgd_len=530\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yfdnzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 08:32:06 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\nexpires: Fri, 26 Dec 2025 08:32:06 GMT\r\npragma: no-cache\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BU14N3uUUopF6OYhbd6Qd%2BKpR6h5J7Rnm4CiX0JiVoNkG5Rren75qi9ag5Suy3XP27PcIuFglsTZaq5egj5n76TLFU%2Bt0iSSse8xr%2BKMsxOvKA%3D%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9b4777262bd35697-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 87a, 1 x 1","md5":"6f1d74c7168076c7666246504a8c03f2","sha1":"00656377deb1a4393e0cf0055385b08b2b81b46c","sha256":"8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde","sha512":"e502484faa0dc2a1f23c7f715879db654f29d0af1d6f616467d3d1fc578c2d16fccaacd76c4a5ecae8451dc912323473559d29edbd322fe85b8f1e83a7cdf2f3","ssdeep":"","tlshash":"53900447f1401103d135403007075340070c5030145403050071507ddc1d7553d07410","first_seen":"2025-03-07T21:51:05.009549Z","last_seen":"2026-05-13T17:12:15.880786Z","times_seen":177189,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":18,"dns":0,"connect":1,"send":0,"wait":130,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"searchnowexpert.com","domain":"searchnowexpert.com","tld":"com"},"ip":{"addr":"199.191.50.135","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://yfdnzf.com/?dn=froxysite.com\u0026pid=9PO755G95","date":"2025-12-27T08:32:06.102Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"searchnowexpert.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 00:07:55 GMT","end":"Wed, 25 Mar 2026 00:07:54 GMT"},"fingerprint":{"sha1":"80:BB:5F:EE:E3:90:6A:7D:7E:01:9D:8C:19:0D:38:FE:20:0E:BB:16","sha256":"BB:EF:CD:B0:3E:07:DB:2D:98:59:98:36:5A:33:FA:7D:B8:B1:AE:B0:57:79:AD:85:C4:CC:CB:EC:9C:2B:41:63"}}},"request":{"raw":"GET /sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1 HTTP/1.1\r\nHost: searchnowexpert.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yfdnzf.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 27 Dec 2025 08:31:58 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\ncache-control: no-store, max-age=0\r\ncontent-encoding: gzip\r\nlink: \u003chttps://scripts.clarity.ms/0.8.45/clarity.js\u003e; rel=prefetch, \u003chttps://msadsscale.microsoft.com/bingads/telemetryJS.js\u003e; rel=prefetch, \u003chttps://www.clarity.ms\u003e; rel=dns-prefetch, \u003chttps://s.yimg.com/ds/scripts/selectTier-p1.1.0.js\u003e; rel=prefetch\r\nx-sc-h: 21-xddg\r\nvia: 1.1 google\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67233,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (46135), with CRLF, LF line terminators","md5":"5c528ac708e6d8d387d22b2fc969d5d4","sha1":"cc45f47eba2464f43b9eda647fbe6b3af516a09b","sha256":"fde04c5d27828f10bdaa2e9fcd6f8f47fe1f6b07801e824a42905c873f0a6d01","sha512":"ff7126332245959ff33dce8b5a950b4acf6268aae0879192532d33180291a1d96d9b166637db472749acaa0a3f9defd14727cc6f1adf55eb1ba72847177ed992","ssdeep":"1536:SDOIvC2kJSH3MMpuAwFQ9ffeAsfjFDPV775+F5TY4DPRuvdru/Sqi+g8:ShC2kJSH3MMpuAwFQ9ffeAsfjbW5TYwF","tlshash":"916349cd30c3742653b721a2413f2e0ef1aa1555768e8c44e5f9e5a63d3ca9f8a23e4d","first_seen":"2025-12-27T08:32:31.382467Z","last_seen":"2025-12-27T08:32:31.382467Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1281,"timings":{"blocked":384,"dns":0,"connect":123,"send":0,"wait":389,"receive":124,"ssl":259},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"searchnowexpert.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:07.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2615\r\nOrigin: http://ww9.froxysite.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww9.froxysite.com/\r\nCookie: cg_uuid=89c4a5d26f1b03660a4930d101d9697b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2615,"data":"e=37dfbd8ee84e00126ce8cf37ee44889b9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f67418bd08d56296b19f82e76568738d964c755340c209306015f345056c0b76c1d77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7f10225158aed82e687907f0ff4a2b84a3f07cc4e5597b4829fda0f092ce24bbcfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06871fed24b2ca79ba230da18ac19ef9b0ade5d9f9a6dce392984db728926cf8cfaf98eefe31b22ea3de5a9f03b2f4baecf71c2a648b1595444864f5081ccc3d8c6f88220d82dc0deedc872f86a696cc9352f84998b5536dbfe74e700ea9c00d639ef7c480b0c8c15b91cfac0a074fac87acc38f78cd3dc27c019486ee9551150684273cbec3bf4499482c721a6bf6bf69720cca9efbe25cfffa711267a88c8504fdcbb1f7104b4b4a27bb62688a800fdea45b37ca0339d4fd008caa93ecf063ae7a6957a223c660736165a15aafd916bd303ab5849422de4a949df997510ecec9ae3e87ec8ffe5e287ffa9f7434d38f84583a83d1cfe312c1a9d3f1d2c3abc3eef241fd0f7d320cf39833781b92dd3b90a9f7d072324017e168288b6dd7d7f169e6d04c8d1a4b3b7cb221782a2f938cf9b6171cad30c3d6eff97d15425b4258041d75fe45dc854dfba1b9cbf49a4d2ced58a5b70ada06d71881dcb91a2e952c57e3e1619863c1214e0df00dcbd5093c6c5aa019aded86d1c3d45a22fff50e847b8806996304b3d537a202ef3508f9d2115e43a82b5ff34d9cf4f846861ef4c3e3e95e8cd1805ad22a49c1ada1b235f09ef6e6e90a5ca69c95f2288da50f29dcff58142da5d522209e02e73078e9a0d40a86da4eccb288fd0ec0a416ee02e794e16c54915bac5a3\u0026cri=GZUDLlzGJl\u0026sf=0\u0026dc=PTUxKTlOKT4%2BZD4pPj4pPk9ieWBgKT5PPTk%2BKT5PPz47OCk%2BTzQ6NSk%2BTzU%2FOyk%2BTzQ%2FOCk%2BTzU%2FOyk%2BTzQ%2FPCk%2BTzwpPk89KT5PNTQ%2BKT5PNTQ%2BKTlIKj89MSk7Tik%2BPnspPj4pP009Oz4pPk8pPj5kKT4%2BKT9NOD4pPk8pPj5uUyk%2BPik%2FTTopO0gqOz0xKTtOKT4%2BZWJvKT4%2BKT9NPSk%2BTyk%2BPm5TKT4%2BKT9NPCk7SCo9OD0xKTtOKT4%2Bfyk%2BPik%2FTT0pPk8pPj5uUyk%2BPik%2FTTwpO0gqPTk1MSk7Tik%2BPmk8KT4%2BKT9NKT4%2BfyJraXhObXh4aX51KT48ZX8pPjxiY3gpPjxtKT48anlib3hlY2IpPj4pPk8pPj5uUyk%2BPik%2FTTwpO0gqPz46MSk5Tik7Tik%2BPm4pPj4pP008KT5PKT4%2Bfyk%2BPik%2FTSk%2BPj0pPj4pO0gpPk8pO04pPj5uKT4%2BKT9NPCk%2BTyk%2BPn8pPj4pP00pPj49KT4%2BKTtIKTlIKjk%2BPDEpO04pPj58KT4%2BKT9NKT4%2BW2ViPz4pPj4pPk8pPj5gKT4%2BKT9NKTlOKT4%2BaWIhWV8pPj4pPk8pPj5pYik%2BPik5SCk%2BTyk%2BPmRvKT4%2BKT9NODQpPk8pPj5uUyk%2BPik%2FTT0%2BKTtIKjQ7ODEpO04pPj5%2FKT4%2BKT9NPCk%2BTyk%2BPmkpPj4pP00pPj5ceW5gZW9HaXVPfmloaWJ4ZW1gKT48ZX8pPjxiY3gpPjxoaWplYmloKT4%2BKT5PKT4%2BblMpPj4pP008KTtI\u0026cp=1\u0026gtm=-\u0026gac=-\u0026uvid=6b8747b02306b2a7af7fa41cedbf6d436f3602bb\u0026tb=1\u0026ich=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=1036\u0026mo=0\u0026pn=2039\u0026spn=1003\u0026fp=169"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww9.froxysite.com\r\ncontent-type: application/json\r\ndate: Sat, 27 Dec 2025 08:32:07 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T17:27:39.929878Z","times_seen":15121638,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:16.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1724\r\nOrigin: http://ww9.froxysite.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww9.froxysite.com/\r\nCookie: cg_uuid=89c4a5d26f1b03660a4930d101d9697b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1724,"data":"e=37dfbd8ee84e00126ce8cf37ee44889b9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f67418bd08d56296b19f82e76568738d964c755340c209306015f345056c0b76c1d77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7f10225158aed82e687907f0ff4a2b84a3f07cc4e5597b4829fda0f092ce24bbcfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06871fed24b2ca79ba230da18ac19ef9b0ade5d9f9a6dce392984db728926cf8cfaf98eefe31b22ea3de5a9f03b2f4baecf71c2a648b1595444864f5081ccc3d8c6f88220d82dc0deedc872f86a696cc9352f84998b5536dbfe74e700ea9c00d639ef7c480b0c8c15b91cfac0a074fac87acc38f78cd3dc27c019486ee9551150684273cbec3bf4499482c721a6bf6bf69720cca9efbe25cfffa711267a88c8504fdcbb1f7104b4b4a27bb62688a800fdea45b37ca0339d4fd008caa93ecf063ae7a6957a223c660736165a15aafd916bd303ab5849422de4a949df997510ecec9ae3e87ec8ffe5e287ffa9f7434d38f84583a83d1cfe312c1a9d3f1d2c3abc3eef241fd0f7d320cf39833781b92dd3b90a9f7d072324017e168288b6dd7d7f169e6d04c8d1a4b3b7cb221782a2f938cf9b6171cad30c3d6eff97d15425b4258041d75fe45dc854dfba1b9cbf49a4d2ced58a5b70ada06d71881dcb91a2e952c57e3e1619863c1214e0df00dcbd5093c6c5aa019aded86d1c3d45a22fff50e847b8806996304b3d537a202ef3508f9d2115e43a82b5ff34d9cf4f846861ef4c3e3e95e8cd1805ad22a49c1ada1b235f09ef6e6e90a5ca69c95f2288da50f29dcff58142da5d522209e02e73078e9a0d40a86da4eccb288fd0ec0a416ee02e794e16c54915bac5a3\u0026cri=GZUDLlzGJl\u0026sf=0\u0026dc=\u0026cp=10\u0026gtm=-\u0026gac=-\u0026uvid=6b8747b02306b2a7af7fa41cedbf6d436f3602bb\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=10052\u0026mo=0\u0026pn=11054\u0026spn=1003\u0026fp=169\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww9.froxysite.com\r\ncontent-type: application/json\r\ndate: Sat, 27 Dec 2025 08:32:16 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T17:27:39.929878Z","times_seen":15121638,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us2.froxysite.com/","fqdn":"us2.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-27T08:32:00.515Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: us2.froxysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T17:27:39.929878Z","times_seen":15121638,"resource_available":true,"data":null}},"time_used":301,"timings":{"blocked":0,"dns":114,"connect":88,"send":0,"wait":0,"receive":0,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"us2.froxysite.com/favicon.ico","fqdn":"us2.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"173.239.8.164","port":80,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://us2.froxysite.com/","date":"2025-12-27T08:32:01.222Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: us2.froxysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://us2.froxysite.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.20.1\r\nDate: Sat, 27 Dec 2025 08:32:01 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"932da5a430ff6db1bc48425b567d56fa","sha1":"e7e88023dbbc6346d354ffe9fb7db957888c2299","sha256":"10174434dbe479c08b32ce3b42b70e7c6336647d29e4393483158d590d35c325","sha512":"f30ad93d17d8ceb3ec2727a08a6ce7fc59da51a66ba7aeb2ab93efc84af4e16ea442769f9a5be140287e24d3e431218b0fec1e52e78ea70e5f8607b6569108e4","ssdeep":"","tlshash":"51c02b2d75137c4cc963327422c37180c0c6833764ba8112c480800331cf29a8ac3397","first_seen":"2023-04-05T05:55:13Z","last_seen":"2026-05-13T17:12:15.890879Z","times_seen":5710,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww9.froxysite.com/","fqdn":"ww9.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-27T08:32:01.958Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ww9.froxysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://froxysite.com/\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T17:27:39.929878Z","times_seen":15121638,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"ww9.froxysite.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"msadsscale.microsoft.com/bingads/telemetryJS.js","fqdn":"msadsscale.microsoft.com","domain":"microsoft.com","tld":"com"},"ip":{"addr":"13.107.213.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2025-12-27T08:32:07.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msadsscale.microsoft.com","organization":""},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 21 Dec 2025 00:00:00 GMT","end":"Sun, 21 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"2C:BD:B0:AB:44:13:2E:20:B9:4A:CE:77:54:53:0B:D3:6F:B7:12:AB","sha256":"F0:73:26:EC:1A:F7:21:8F:A5:59:85:8A:09:7C:FC:E8:93:49:67:48:66:67:5E:8F:5C:8E:AE:44:2A:82:6B:F0"}}},"request":{"raw":"GET /bingads/telemetryJS.js HTTP/1.1\r\nHost: msadsscale.microsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://searchnowexpert.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 08:32:07 GMT\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 12 Mar 2025 08:06:51 GMT\r\netag: W/\"0x8DD613CD8BAF720\"\r\nx-ms-request-id: 17bf31f1-101e-0014-4a9a-758a43000000\r\nx-ms-version: 2018-03-28\r\naccess-control-expose-headers: content-length\r\naccess-control-allow-origin: *\r\nx-azure-ref: 20251227T083207Z-17f644c559992w9xhC1SVG4vg40000000pt0000000006k2h\r\nx-fd-int-roxy-purgeid: 3\r\nx-cache: TCP_HIT\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]},{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]}],"data":{"size":72824,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65504), with no line terminators","md5":"84bf71fe11d71bedaac885462b1d2940","sha1":"bdcf95799b79eea873329ddbd112eda32f47877e","sha256":"a8d28463855fcf949fb31963246cc6c55ea9baf9c5551b327687dcd6076502f7","sha512":"02d7de1db70f021c17bc184e1e795cc01f63889731f444ca429040f3599dccdb346c68e8e5e69fc81060972b7ccbcebf1e9294e50318957ded8cb0cbeecacb3e","ssdeep":"768:TM4lJgxIU3OPOEUi6UsQ6R1k/Y7/LKF/ZE/4OkeZChQZqeYQYTyCLJV6N//MFgPc:A4voIU+POE3kMMmF/6VbqXQQfI/EgYuo","tlshash":"5a63938df1d1b0f607e7a0e5412f960ae1b72968b45ea8d6e6a1d4e09c7884f1037f7c","first_seen":"2025-03-13T12:39:24.627452Z","last_seen":"2026-05-13T17:12:15.885285Z","times_seen":126451,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":49,"dns":10,"connect":19,"send":0,"wait":38,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.yimg.com/ds/scripts/selectTier-p1.1.0.js","fqdn":"s.yimg.com","domain":"yimg.com","tld":"com"},"ip":{"addr":"87.248.119.252","port":443,"asn":203220,"as":"Yahoo-UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2025-12-27T08:32:07.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yahoo.com","organization":"Yahoo Holdings Inc."},"issuer":{"commonName":"DigiCert SHA2 High Assurance Server CA","organization":"DigiCert Inc"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Wed, 21 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"24:1C:45:0A:5D:1C:D7:ED:7A:D5:E6:FA:55:FD:EE:95:53:AE:FA:77","sha256":"18:A3:9C:6B:4D:4C:7B:B4:54:34:AC:7E:B0:00:DB:9D:89:03:B3:A9:7F:5F:2A:1B:A9:62:49:67:87:3E:F0:8C"}}},"request":{"raw":"GET /ds/scripts/selectTier-p1.1.0.js HTTP/1.1\r\nHost: s.yimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://searchnowexpert.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: 90i09S6lcB84sCDTgDa5tCxtBXqWhIle03LtTAMndGKGr06TCNwG8R5uNiDl/vHZo2dyT3bBIhhAg8V3TE2beWPPjDCHxorr+a+rFfB1Ru0=\r\nx-amz-request-id: PKN9DBMX999ZZ3TJ\r\ndate: Sat, 27 Dec 2025 08:31:32 GMT\r\nlast-modified: Thu, 20 Nov 2025 17:25:39 GMT\r\ncache-control: public,max-age=60\r\nx-amz-version-id: cBEvYraRJPb_oZIzj59OF.PVkaCjFNDl\r\naccept-ranges: bytes\r\ncontent-type: application/javascript\r\nserver: ATS\r\nvary: Origin, Accept-Encoding\r\netag: \"3e822c257ba7fef24f528f4691aeb99b-df\"\r\nage: 36\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: gzip\r\ncontent-length: 4373\r\nstrict-transport-security: max-age=31536000\r\nats-carp-promotion: 1, 1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache Traffic Server","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":12818,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12818), with no line terminators","md5":"3e822c257ba7fef24f528f4691aeb99b","sha1":"f819207c02f62baca71d1ebd1c5b3703312f630f","sha256":"3799b25dd5ee04f751d55c8fef57734264b83fa875b4270a2069bb0b42af9e5e","sha512":"84b5a5f85166699f09a77cf3b358be9d4e3d2386b06134dce6321869d6ab6e9517c43dadd25519e72e683a33010c41a233020b7cc799ef275be870890c98bf6c","ssdeep":"384:tKjiEAbREf2vfxpw5LISLJM6IhJocevD5tg:5gfGw9IEm6IhJmng","tlshash":"da42b5d57886b47627ab81a0b53f232532335c36240dd79076498678aa4cf8f9323fec","first_seen":"2025-11-20T17:27:39.740418Z","last_seen":"2026-03-17T16:07:28.498685Z","times_seen":75555,"resource_available":true,"data":null}},"time_used":210,"timings":{"blocked":64,"dns":37,"connect":29,"send":0,"wait":41,"receive":2,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:09.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1721\r\nOrigin: http://ww9.froxysite.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww9.froxysite.com/\r\nCookie: cg_uuid=89c4a5d26f1b03660a4930d101d9697b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1721,"data":"e=37dfbd8ee84e00126ce8cf37ee44889b9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f67418bd08d56296b19f82e76568738d964c755340c209306015f345056c0b76c1d77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7f10225158aed82e687907f0ff4a2b84a3f07cc4e5597b4829fda0f092ce24bbcfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06871fed24b2ca79ba230da18ac19ef9b0ade5d9f9a6dce392984db728926cf8cfaf98eefe31b22ea3de5a9f03b2f4baecf71c2a648b1595444864f5081ccc3d8c6f88220d82dc0deedc872f86a696cc9352f84998b5536dbfe74e700ea9c00d639ef7c480b0c8c15b91cfac0a074fac87acc38f78cd3dc27c019486ee9551150684273cbec3bf4499482c721a6bf6bf69720cca9efbe25cfffa711267a88c8504fdcbb1f7104b4b4a27bb62688a800fdea45b37ca0339d4fd008caa93ecf063ae7a6957a223c660736165a15aafd916bd303ab5849422de4a949df997510ecec9ae3e87ec8ffe5e287ffa9f7434d38f84583a83d1cfe312c1a9d3f1d2c3abc3eef241fd0f7d320cf39833781b92dd3b90a9f7d072324017e168288b6dd7d7f169e6d04c8d1a4b3b7cb221782a2f938cf9b6171cad30c3d6eff97d15425b4258041d75fe45dc854dfba1b9cbf49a4d2ced58a5b70ada06d71881dcb91a2e952c57e3e1619863c1214e0df00dcbd5093c6c5aa019aded86d1c3d45a22fff50e847b8806996304b3d537a202ef3508f9d2115e43a82b5ff34d9cf4f846861ef4c3e3e95e8cd1805ad22a49c1ada1b235f09ef6e6e90a5ca69c95f2288da50f29dcff58142da5d522209e02e73078e9a0d40a86da4eccb288fd0ec0a416ee02e794e16c54915bac5a3\u0026cri=GZUDLlzGJl\u0026sf=0\u0026dc=\u0026cp=3\u0026gtm=-\u0026gac=-\u0026uvid=6b8747b02306b2a7af7fa41cedbf6d436f3602bb\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=3040\u0026mo=0\u0026pn=4043\u0026spn=1003\u0026fp=169\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww9.froxysite.com\r\ncontent-type: application/json\r\ndate: Sat, 27 Dec 2025 08:32:09 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T17:27:39.929878Z","times_seen":15121638,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:11.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1721\r\nOrigin: http://ww9.froxysite.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww9.froxysite.com/\r\nCookie: cg_uuid=89c4a5d26f1b03660a4930d101d9697b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1721,"data":"e=37dfbd8ee84e00126ce8cf37ee44889b9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f67418bd08d56296b19f82e76568738d964c755340c209306015f345056c0b76c1d77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7f10225158aed82e687907f0ff4a2b84a3f07cc4e5597b4829fda0f092ce24bbcfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06871fed24b2ca79ba230da18ac19ef9b0ade5d9f9a6dce392984db728926cf8cfaf98eefe31b22ea3de5a9f03b2f4baecf71c2a648b1595444864f5081ccc3d8c6f88220d82dc0deedc872f86a696cc9352f84998b5536dbfe74e700ea9c00d639ef7c480b0c8c15b91cfac0a074fac87acc38f78cd3dc27c019486ee9551150684273cbec3bf4499482c721a6bf6bf69720cca9efbe25cfffa711267a88c8504fdcbb1f7104b4b4a27bb62688a800fdea45b37ca0339d4fd008caa93ecf063ae7a6957a223c660736165a15aafd916bd303ab5849422de4a949df997510ecec9ae3e87ec8ffe5e287ffa9f7434d38f84583a83d1cfe312c1a9d3f1d2c3abc3eef241fd0f7d320cf39833781b92dd3b90a9f7d072324017e168288b6dd7d7f169e6d04c8d1a4b3b7cb221782a2f938cf9b6171cad30c3d6eff97d15425b4258041d75fe45dc854dfba1b9cbf49a4d2ced58a5b70ada06d71881dcb91a2e952c57e3e1619863c1214e0df00dcbd5093c6c5aa019aded86d1c3d45a22fff50e847b8806996304b3d537a202ef3508f9d2115e43a82b5ff34d9cf4f846861ef4c3e3e95e8cd1805ad22a49c1ada1b235f09ef6e6e90a5ca69c95f2288da50f29dcff58142da5d522209e02e73078e9a0d40a86da4eccb288fd0ec0a416ee02e794e16c54915bac5a3\u0026cri=GZUDLlzGJl\u0026sf=0\u0026dc=\u0026cp=5\u0026gtm=-\u0026gac=-\u0026uvid=6b8747b02306b2a7af7fa41cedbf6d436f3602bb\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=5045\u0026mo=0\u0026pn=6047\u0026spn=1003\u0026fp=169\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww9.froxysite.com\r\ncontent-type: application/json\r\ndate: Sat, 27 Dec 2025 08:32:11 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T17:27:39.929878Z","times_seen":15121638,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:21.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1724\r\nOrigin: http://ww9.froxysite.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww9.froxysite.com/\r\nCookie: cg_uuid=89c4a5d26f1b03660a4930d101d9697b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1724,"data":"e=37dfbd8ee84e00126ce8cf37ee44889b9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f67418bd08d56296b19f82e76568738d964c755340c209306015f345056c0b76c1d77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7f10225158aed82e687907f0ff4a2b84a3f07cc4e5597b4829fda0f092ce24bbcfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06871fed24b2ca79ba230da18ac19ef9b0ade5d9f9a6dce392984db728926cf8cfaf98eefe31b22ea3de5a9f03b2f4baecf71c2a648b1595444864f5081ccc3d8c6f88220d82dc0deedc872f86a696cc9352f84998b5536dbfe74e700ea9c00d639ef7c480b0c8c15b91cfac0a074fac87acc38f78cd3dc27c019486ee9551150684273cbec3bf4499482c721a6bf6bf69720cca9efbe25cfffa711267a88c8504fdcbb1f7104b4b4a27bb62688a800fdea45b37ca0339d4fd008caa93ecf063ae7a6957a223c660736165a15aafd916bd303ab5849422de4a949df997510ecec9ae3e87ec8ffe5e287ffa9f7434d38f84583a83d1cfe312c1a9d3f1d2c3abc3eef241fd0f7d320cf39833781b92dd3b90a9f7d072324017e168288b6dd7d7f169e6d04c8d1a4b3b7cb221782a2f938cf9b6171cad30c3d6eff97d15425b4258041d75fe45dc854dfba1b9cbf49a4d2ced58a5b70ada06d71881dcb91a2e952c57e3e1619863c1214e0df00dcbd5093c6c5aa019aded86d1c3d45a22fff50e847b8806996304b3d537a202ef3508f9d2115e43a82b5ff34d9cf4f846861ef4c3e3e95e8cd1805ad22a49c1ada1b235f09ef6e6e90a5ca69c95f2288da50f29dcff58142da5d522209e02e73078e9a0d40a86da4eccb288fd0ec0a416ee02e794e16c54915bac5a3\u0026cri=GZUDLlzGJl\u0026sf=0\u0026dc=\u0026cp=15\u0026gtm=-\u0026gac=-\u0026uvid=6b8747b02306b2a7af7fa41cedbf6d436f3602bb\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=15068\u0026mo=0\u0026pn=16071\u0026spn=1003\u0026fp=169\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww9.froxysite.com\r\ncontent-type: application/json\r\ndate: Sat, 27 Dec 2025 08:32:21 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T17:27:39.929878Z","times_seen":15121638,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"us2.froxysite.com/","fqdn":"us2.froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"173.239.8.164","port":80,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-27T08:32:00.833Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: us2.froxysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sat, 27 Dec 2025 08:32:00 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":354,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"784aeba68b8ebcd114f18418490cee47","sha1":"04c0795ea171340a464c28e4095622a4cc338338","sha256":"d6336ec47f0a8fc3523a7e5c89ed294ff12b6f12d37851591286bbeca57e4140","sha512":"f82d60feaeba5db59382cb66162e385f9f1ad0bcf6751328d086ba3c84e6f6012632f9b628237670075dd1cb31f06c5bb9fb4e9a72a451b1e5fadca1e13fa134","ssdeep":"","tlshash":"73e026d2fd05dd35962bdd70b9e0f60c188c40a6a9469884b3c059a96470f93c9937ea","first_seen":"2025-12-27T08:32:31.388002Z","last_seen":"2025-12-27T08:32:31.388002Z","times_seen":1,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":87,"dns":1,"connect":87,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/pics/9000/09/593//arrrow.png","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2025-12-27T08:32:06.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /__media__/pics/9000/09/593//arrrow.png HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://searchnowexpert.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 27 Dec 2025 08:32:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 283\r\nserver: cloudflare\r\nlast-modified: Thu, 06 Mar 2025 13:05:37 GMT\r\naccept-ranges: bytes\r\ncache-control: public, max-age=604800\r\nvia: 1.1 google\r\nx-cache-status: miss\r\nalt-svc: h3=\":443\"; ma=86400\r\netag: \"11b-62fac2985d568\"\r\nage: 263257\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1cd0cigjGT6S4KPzcp7guj8Qz9mbkUx%2BsALj3H49Ib4PFfywELagQD9scpjHsgLt84iZar4wFIonlPAeHhbSUdVY5O2DsWqwVFhIrHpN495W3Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b47772b7bbb56a4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":283,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 17 x 27, 8-bit colormap, non-interlaced","md5":"80d42c82a6c37da90210fd60a2f36128","sha1":"554ba7c84d2a27ecf3b1f29d03e62101936b54d8","sha256":"a1626e2d9160a0890a0a8d6e3af9e7095d68a24f9fb5ac8a166000c9a2581e10","sha512":"8ecb032c38176996ee637009833f3399f773b325e4f574fbbd26f93cdb82892c4143c5816543052b3a5123b89ef4b1aaca0407315aab879968085e61a20786b6","ssdeep":"","tlshash":"38d023cb5d512c3dd3615031445810799df2ad602c774182013eb4760f73545c658714","first_seen":"2023-04-06T17:33:21Z","last_seen":"2026-05-13T17:12:15.883914Z","times_seen":183369,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/pics/9000/09/593//bg1.png","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2025-12-27T08:32:06.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /__media__/pics/9000/09/593//bg1.png HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://searchnowexpert.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 27 Dec 2025 08:32:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 17986\r\nserver: cloudflare\r\naccept-ranges: bytes\r\nvia: 1.1 google\r\ncache-control: public, max-age=604800\r\nlast-modified: Thu, 06 Mar 2025 12:55:21 GMT\r\nage: 107973\r\nx-cache-status: hit\r\nalt-svc: h3=\":443\"; ma=86400\r\netag: \"4642-62fac04c7759a\"\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9GcE6xlubkz6veXBdZoVOf8UjSN%2BZcKT42XMdXjkSrIUMSaMgPYqq%2FXE2RXpxBfdHVVLvFxaIXwop0FSZCcCIAXXvyRnfGTsWcmSZNu1drCglA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b47772b7bbc56a4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":17986,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1730 x 988, 4-bit colormap, non-interlaced","md5":"825ccd29ac102fcadaf92b2343d5917b","sha1":"24472e766cfac5b82a73b219796556a0a3702bd6","sha256":"0878fb2875c0ad852de8fb3e8f443afdf3064890f1443b3feccc274382f913cd","sha512":"71b8e7c0813227f5efa4b4e0561978b13672f46ee441bc222ad77aa46a32f0f44a5dab3ef038bb3418190e69dced597a79e77566da01a259f1cd6b5298a08662","ssdeep":"384:/ATpX6Cex7jSxPgvgsODg/B2HgqSSeMjhRNAxB60ZL/HU+HqofTBf:ipX6nx7elggsODg52AqSSJhIxBZZLc8N","tlshash":"8a82bef49ea4241cdde2dfbce09243d635e8fb03481a9c516bcb46c27459ea2782c71d","first_seen":"2023-04-06T22:32:28Z","last_seen":"2026-05-13T17:12:15.896069Z","times_seen":183291,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/fonts/montserrat_regular/montserrat_regular.woff","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2025-12-27T08:32:06.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /__media__/fonts/montserrat_regular/montserrat_regular.woff HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://searchnowexpert.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://searchnowexpert.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 27 Dec 2025 08:32:06 GMT\r\ncontent-type: font/woff\r\ncontent-length: 24744\r\nserver: cloudflare\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nedge-control: downstream-ttl=1d\r\nvia: 1.1 google\r\ncache-control: public, max-age=604800\r\nlast-modified: Mon, 16 May 2016 10:39:41 GMT\r\netag: \"60a8-532f33dedf540\"\r\nage: 540374\r\nx-cache-status: hit\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XyB9LONpQuzwuUDHNvwkYl3TTgy580G9xx58levTIqs6lj0MPL2xniiRSwhbsVcHXoFYEsBo5pieGnsor2ekmJpCGg%2B8e7ZCTFg8shEfUSP0Ng%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b47772b9bdc56a4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":24744,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 24744, version 1.0","md5":"987e102655eee6557d9e5de5eda2dbd7","sha1":"9cfb173085bc54a3e7a4f377e5184cba87ad7a67","sha256":"1354d1ffff7cde96f66dd463a7a9d9bc627c2ea55c1a12c7f0b5c63594622c3e","sha512":"bccd46bbc05dc333869797877f2702294f24f697bd5cf8c42210092d74ddb261b301fa1cb09f79ddc2fb1dc5a54acb3aabde5454920ab195fc906cfddf1be75a","ssdeep":"768:Vw0BKrqrg0KoirVY+RpyVvAfeiCONpPkIw31R:q0BKH0Koiu+Tyqfe1cCH31R","tlshash":"80b2d138a2776205f24c16f579030b361dda21ba925e47bb062360ae1db9a4cd18a24f","first_seen":"2025-04-10T23:48:29.909914Z","last_seen":"2026-05-13T17:12:15.884543Z","times_seen":158361,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"froxysite.com/","fqdn":"froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"74.206.228.78","port":80,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-27T08:32:01.121Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: froxysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 12\r\nOrigin: http://us2.froxysite.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://us2.froxysite.com/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"ic=0\u0026fb=true"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Sat, 27 Dec 2025 08:32:01 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":180,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"31453f801c3bcb9c3d72b9631ba85c8d","sha1":"c8a302dfedb4b333b8d1022e929853609b796a5c","sha256":"36aebf6206c61e06c34444e073c88cea0c44f76d95e581091bbd4fe1b1fd6ee5","sha512":"67b36622d7a9dc9999dfd0f1bd5ec3269e589fb8c8f30bbb1ccdc2cd431de0472625ee3d930185a64800ccde4f7f534c20220a8925439f672b5a40309d293696","ssdeep":"","tlshash":"94c08ceb0c69a51ca9709561fdf2b34c64a5a46260b1ec8072d0557b55c0f97ca433a8","first_seen":"2025-12-27T08:32:31.393384Z","last_seen":"2025-12-27T08:32:31.393384Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1011,"timings":{"blocked":215,"dns":128,"connect":89,"send":0,"wait":578,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-27T08:32:01Z","timestamp":1766824321,"ip_dst":{"addr":"74.206.228.78","port":80,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.21","port":59734,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Win32/Zonebac Traffic Redirect","source":"{\"timestamp\":\"2025-12-27T08:32:01.914090+0000\",\"flow_id\":47281575412670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":59734,\"dest_ip\":\"74.206.228.78\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2030821,\"rev\":1,\"signature\":\"ET ADWARE_PUP Win32/Zonebac Traffic Redirect\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_09_01\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_01\"]}},\"http\":{\"hostname\":\"froxysite.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://us2.froxysite.com/\",\"http_method\":\"POST\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":163},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":12,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":822,\"bytes_toclient\":564,\"start\":\"2025-12-27T08:32:01.246718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"froxysite.com/favicon.ico","fqdn":"froxysite.com","domain":"froxysite.com","tld":"com"},"ip":{"addr":"74.206.228.78","port":80,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://froxysite.com/","date":"2025-12-27T08:32:02.058Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: froxysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://froxysite.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0\r\nDate: Sat, 27 Dec 2025 08:32:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"706a98254456810d3e849c3957af9d01","sha1":"e461d072a6ba8f0082d6f187eba7f053343529c6","sha256":"8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229","sha512":"6fd0837b6c7485fcd783da728d9759a49f48e8a2f4757301a921735f7f41240b890b87672725c90e8295a21d039a369b203246e8bf71596cf1e2f9b543bc0277","ssdeep":"","tlshash":"fec02b2d36137c4cc5a3317432c3b080c0e6933774fa45110440800331cf2998ac7397","first_seen":"2023-03-25T23:23:32Z","last_seen":"2026-05-13T15:37:29.439129Z","times_seen":6843,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":89,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"euob.youstarsbuilding.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js","fqdn":"euob.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:05.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 18 May 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:29:53:45:CD:1F:37:FB:0A:5B:EE:BA:2B:10:20:63:7D:EE:AB:EB","sha256":"2F:1E:65:36:AB:FD:A7:A0:E2:EF:4F:B3:C2:81:B9:D4:40:D5:97:BE:7F:28:61:2C:32:1D:24:77:4B:21:66:37"}}},"request":{"raw":"GET /sxp/i/636f8b858f681acb7bfa6f583a96630a.js HTTP/1.1\r\nHost: euob.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww9.froxysite.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 44288\r\ncontent-encoding: gzip\r\nserver: Caddy\r\ndate: Sat, 27 Dec 2025 03:02:26 GMT\r\ncache-control: max-age=43200\r\nexpires: Sat, 27 Dec 2025 15:02:24 GMT\r\netag: \"1d445-zxW1ICvSAGwX+6Fi/2PHz6ln+qA\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: cJMghf1j3y-hKaxsyJRVneU_UpOgIy2c2sB2-GA7VpaZCiAF-HVo2w==\r\nage: 19781\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":119877,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"data","md5":"ab2ddfd9871e5b38a5a9225bb63c22c4","sha1":"cf15b5202bd2006c17fba162ff63c7cfa967faa0","sha256":"38ac2911b1bd7669eb602921ee19bbad89caf9dff0ad356cadd2073b27f64d6a","sha512":"506b5713dd0efbe965a93b57be2cb44b1c17b6f3653053b42a46c0fb6fe9877dc69f9c3b02011dbcd44f356d1bf427649f370e8d6a8ef08551af9cf8ea250f4e","ssdeep":"1536:Qu5y/b5E0bwM7sIo8L0SUs8LonlEzsjxM96nhXxwcTkYtsdlBnFIUtY0PVEWm/5l:QuQb7O8hzjnhGdhtNP8/kLP/V+ZF","tlshash":"cdc3d79db2e27025439334a5157f410ae27b5e503c4b8294d27ee9d4ac7ce8e817bfac","first_seen":"2025-11-19T10:05:19.366722Z","last_seen":"2026-01-07T23:37:36.594718Z","times_seen":4508,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":10,"dns":1,"connect":1,"send":0,"wait":1,"receive":2,"ssl":6},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"Blocklist","title":"ThreatFox","description":"ThreatFox","scan_date":"","alert":"FAKEUPDATES","trigger":"euob.youstarsbuilding.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js","verdict":"malicious","severity":"medium","comment":"FAKEUPDATES","link":"https://threatfox.abuse.ch/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yfdnzf.com/?dn=froxysite.com\u0026pid=9PO755G95","fqdn":"yfdnzf.com","domain":"yfdnzf.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:05.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yfdnzf.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 01:56:24 GMT","end":"Wed, 18 Feb 2026 01:56:23 GMT"},"fingerprint":{"sha1":"2F:B8:14:60:52:5E:19:CD:51:37:C8:FE:A4:F2:A0:86:4E:58:10:C3","sha256":"49:B9:84:6E:2E:4B:29:83:0E:F7:FD:FD:6B:F2:43:F5:02:A8:F9:EC:E5:42:8B:0B:68:B9:EF:99:1B:FE:51:80"}}},"request":{"raw":"GET /?dn=froxysite.com\u0026pid=9PO755G95 HTTP/1.1\r\nHost: yfdnzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww9.froxysite.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 27 Dec 2025 08:31:57 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nx-sc-h: 21-aepk\r\nvia: 1.1 google\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9753,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (9586)","md5":"dda4d7d824308dee55152e9c331fc097","sha1":"44be609870249eb05dc22699dedde89dd9a23d3c","sha256":"337f29ea962d21a0604b446fd00d93815cd804af35adf4a9501e3940652ee1ac","sha512":"6b10ada7efee1e13905dc5a6bea8b93318ba825f82a725815f94008c77d59f6b77af1a2e9c14dbd06357c4698ec18d9c8a13799626842146e2cc1592b0cb5eea","ssdeep":"192:f57Nyu+7w6+Moii9ni1lEcp5hjQPQhMLGAvJ+7w6+Moii9ni1lEcp5hjQPQhCQBG:+bq81mc81yAvQq81mc8RUBI","tlshash":"db122a5200bb9c104ada0022df7defdfb1dd5e1b6dee6c0c66888809205eba71d619b9","first_seen":"2025-12-27T08:32:31.396764Z","last_seen":"2025-12-27T08:32:31.396764Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1017,"timings":{"blocked":402,"dns":26,"connect":123,"send":0,"wait":212,"receive":1,"ssl":250},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126ce8cf37ee44889b9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f67418bd08d56296b19f82e76568738d964c755340c209306015f345056c0b76c1d77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7f10225158aed82e687907f0ff4a2b84a3f07cc4e5597b4829fda0f092ce24bbcfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06871fed24b2ca79ba230da18ac19ef9b0ade5d9f9a6dce392984db728926cf8cfaf98eefe31b22ea3de5a9f03b2f4baecf71c2a648b1595444864f5081ccc3d8c6f88220d82dc0deedc872f86a696cc9352f84998b5536dbfe74e700ea9c00d639ef7c480b0c8c15b91cfac0a074fac87acc38f78cd3dc27c019486ee9551150684273cbec3bf4499482c721a6bf6bf69720cca9efbe25cfffa711267a88c8504fdcbb1f7104b4b4a27bb62688a800fdea45b37ca0339d4fd008caa93ecf063ae7a6957a223c660736165a15aafd916bd303ab5849422de4a949df997510ecec9ae3e87ec8ffe5e287ffa9f7434d38f84583a83d1cfe312c1a9d3f1d2c3abc3eef241fd0f7d320cf39833781b92dd3b90a9f7d072324017e168288b6dd7d7f169e6d04c8d1a4b3b7cb221782a2f938cf9b6171cad30c3d6eff97d15425b4258041d75fe45dc854dfba1b9cbf49a4d2ced58a5b70ada06d71881dcb91a2e952c57e3e1619863c1214e0df00dcbd5093c6c5aa019aded86d1c3d45a22fff50e847b8806996304b3d537a202ef3508f9d2115e43a82b5ff34d9cf4f846861ef4c3e3e95e8cd1805ad22a49c1ada1b235f09ef6e6e90a5ca69c95f2288da50f29dcff58142da5d522209e02e73078e9a0d40a86da4eccb288fd0ec0a416ee02e794e16c54915bac5f20a48d31b31a1cbd812928de4984b28ec61e7443f1b\u0026cri=GZUDLlzGJl\u0026ts=179\u0026cb=1766824326153","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww9.froxysite.com/","date":"2025-12-27T08:32:06.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126ce8cf37ee44889b9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f67418bd08d56296b19f82e76568738d964c755340c209306015f345056c0b76c1d77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7f10225158aed82e687907f0ff4a2b84a3f07cc4e5597b4829fda0f092ce24bbcfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06871fed24b2ca79ba230da18ac19ef9b0ade5d9f9a6dce392984db728926cf8cfaf98eefe31b22ea3de5a9f03b2f4baecf71c2a648b1595444864f5081ccc3d8c6f88220d82dc0deedc872f86a696cc9352f84998b5536dbfe74e700ea9c00d639ef7c480b0c8c15b91cfac0a074fac87acc38f78cd3dc27c019486ee9551150684273cbec3bf4499482c721a6bf6bf69720cca9efbe25cfffa711267a88c8504fdcbb1f7104b4b4a27bb62688a800fdea45b37ca0339d4fd008caa93ecf063ae7a6957a223c660736165a15aafd916bd303ab5849422de4a949df997510ecec9ae3e87ec8ffe5e287ffa9f7434d38f84583a83d1cfe312c1a9d3f1d2c3abc3eef241fd0f7d320cf39833781b92dd3b90a9f7d072324017e168288b6dd7d7f169e6d04c8d1a4b3b7cb221782a2f938cf9b6171cad30c3d6eff97d15425b4258041d75fe45dc854dfba1b9cbf49a4d2ced58a5b70ada06d71881dcb91a2e952c57e3e1619863c1214e0df00dcbd5093c6c5aa019aded86d1c3d45a22fff50e847b8806996304b3d537a202ef3508f9d2115e43a82b5ff34d9cf4f846861ef4c3e3e95e8cd1805ad22a49c1ada1b235f09ef6e6e90a5ca69c95f2288da50f29dcff58142da5d522209e02e73078e9a0d40a86da4eccb288fd0ec0a416ee02e794e16c54915bac5f20a48d31b31a1cbd812928de4984b28ec61e7443f1b\u0026cri=GZUDLlzGJl\u0026ts=179\u0026cb=1766824326153 HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww9.froxysite.com/\r\nCookie: cg_uuid=89c4a5d26f1b03660a4930d101d9697b\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\ndate: Sat, 27 Dec 2025 08:32:06 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\ncontent-length: 43\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"db04c7b378cb2db912c3ba8a5a774ee3","sha1":"dee34bd86c3484d31002182aa2b7caa4699126b8","sha256":"98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a","sha512":"826225fc21717d8861a05b9d2f959539aad2d2b131b2afed75d88fbca535e1b0d5a0da8ac69713a0876a0d467848a37a0a7f926aeafad8cf28201382d16466ab","ssdeep":"","tlshash":"6490000bca888002caa2c0302b8883022b88b0320228832e80bc30a8ee3b3a20c02000","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-05-13T17:25:47.998756Z","times_seen":381101,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bql.php?vgd_len=4984\u0026\u0026vgd_l2type=dmola\u0026fp=AWe2oiQv8U3qVM9_tPQyxNEz_O9kDWAFbQA6nslem2gkt4HEbsvIflX9ZpSvn5aUWZH03UPCabq1E1_2eAa8we-9kk0KnfkDsZsne2ZukYcMbg5MYMveDdkhZ6oVZNlGeN9nbOS4RSM%3D\u0026cme=ZITqtOuWKoZXnlL5v1XDJF5LWf-6SIhozeF2EKHsbUHgBHlWhXsmyckFcn4r031-khDlVjl80IpBCv-bVnau29UuKxaVOlRo4rRybS1JRWo95YaWSblVHMswJW3ueP4ZIVMFWbfvOF9VAIbY68ZQTMXkJ6wJ-815mB-FovbtcxMbBmwFCTpv_kQIi5AKWgYpT-BG3P7ihTZcEqL705mr53uK4Geum4hyZVcfmBsAKtLBR7TtroujChMc0qdwPLbR06U0dbfOyV0%3D%7C%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7CWtJPvijWHRsm4z5jCfkPsQmv8-urF4NW%7CxDcVMoSqRIS0rkK9RdWsEJeKJclSYZ6JHbdJclf2k9g%3D%7Cv_FGwiaAKkWSjB3mqK05Sm6vszKpRUy2Nzsgt_NRSmLzzYbHHHnjmQ%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7Cmr5YxB_Ky2PXFNW2SL-voPavwPKj4VhvI84GUkFvEChFEYbcFJGy3-P9NZt95GowMD2_GbARfwz0RmvvWWRpbPa10lF0sBfBLlgsaGqLD3h5I4fGpKLu9IWOJli64CnsqDQaPFzWTwx5G8OO3q8D9aGlUH3sFy_i35y_dWG4J7IK5jC4NeDUUn6R1xB6u0Plq4WXbdbU4QQCZIQtjmWUi7vFJcjS0vxcgrA9vb-rgV5QXkJARm-LiXD_rhb8tA_wcCcdtzFyu7pqiGzSaU0YDoUKiRvy_370-swe4jV3uGFXJsi1fsfMN2VtHC7JxvskVkDGniBux0lpz699xH7qqOYWR4-U2G4TNmtavQEbJ2dyToE05mqsVetGnPD6gSpkYNYAB0OIqJHTqmijWW3KqU3BYPN9tKB2eBZ0qRDtH_Fi7XX1LqsCsnJN9KDNff-4hJImbSM16wVdyuYYDdsVrFFlZPtYakt8dW-0uAdnJaAcJr2zOL5oeTmEvlTtA_dYRdIIBNCbdvWSMN_RjOdLSl62OaqwMWyTADMCnH_b9r4gzHmatoyHHwlvfhH1KIn2UpeSidEPaXS69RQrwLBVqBM62Y1jsM9_pNPfSYGXJij-GtXa3FLuPYu5LUoaJXn-aG37JAELrzt_EVcWwLL-HJfRz956T9C1YNZO-vBp3Uc%3D%7C\u0026ksu=360\u0026fdkt=210\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Proxy+Web+Browser\u0026kwt[]=210\u0026kbc[]=4297\u0026kwp[]=1\u0026kid[]=144781208\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-2%7Crla%3D61.01%7Crlhp%3D80.00%7Clr%3D0.22%7C17%3D555.56%7C18%3D555.56%7C5%3D18%7C6%3D1%7C16%3D1%7C19%3D35748.53%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D130153%7Cclpr%3D0.897900%7Ccllvl%3D5%7Cokt%3D210%7Cbdkt%3D210\u0026ktd[]=75557865977714153882112\u0026klg[]=en\u0026kwd[]=Free+Proxy\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=2\u0026kid[]=11640855\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D10325%7Cakp%3D7%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D130153%7Cclpr%3D0.932200%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=75557865977714154279168\u0026klg[]=\u0026kwd[]=Fast+Secure+Internet+VPN\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=3\u0026kid[]=1325772725\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D10321%7Cakp%3D14%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D31649%7Cclpr%3D0.875600%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=17174784\u0026klg[]=\u0026kwd[]=Best+Anonymous+Browsing+Browser\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=4\u0026kid[]=1237128525\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D5494%7Cakp%3D4%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D21210%7Cclpr%3D0.890600%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=75557865977714154279168\u0026klg[]=\u0026kwd[]=VPN+for+Safe+Online+Browsing\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=5\u0026kid[]=1326043865\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D10317%7Cakp%3D15%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D136968%7Cclpr%3D0.872300%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=17174784\u0026klg[]=\u0026v=1\u0026gdpr=1\u0026geo=59.91%7C10.74\u0026lper=100\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170762275\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=QJ1LNwzmBJ-EJL7.NmY\u0026cid=8CU230732\u0026vi=1766824325487138225\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=2\u0026vgd_tsce=L1091-S1091\u0026vgd_l3_sc=03\u0026vgd_refdomain=froxysite.com\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=16630\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_ifrmode=14\u0026sbdrId=\u0026verid=\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2151436992598469975\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=2616\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001766824325928015326356486351\u0026rc=0\u0026rand=1766824327019\u0026acid=undefined\u0026matm=1766824327019\u0026vgde_ltimesrc=u\u0026vgde_ltime=iXW\u0026vgde_rtime=iHX\u0026vgde_etm=uW\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AWHu%2C%22QNLLQ71L7%22%3AWf%2C%22QNLLLJzOJL%22%3Aff%2C%22QNLLJ-JN%22%3AAX%7D\u0026vgd_lhl=2076\u0026vgd_sbSup=1\u0026vgd_nrrs=16630\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2025-12-27T08:32:07.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /bql.php?vgd_len=4984\u0026\u0026vgd_l2type=dmola\u0026fp=AWe2oiQv8U3qVM9_tPQyxNEz_O9kDWAFbQA6nslem2gkt4HEbsvIflX9ZpSvn5aUWZH03UPCabq1E1_2eAa8we-9kk0KnfkDsZsne2ZukYcMbg5MYMveDdkhZ6oVZNlGeN9nbOS4RSM%3D\u0026cme=ZITqtOuWKoZXnlL5v1XDJF5LWf-6SIhozeF2EKHsbUHgBHlWhXsmyckFcn4r031-khDlVjl80IpBCv-bVnau29UuKxaVOlRo4rRybS1JRWo95YaWSblVHMswJW3ueP4ZIVMFWbfvOF9VAIbY68ZQTMXkJ6wJ-815mB-FovbtcxMbBmwFCTpv_kQIi5AKWgYpT-BG3P7ihTZcEqL705mr53uK4Geum4hyZVcfmBsAKtLBR7TtroujChMc0qdwPLbR06U0dbfOyV0%3D%7C%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7CWtJPvijWHRsm4z5jCfkPsQmv8-urF4NW%7CxDcVMoSqRIS0rkK9RdWsEJeKJclSYZ6JHbdJclf2k9g%3D%7Cv_FGwiaAKkWSjB3mqK05Sm6vszKpRUy2Nzsgt_NRSmLzzYbHHHnjmQ%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7Cmr5YxB_Ky2PXFNW2SL-voPavwPKj4VhvI84GUkFvEChFEYbcFJGy3-P9NZt95GowMD2_GbARfwz0RmvvWWRpbPa10lF0sBfBLlgsaGqLD3h5I4fGpKLu9IWOJli64CnsqDQaPFzWTwx5G8OO3q8D9aGlUH3sFy_i35y_dWG4J7IK5jC4NeDUUn6R1xB6u0Plq4WXbdbU4QQCZIQtjmWUi7vFJcjS0vxcgrA9vb-rgV5QXkJARm-LiXD_rhb8tA_wcCcdtzFyu7pqiGzSaU0YDoUKiRvy_370-swe4jV3uGFXJsi1fsfMN2VtHC7JxvskVkDGniBux0lpz699xH7qqOYWR4-U2G4TNmtavQEbJ2dyToE05mqsVetGnPD6gSpkYNYAB0OIqJHTqmijWW3KqU3BYPN9tKB2eBZ0qRDtH_Fi7XX1LqsCsnJN9KDNff-4hJImbSM16wVdyuYYDdsVrFFlZPtYakt8dW-0uAdnJaAcJr2zOL5oeTmEvlTtA_dYRdIIBNCbdvWSMN_RjOdLSl62OaqwMWyTADMCnH_b9r4gzHmatoyHHwlvfhH1KIn2UpeSidEPaXS69RQrwLBVqBM62Y1jsM9_pNPfSYGXJij-GtXa3FLuPYu5LUoaJXn-aG37JAELrzt_EVcWwLL-HJfRz956T9C1YNZO-vBp3Uc%3D%7C\u0026ksu=360\u0026fdkt=210\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Proxy+Web+Browser\u0026kwt[]=210\u0026kbc[]=4297\u0026kwp[]=1\u0026kid[]=144781208\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-2%7Crla%3D61.01%7Crlhp%3D80.00%7Clr%3D0.22%7C17%3D555.56%7C18%3D555.56%7C5%3D18%7C6%3D1%7C16%3D1%7C19%3D35748.53%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D130153%7Cclpr%3D0.897900%7Ccllvl%3D5%7Cokt%3D210%7Cbdkt%3D210\u0026ktd[]=75557865977714153882112\u0026klg[]=en\u0026kwd[]=Free+Proxy\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=2\u0026kid[]=11640855\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D10325%7Cakp%3D7%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D130153%7Cclpr%3D0.932200%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=75557865977714154279168\u0026klg[]=\u0026kwd[]=Fast+Secure+Internet+VPN\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=3\u0026kid[]=1325772725\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D10321%7Cakp%3D14%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D31649%7Cclpr%3D0.875600%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=17174784\u0026klg[]=\u0026kwd[]=Best+Anonymous+Browsing+Browser\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=4\u0026kid[]=1237128525\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D5494%7Cakp%3D4%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D21210%7Cclpr%3D0.890600%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=75557865977714154279168\u0026klg[]=\u0026kwd[]=VPN+for+Safe+Online+Browsing\u0026kwt[]=658\u0026kbc[]=1421b906bc8ad4001f491c35db4ca045.d2s\u0026kwp[]=5\u0026kid[]=1326043865\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D10317%7Cakp%3D15%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D136968%7Cclpr%3D0.872300%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D1.000%7Cps_id%3D2\u0026ktd[]=17174784\u0026klg[]=\u0026v=1\u0026gdpr=1\u0026geo=59.91%7C10.74\u0026lper=100\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170762275\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=QJ1LNwzmBJ-EJL7.NmY\u0026cid=8CU230732\u0026vi=1766824325487138225\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=2\u0026vgd_tsce=L1091-S1091\u0026vgd_l3_sc=03\u0026vgd_refdomain=froxysite.com\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=16630\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_ifrmode=14\u0026sbdrId=\u0026verid=\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2151436992598469975\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=2616\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001766824325928015326356486351\u0026rc=0\u0026rand=1766824327019\u0026acid=undefined\u0026matm=1766824327019\u0026vgde_ltimesrc=u\u0026vgde_ltime=iXW\u0026vgde_rtime=iHX\u0026vgde_etm=uW\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AWHu%2C%22QNLLQ71L7%22%3AWf%2C%22QNLLLJzOJL%22%3Aff%2C%22QNLLJ-JN%22%3AAX%7D\u0026vgd_lhl=2076\u0026vgd_sbSup=1\u0026vgd_nrrs=16630\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://searchnowexpert.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 27 Dec 2025 08:32:07 GMT\r\ncontent-type: text/javascript\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\nexpires: Fri, 26 Dec 2025 08:32:07 GMT\r\npragma: no-cache\r\ntiming-allow-origin: *\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1uBpJWfmtXSP3x2%2B0c8kjkLsPxx5iILFyyeV6KW3%2Fm6hbU4C54cRfHBiRLsrsjkXkR9%2FqF509ESScOZlMu%2BpBZ3tRbCTU63Vu%2BZaAytHUldqcA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b47772c3c4e56a4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-05-13T17:12:15.881654Z","times_seen":175569,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bqi.php?vgd_len=1756\u0026\u0026vgd_aref=0\u0026vgd_tsce=L1091-S1091\u0026vgd_l2type=dmola\u0026vgd_ydspr=0\u0026vgd_cdv=O2494\u0026vgd_cage=2\u0026vgd_kwrf=http%3A%2F%2Fww9.froxysite.com%2F\u0026vgd_pgids=0\u0026vgd_pdtid=1\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026lf=3\u0026prid=8PR11258V\u0026cid=8CU230732\u0026crid=774272680\u0026requrl=http%3A%2F%2Ffroxysite.com\u0026vi=1766824325487138225\u0026ugd=4\u0026cc=NO\u0026sc=03\u0026gdpr=1\u0026vgd_acid=undefined\u0026hvsid=00001766824325928015326356486351\u0026cme=ZITqtOuWKoZXnlL5v1XDJF5LWf-6SIhozeF2EKHsbUHgBHlWhXsmyckFcn4r031-khDlVjl80IpBCv-bVnau29UuKxaVOlRo4rRybS1JRWo95YaWSblVHMswJW3ueP4ZIVMFWbfvOF9VAIbY68ZQTMXkJ6wJ-815mB-FovbtcxMbBmwFCTpv_kQIi5AKWgYpT-BG3P7ihTZcEqL705mr53uK4Geum4hyZVcfmBsAKtLBR7TtroujChMc0qdwPLbR06U0dbfOyV0%3D%7C%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7CWtJPvijWHRsm4z5jCfkPsQmv8-urF4NW%7CxDcVMoSqRIS0rkK9RdWsEJeKJclSYZ6JHbdJclf2k9g%3D%7Cv_FGwiaAKkWSjB3mqK05Sm6vszKpRUy2Nzsgt_NRSmLzzYbHHHnjmQ%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7Cmr5YxB_Ky2PXFNW2SL-voPavwPKj4VhvI84GUkFvEChFEYbcFJGy3-P9NZt95GowMD2_GbARfwz0RmvvWWRpbPa10lF0sBfBLlgsaGqLD3h5I4fGpKLu9IWOJli64CnsqDQaPFzWTwx5G8OO3q8D9aGlUH3sFy_i35y_dWG4J7IK5jC4NeDUUn6R1xB6u0Plq4WXbdbU4QQCZIQtjmWUi7vFJcjS0vxcgrA9vb-rgV5QXkJARm-LiXD_rhb8tA_wcCcdtzFyu7pqiGzSaU0YDoUKiRvy_370-swe4jV3uGFXJsi1fsfMN2VtHC7JxvskVkDGniBux0lpz699xH7qqOYWR4-U2G4TNmtavQEbJ2dyToE05mqsVetGnPD6gSpkYNYAB0OIqJHTqmijWW3KqU3BYPN9tKB2eBZ0qRDtH_Fi7XX1LqsCsnJN9KDNff-4hJImbSM16wVdyuYYDdsVrFFlZPtYakt8dW-0uAdnJaAcJr2zOL5oeTmEvlTtA_dYRdIIBNCbdvWSMN_RjOdLSl62OaqwMWyTADMCnH_b9r4gzHmatoyHHwlvfhH1KIn2UpeSidEPaXS69RQrwLBVqBM62Y1jsM9_pNPfSYGXJij-GtXa3FLuPYu5LUoaJXn-aG37JAELrzt_EVcWwLL-HJfRz956T9C1YNZO-vBp3Uc%3D%7C\u0026fp=AWe2oiQv8U3qVM9_tPQyxNEz_O9kDWAFbQA6nslem2gkt4HEbsvIflX9ZpSvn5aUWZH03UPCabq1E1_2eAa8we-9kk0KnfkDsZsne2ZukYcMbg5MYMveDdkhZ6oVZNlGeN9nbOS4RSM%3D\u0026vgd_rensize=1280_1024\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://searchnowexpert.com/sr/754870121/SAFEFRAME.html?ule=786\u0026%216Qp=G\u00262HQa=N\u00262HQasd6F=\u00264ZFxQ_=H%21D4p\u0026664H=%7B%2266ss%22%3A%22%28U%22%2C%2266sFx%22%3A%22D64D%22%2C%22667Q%22%3A%22%22%2C%22666s%22%3A%22GV%22%7D\u002667O_=NNI~1iuT\u00266JHa%2AH=\u00266s=GV\u0026767H=G\u00269H=\u00269ta0=MFFQ%3A%2F%2FttTj0aD1x67F_jsD%21%2F\u0026AJ7H=\u0026D4p0=Dd_\u0026D7H=G~~uJpGJC~iJ-C~-GHCJp~uCsN-JN~II~JJT\u0026F6s_=cNGTN\u0026H%21a0=N\u0026H_s%21%21%21=\u0026J7H=\u0026JHa%2AH=\u0026J_=G\u0026Jp_=\u0026K2H=~\u0026K6Q_d0=G\u0026MFFQ6=N\u0026Q7H=\u0026_sa7H=\u0026a_3Ka4=MFFQ%3A%2F%2F0aD1x67F_jsD%21\u0026d%21_aa=N\u0026dFm=\u0026htmlsrc=1\u0026kkdd=HA%7C%21%7C%2Aun9h3AWH\u0026m7=N-iiuZ~VZI~u-NVuZZI\u0026pHD%21p7d=\u0026pHFN=\u0026pHFZ=\u0026pHm=\u0026pQgK=\u0026psF=nq%2AV1V%283~q%2820d0qO~v~a3vqp22_%2FOvv1d2\u0026s7H=ugbZVG-VZ\u0026sFQ7H=\u0026sHm=UZ~T~\u0026sMd%21V=TnU-IIYTI\u0026sMd%21Z=D6m~f7dFs\u0026sa7H=--~Z-ZiuG\u0026ss=%28U\u0026t46FQ=G\u0026t6MQ=G\u0026tpid=\u0026xH6Qa=\u0026xJdfssf_1Q=\u0026xQ4Q=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766824325928015326356486351\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151436992598469975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=VBhfe9uH4qb4FvOeb5nTtuJDsdUfmt6LzFsCvj0ic7j4FmSu0mfAC_PTl4JUgPKUorY3TS9dYnxLL_Bl7n67qrwmTFm9oVYuY33fgyVb_CagGJPz78u3ZqA8Gja00BgGwXvPYjmpEZYtSOHF-fU334cUwLALSu9f3f27evOStcZn1M6YuWzZbUY9vkFSzNTfnEIt-UVucq0%3D\u0026tchkpts=%7B%22prel2%22%3A1766824326096%7D\u0026stime=1766824326096\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Fsearchnowexpert.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F1GlaK%253D%25261W7Z66ZnJa%253D%25261a4a%253D%25264Ex1an%253DG8u4w%252666%253DRf%25266GH%253DfE%25252Ar%25252A%25266KjG%253Dii%25252AEiEzPB%25266M78-%253DrqfiOOXrO%25266M78E%253DulH%25252AZj7x6%25266jG%253DPgCE-Bi-E%25266xajG%253D%252678nKK%253Dk%25267xH%253D%25268law%253DB%2526FGaK%253Dk%2526FGaK67lx%253D%2526Gn6888%253D%2526Hj%253DkizzPE%25252A-EO%25252APik-PEEO%2526Knc~K4%253DMxxa%25253A%25252F%25252F%252528KuJ1ljxnm6u8%2526Mxxal%253Dk%2526V4lxa%253DB%2526VlMa%253DB%2526WGK_G%253D%2526WjG%253D%2526Wn%253DB%2526Wwn%253D%2526YG%253D%2526YVK%252528%253DMxxa%25253A%25252F%25252FVVrm%252528KuJ1ljxnm6u8%25252F%2526ajG%253D%2526htmlsrc%253D1%2526jljG%253DB%2526kkdd%253D3A%25257Ch%25257C%25252Au9HA3n%2526l6%253DB-%2526lWGK_G%253D%2526lj5n%253DkkO%25252AJzPr%2526ll4G%253D%25257B%252522ll66%252522%25253A%252522Rf%252522%25252C%252522ll6x1%252522%25253A%252522ul4u%252522%25252C%252522llja%252522%25253A%252522%252522%25252C%252522lll6%252522%25253A%252522B-%252522%25257D%2526n6KjG%253D%2526tWjG%253D%2526tpid%253D%2526u4w%252528%253Du7n%2526ujG%253DB%25252A%25252APWwBWv%25252AzWiv%25252AiBGvWw%25252APv6kiWk%25252AOO%25252AWWr%2526w6x%253Dq3_-J-Rc%25252A3RF%2525287%25252835%25252Ap%25252AKcp3wFFn%25252F5ppJ7F%2526wGH%253D%2526wGu8wj7%253D%2526wGxE%253D%2526wGxk%253D%2526wag~%253D%2526xl6n%253D2kBrk%2526~FG%253D%25252A%2526~lan7%252528%253DB%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2025-12-27T08:32:08.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /bqi.php?vgd_len=1756\u0026\u0026vgd_aref=0\u0026vgd_tsce=L1091-S1091\u0026vgd_l2type=dmola\u0026vgd_ydspr=0\u0026vgd_cdv=O2494\u0026vgd_cage=2\u0026vgd_kwrf=http%3A%2F%2Fww9.froxysite.com%2F\u0026vgd_pgids=0\u0026vgd_pdtid=1\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026lf=3\u0026prid=8PR11258V\u0026cid=8CU230732\u0026crid=774272680\u0026requrl=http%3A%2F%2Ffroxysite.com\u0026vi=1766824325487138225\u0026ugd=4\u0026cc=NO\u0026sc=03\u0026gdpr=1\u0026vgd_acid=undefined\u0026hvsid=00001766824325928015326356486351\u0026cme=ZITqtOuWKoZXnlL5v1XDJF5LWf-6SIhozeF2EKHsbUHgBHlWhXsmyckFcn4r031-khDlVjl80IpBCv-bVnau29UuKxaVOlRo4rRybS1JRWo95YaWSblVHMswJW3ueP4ZIVMFWbfvOF9VAIbY68ZQTMXkJ6wJ-815mB-FovbtcxMbBmwFCTpv_kQIi5AKWgYpT-BG3P7ihTZcEqL705mr53uK4Geum4hyZVcfmBsAKtLBR7TtroujChMc0qdwPLbR06U0dbfOyV0%3D%7C%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7CWtJPvijWHRsm4z5jCfkPsQmv8-urF4NW%7CxDcVMoSqRIS0rkK9RdWsEJeKJclSYZ6JHbdJclf2k9g%3D%7Cv_FGwiaAKkWSjB3mqK05Sm6vszKpRUy2Nzsgt_NRSmLzzYbHHHnjmQ%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7Cmr5YxB_Ky2PXFNW2SL-voPavwPKj4VhvI84GUkFvEChFEYbcFJGy3-P9NZt95GowMD2_GbARfwz0RmvvWWRpbPa10lF0sBfBLlgsaGqLD3h5I4fGpKLu9IWOJli64CnsqDQaPFzWTwx5G8OO3q8D9aGlUH3sFy_i35y_dWG4J7IK5jC4NeDUUn6R1xB6u0Plq4WXbdbU4QQCZIQtjmWUi7vFJcjS0vxcgrA9vb-rgV5QXkJARm-LiXD_rhb8tA_wcCcdtzFyu7pqiGzSaU0YDoUKiRvy_370-swe4jV3uGFXJsi1fsfMN2VtHC7JxvskVkDGniBux0lpz699xH7qqOYWR4-U2G4TNmtavQEbJ2dyToE05mqsVetGnPD6gSpkYNYAB0OIqJHTqmijWW3KqU3BYPN9tKB2eBZ0qRDtH_Fi7XX1LqsCsnJN9KDNff-4hJImbSM16wVdyuYYDdsVrFFlZPtYakt8dW-0uAdnJaAcJr2zOL5oeTmEvlTtA_dYRdIIBNCbdvWSMN_RjOdLSl62OaqwMWyTADMCnH_b9r4gzHmatoyHHwlvfhH1KIn2UpeSidEPaXS69RQrwLBVqBM62Y1jsM9_pNPfSYGXJij-GtXa3FLuPYu5LUoaJXn-aG37JAELrzt_EVcWwLL-HJfRz956T9C1YNZO-vBp3Uc%3D%7C\u0026fp=AWe2oiQv8U3qVM9_tPQyxNEz_O9kDWAFbQA6nslem2gkt4HEbsvIflX9ZpSvn5aUWZH03UPCabq1E1_2eAa8we-9kk0KnfkDsZsne2ZukYcMbg5MYMveDdkhZ6oVZNlGeN9nbOS4RSM%3D\u0026vgd_rensize=1280_1024\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://searchnowexpert.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 27 Dec 2025 08:32:08 GMT\r\ncontent-type: text/javascript\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\nexpires: Fri, 26 Dec 2025 08:32:08 GMT\r\npragma: no-cache\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=czhJm%2Be%2FSB6iJoEa1G0l42XolE44qTqF8IHPF89aDVC2cjEFYgtyAJr3IiLW1RLnHtQXu5uKDNz5%2FxlVDFWx81z6xtrhIuji%2B2qFK10DnpUDaA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b477732589b56a4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":15,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-05-13T17:12:15.881654Z","times_seen":175569,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}