{"report_id":"a8dbfe82-849c-4a5a-9719-4ea60f3250d8","version":6,"status":"done","tags":[],"date":"2026-01-04T04:57:39Z","url":{"schema":"http","addr":"www.1upfun.com/","fqdn":"www.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"172.237.146.8","port":0,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"title":"1upfun.com","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.1upfun.com/","fqdn":"www.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"172.237.146.8","port":0,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-08T04:57:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":7}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-04T04:57:23Z","timestamp":1767502643,"ip_dst":{"addr":"172.18.0.26","port":35968,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"3.248.162.96","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2026-01-04T04:57:23.571643+0000\",\"flow_id\":1164644592062980,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"3.248.162.96\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":35968,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.youstarsbuilding.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"70:FA:13:EE:FF:82:23:36:52:0A:5D:4D:41:EE:90:F5\",\"fingerprint\":\"1d:e0:7a:77:9e:39:3d:b5:85:c1:3d:30:3e:e7:35:c5:fe:d1:7e:38\",\"sni\":\"obseu.youstarsbuilding.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-12-03T00:00:00\",\"notafter\":\"2026-03-03T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"80d47c47e3ce91bc3bd0a026dbd1664d\",\"string\":\"771,49196,5-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1219,\"bytes_toclient\":3922,\"start\":\"2026-01-04T04:57:23.463364+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.1upfun.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"euob.youstarsbuilding.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.1upfun.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":6,"request_count":2,"received_data":5295,"sent_data":918,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"euob.youstarsbuilding.com","ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2022-08-01","domain_rank":2095641,"first_seen":"2023-10-25T16:14:24Z","last_seen":"2026-01-02T16:01:19.820177Z","alert_count":1,"request_count":1,"received_data":120394,"sent_data":454,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"parking3.parklogic.com","ip":{"addr":"172.232.7.47","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"domain_registered":"2007-02-28","domain_rank":497061,"first_seen":"2023-05-10T10:50:24Z","last_seen":"2025-12-29T06:14:35.087951Z","alert_count":0,"request_count":2,"received_data":1929,"sent_data":1075,"comment":"","tags":null,"fingerprints":null},{"fqdn":"syndicatedsearch.goog","ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-04-14","domain_rank":5365,"first_seen":"2023-09-25T09:30:59Z","last_seen":"2025-12-28T22:31:21.710993Z","alert_count":0,"request_count":4,"received_data":153233,"sent_data":3878,"comment":"","tags":null,"fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}]},{"fqdn":"afs.googleusercontent.com","ip":{"addr":"142.250.74.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-11-17","domain_rank":65181,"first_seen":"2013-05-06T19:11:00Z","last_seen":"2025-12-28T22:38:08.203021Z","alert_count":0,"request_count":2,"received_data":2237,"sent_data":1005,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ww12.1upfun.com","ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":18,"request_count":6,"received_data":20059,"sent_data":3399,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ep1.adtrafficquality.google","ip":{"addr":"216.58.211.2","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-11-17","domain_rank":3093,"first_seen":"2024-07-24T04:17:49Z","last_seen":"2025-12-28T22:45:31.755921Z","alert_count":0,"request_count":1,"received_data":11175,"sent_data":529,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ep2.adtrafficquality.google","ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-11-17","domain_rank":3229,"first_seen":"2024-08-13T12:56:28Z","last_seen":"2025-12-29T00:15:51.204546Z","alert_count":0,"request_count":2,"received_data":34547,"sent_data":986,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.com","ip":{"addr":"216.58.207.196","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2025-12-28T22:22:31.188277Z","alert_count":0,"request_count":1,"received_data":134696,"sent_data":362,"comment":"","tags":null,"fingerprints":null},{"fqdn":"d38psrni17bvxu.cloudfront.net","ip":{"addr":"54.192.209.209","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2022-09-22T18:48:38Z","last_seen":"2025-12-31T04:33:59.334687Z","alert_count":0,"request_count":1,"received_data":11842,"sent_data":409,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"obseu.youstarsbuilding.com","ip":{"addr":"3.248.162.96","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2022-08-01","domain_rank":1721811,"first_seen":"2023-11-07T16:47:12Z","last_seen":"2026-01-02T16:01:20.849793Z","alert_count":0,"request_count":6,"received_data":5339,"sent_data":9478,"comment":"","tags":null,"fingerprints":null},{"fqdn":"router.parklogic.com","ip":{"addr":"172.234.216.100","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"domain_registered":"2007-02-28","domain_rank":346495,"first_seen":"2025-03-19T10:23:50.028513Z","last_seen":"2025-12-29T00:47:56.217606Z","alert_count":0,"request_count":1,"received_data":216,"sent_data":498,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"c77554570ae0fa8e4fb31747dc213058","sha1":"e989fbde07e6a68975c7a31e1d4df76afd90b96f","sha256":"c3f831fe1717c6d76a8950ac5e7dc88ceee7440d079b11584be5c6c5b3269e77","sha512":"130189a67dea3f0d7ba0591ffbff46f37993ae8b07409e84dfb571f6d31f1b20f97cf76b7cd0751450eec5f294906f95fd35f3dfa37d58bc80433f4c9b4064a9","ssdeep":"","tlshash":"171148b58c9b942f6b37592fa69a72816c41a1179c013a18b14cc7302fdc71d6470bf6","size":968,"data":"","first_seen":"2023-03-08T02:24:08Z","last_seen":"2026-01-15T16:13:58.011798Z","times_seen":181951,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"a4c69ce19217368cbbdcc3a2bbb6b0ff","sha1":"b32566ef3e6258f080d423c6115b746b757ad70f","sha256":"a0a99176b89f1f86fa0671cf86e8d8e4d8f42d0b818fd3961a407ee2897bd81b","sha512":"5626c8713e947aa3d2d93e31b7352efa706569fc44c938c677b251c5ea9b583065cf804346deaa587caf3e0c9c2925672e8bd1b3112e775b7ad2436a914bd555","ssdeep":"192:+debVDGfXP88h9CV2V/Hi3DVcqTrIZ9eKD5edIyDJTNebVDGsOGebVDGZ3pig:sgVG/EM9A2V/HeDVcqTEZ9eKD5qb9TNs","tlshash":"6a12c7a35d470c320def920ed976a41af4adf76b99767835b44bd2802380a0fc511abe","size":9250,"data":"","first_seen":"2026-01-04T04:57:46.036299Z","last_seen":"2026-01-04T04:57:46.036299Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"035ba0b232dd69314837fec77fd583d6","sha1":"aac759d833c3d55d155f9eb09580d4a857652df0","sha256":"d0a1631610abbcb7809722a23478d2d83449992c8376496b9f1ae55a0da9bb81","sha512":"3ef33c3c8c3f3a472fb9bd921106b7a8d491766bd7184ebfd0dc51fbfcccec08323e275f68cdb1716542fa2684f7d805ee300255febea3bd6d1f3b57ba70ec16","ssdeep":"","tlshash":"9421d0da6ce6041d6b7b20ad0e5f88047435685b6299cf02bd8c12902f78729d6b6be9","size":1258,"data":"","first_seen":"2026-01-04T04:57:46.038004Z","last_seen":"2026-01-04T04:57:46.038004Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"65c8369b3607f59089ddd9f23b11f98c","sha1":"5a305680d67d825d8186fe1a52cb65e530301204","sha256":"e2508bc8b6eda959a5e887150cd18744f2aacb6eb98042b690f26443fc5b6d15","sha512":"7ce30bc944e8afd9c817174107ac9345a01537d5c76144f50040acc7d65a47d68276f7e9afe458e478cd1d088d19f0713c5d0f8196c04eb475cfbf82b4e0421b","ssdeep":"","tlshash":"c69004501411035735471404dc0d10c5cc14d1571350413d0353cc740141435fc01405","size":40,"data":"","first_seen":"2025-02-04T20:34:58.349606Z","last_seen":"2026-01-15T16:13:58.019084Z","times_seen":146939,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/ads?sjk=4KPFb4D2SyyPylKQops3Eg%3D%3D\u0026adtest=off\u0026psid=5837883959\u0026pcsa=false\u0026channel=000001%2Cbucket011\u0026client=dp-teaminternet09_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww12.1upfun.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.ntL52JHxANVjOfeRPMUBuRA-LlqXLeeyQMEcdEKmhpynJARvQqeIqg.y3m_PG_NRxjAE_7EuYQq5A.FbE7E5RczdhAorVNN-3bU-QT5MBkCdhioqIjfD5OaMfR-4enwX0R6lmhSIbA0Jr-Z5mpvsuRYgy-g9h5GQ_PO3P8DeWBDpMlbH3Ca_lb4ME-53VdA6VYfiG_IZZWeZt2We2Iq89jRP-xhXH79nGx51gTKak_DyDgvgQK9kJ46e11J-BcLFRuPACTpnYV-5a8E3uHdRN85fmru_WzvZno2JCnN6n4nNTDlO-u-bZRWP7Zk0SOdljoJtepbcjedy2DMrzNCLUKCt5oybRI5RmsB-4HdGFw9PfqOcVZBUMdjhBIjbOaWKHaG3HFHnpif3R3ghEYJIByNLoICfVfQRD7i8yD07vqBqDU8vb6S47zQutuNJeksijwwuh3NhGQh7h6YNixx_yQukYeqwDmeFPLXobv-SEqQ_IjFWbAdj-ArYijlzYX2pPJ0SVV-ltGlfk2s7TDFDKnt0rMOMj6s7dxTxVJkIX9EqW5bEqhSV1BTO1FwdibIjlyZyOTiF3d3UBPWctZmJIB3eG5DY9ONFeQAvsIXAue-sKAaLwgk5RJZ3bu-ZOllPYL36ec-XGLGQV7RBlLHYXjPg3AIMfwSyEzztTOdyYFILWOjkMkEIqqKzo.G6t7jl0r_f1leCSweOKYPw\u0026type=3\u0026swp=as-drid-2733393318609526\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717108\u0026format=r3%7Cs\u0026nocache=9321767502643159\u0026num=0\u0026output=afd_ads\u0026domain_name=ww12.1upfun.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=3\u0026u_tz=0\u0026dt=1767502643161\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=760\u0026frm=0\u0026uio=--\u0026cont=tc\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww12.1upfun.com%2F%3Fusid%3D104%26utid%3D967af6e2b2bf1f6adaa240098ff41416","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"5a69b358be31e8dafd3e025ac9f54ce1","sha1":"aef2daa56f43c5ec7fb6b0a38f67a313ff4f5d94","sha256":"fefcd51238ca02581a7e63876bc2dbaf3fd789b847b4a73eaaa5ff7b28778e09","sha512":"f1d2f071a9a7803896dc8ab5273eedcd7f69e4a07a2e96bf9febbe5f799da047cbad105f8c470db43d04514841197c3be510e0327909c58b85857f69fca30a64","ssdeep":"","tlshash":"5d015694942e0223c57305554d573fd21419053113c77a82e49fe58e19a8bee989879f","size":851,"data":"","first_seen":"2026-01-04T04:57:46.040147Z","last_seen":"2026-01-04T04:57:46.040147Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/ct?id=80705\u0026url=http%3A%2F%2Fww12.1upfun.com%2F%3Fusid%3D104%26utid%3D967af6e2b2bf1f6adaa240098ff41416\u0026sf=0\u0026tpi=\u0026ch=AdsDeli%20-%20domain%20-%20landingpage\u0026uvid=6eeb65b5d56de95c422b13d168524f25611def5c\u0026tsf=0\u0026tsfmi=\u0026tsfu=\u0026cb=1767502643392\u0026hl=3\u0026op=0\u0026ag=2881387774\u0026rand=636921901666001716829188958926216277166101176161759157505865765807821781278620477270990910\u0026fs=1280x1024\u0026fst=1280x1024\u0026np=win32\u0026nv=\u0026ref=\u0026ss=1280x1024\u0026nc=0\u0026at=\u0026di=W1siZWYiLDU4MzRdLFsiYWJuY2giLDE3XSxbLTYsIntcIndcIjpbXCIwXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJ1c2lkXCIsXCJ1dGlkXCIsXCJwYXRoXCIsXCJnZXRHUFVWZW5kb3JcIixcInRjYmxvY2tcIixcInNlYXJjaGJveEJsb2NrXCIsXCJnZXRYTUxodHRwXCIsXCJmYWxsYmFja1JlZGlyZWN0XCIsXCJhamF4UXVlcnlcIixcImFqYXhCYWNrZmlsbFwiLFwibG9hZEZlZWRcIixcInhtbEh0dHBcIixcImdldExvYWRGZWVkQXJndW1lbnRzXCIsXCJfX2N0Y2dfY3RfODA3MDVfZXhlY1wiXSxcIm5cIjpbXSxcImRcIjpbXX0iXSxbLTEwLCItIl0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJtZXNhXCIsXCJyXCI6XCJsbHZtcGlwZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMFwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wXCIsXCJndmVuXCI6XCJtb3ppbGxhXCIsXCJiZW5cIjo2MSxcIndnbFwiOjEsXCJncmVuXCI6XCJsbHZtcGlwZVwiLFwic2VmXCI6NDk0MTk1MDQzLFwic2VjXCI6XCJcIn0iXSxbLTM1LCJbMTc2NzUwMjY0MzA3NSwwXSJdLFstNTcsIlMzbFJUVTFKU2dNV0ZseE1WbHNYUUZaTVNrMVlTMHBiVEZCVlhWQlhYaGRhVmxRV1NrRkpGbEFXQ3dzTlh3RU1DZ2tMV0ZnTFd3OWNXZ29KV0ZoYUFGZ0JERjFZQzFwYlh3QVhVMG9EQ0FNQkR3c0tDaFVPQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBCV1RFcE5XRXRLVzB4UVZWMVFWMTRYV2xaVUZrcEJTUlpRRmdzTERWOEJEQW9KQzFoWUMxc1BYRm9LQ1ZoWVdnQllBUXhkV0F0YVcxOEFGMU5LQXdnREFROE5DZ2dWU2x4TmJWQlVYRlpNVFJsUldGZGRWVnhMRXc0SUFCWk5GMXhCU1ZaTFRVb1dCWGxSVFUxSlNnTVdGbHhNVmxzWFFGWk1TazFZUzBwYlRGQlZYVkJYWGhkYVZsUVdTZz09Il0sWy0xNywiNDgiXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTQxLCItIl0sWy02NiwiLSJdLFstNjgsIi0iXSxbLTEsIkxpbnV4IHg4Nl82NCJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstNCwiLSJdLFstOSwiLSJdLFstMjUsIi0iXSxbLTM5LCJbXCIyMDEwMDEwMVwiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixcIjIwMTgxMDAxMDAwMDAwXCIsbnVsbCxmYWxzZSxudWxsLGZhbHNlLG51bGwsNSx0cnVlLGZhbHNlLG51bGwsMCxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZV0iXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDAxMTEwMDEwMDAwMDEwMDAwMDAwMDAwMDEiXSxbLTU5LCItIl0sWy02MCwiLSJdLFstMiwiNyxJc045bkduV2JBWUFJeE5mUWFPcUdFMENGQVFzY0cwMEluaE9iWUJBS1lVT3pRTzZFWDAyMEltR0xjdTYydXJkUC9jMmQycE5tVlpBd2YzLy84ejc5R3JIYTFXdTNPbVhQUHZlIl0sWy01LCItIl0sWy0yMSwiLSJdLFstMzAsIltcInZcIiwwXSJdLFstMzYsIltcIjUvNFwiLFwiNS80XCJdIl0sWy00OCwiW1wiLVwiLFwiLVwiLFwiLVwiLFwiLVwiLFwiLVwiXSJdLFstNTAsIi0iXSxbLTUxLCItIl0sWy01MiwiLSJdLFstNzQsIi0iXSxbLTE0LCItIl0sWy0zMSwiZmFsc2UiXSxbLTM0LCItIl0sWy00MiwiODgzMzk5MDE2Il0sWy00NCwiMCw1LDAsNSJdLFstNDUsIjc1MiwwLDAsNzE5LDAsMCw3NjEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTUzLCIwMDEiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNjcsIi0iXSxbLTcxLCJhMDEwMDEwMTEwMDEwMDEwMTAwMDEwMTAwMTEwMTEwMDAwMDAxMCJdLFstNywiLSJdLFstMjQsIltdIl0sWy0zNywiLSJdLFstNTgsIi0iXSxbLTEzLCItIl0sWy0yNiwiLSJdLFstMzMsIi0iXSxbLTY0LCItIl0sWy02OSwiV2luMzJ8fHw0OHwtfC0iXSxbLTczLCJFaFE9Il0sWy04LCItIl0sWy00MCwiMzciXSxbLTQ5LCItIl0sWy01NCwie1wiaFwiOltcIjMyOTk3Mjg0NTJcIixcIjgyMjgyMzExOVwiLFwiXzNcIixcIjI2MzkyMjI0NjhcIl0sXCJkXCI6W10sXCJiXCI6W1wiXzBcIixcIjI2NDYwMzg4MlwiXSxcInNcIjoxfSJdLFstNjIsIjU4Il0sWy02NSwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltdfSJdLFstMjMsIisiXSxbLTI3LCItIl0sWy0zOCwiaSwtMSwtMSwwLDAsMTcsMCwxLDMxLDg4LC0xLDAsLDY2NSwxMTYyLDExNjMiXSxbLTU1LCIwIl0sWy02MywiLSJdLFsiYm5jaCIsNDgwXSxbLTEyLCJcIjFcIiJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xOCwiWzEsMCwwLDBdIl0sWy0yMCwiLSJdLFstMjksIi0iXSxbLTMyLCIwIl0sWy00NiwiMCJdLFstNzAsIi0iXSxbLTYxLCItIl0sWy03MiwiRXhVPSJdLFsiZGRiIiwiMCw3LDAsMCwxLDIsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMSwwLDIsMCwxLDEsMCwwLDAsMSwzLDQzLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDIsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMSwwLDAsMCJdLFsiY2IiLCIxLDAsMCwwLDAsMCwwLDAsMCwzLDIsMCw2MywwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDEsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXV0%3D\u0026dep=0\u0026pre=0\u0026sdd=\u0026cri=JvYLaH7Z98\u0026pto=1169\u0026ver=65\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1767502643.i2GfKPt9YaeLjiL9\u0026suid=1.1767502643.1kIFg1utsnGq84JB\u0026tuid=1.1767502643.ICqka6XiBdafGd4F\u0026fbc=-\u0026gtm=-\u0026it=11%2C193%2C41\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=\u0026sck=-\u0026io=aGA2Og%3D%3D","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"3.248.162.96","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a61a41839e16e4082a2180ca884091ec","sha1":"0dc72ef5c1788e5c63fff0f27d445803027b418e","sha256":"0ad27f4cd305809ed7d1938b9ac56ac8fa4def0b5e79543c4f9d33d782386500","sha512":"23e8c98531dbd3531a5a5a3e549d967614e1b12bab3be08f08edf185cc8f99d38d46a7cb23d682592e26454a418c0546778d045c806e95542591244b9023cf69","ssdeep":"","tlshash":"8e71b6bf6a1a4c5d3add57d6d240e0e373e29a3b014f5405a03affc709eb6101b36514","size":3489,"data":"","first_seen":"2026-01-04T04:57:46.012091Z","last_seen":"2026-01-04T04:57:46.012091Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"euob.youstarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js","fqdn":"euob.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8029362628da964c8180dcd7ce5dee64","sha1":"c106143b645314d2ac38480568d6396f921aabcb","sha256":"4413059d59ca7cca178af3bbbc46eefc5a1e9f6f79fb54d475c308be87309d60","sha512":"215441c90181b9f91c827e1ce2c6eba4fbca697e409e9c0333a97ddca78a309e5eec907c8b357a7b6e0d7611a4b55dc55c8d9e5a4390ddc1edb0bd6de9ce0b02","ssdeep":"1536:Qu5y/b5E0bwM7sIo8L0SUs8LonlEzsjxM96nhXxwcTkYtsdlBnFIUtY0PVEWm/5c:QuQb7O8hzjnhGdhtNP8/kLP/VVZF","tlshash":"3cc3d79db2e27025439334a5157f410ae27b5e503c4b8294d27ee9d4ac7ce8e817bfac","size":119868,"data":"","first_seen":"2025-11-17T13:15:00.257414Z","last_seen":"2026-01-07T13:44:42.282578Z","times_seen":17041,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"18f2edc58d8a7b9e6b82454e8658c157","sha1":"e5dfdd0fa61b3a5ef68dab382a0ba93e9e7b67fb","sha256":"2d9b07a0704d92dda4deae88bc582aeb659923c8d44d0e7362e13cb28d88d250","sha512":"21505594429d2550843f79a1b5aa1555f5f9cac9ae8c281ab5cf48bb5831e39075e826ce61837ad3d6a7ad9a1fb227963eae6e2186b388c9af611e35a0f46f92","ssdeep":"","tlshash":"88f0659805f622d326aa60584df6eb0375a09023a20555c4fa7ca3119f5bc5702ddb8a","size":483,"data":"","first_seen":"2024-01-04T10:26:15Z","last_seen":"2026-01-15T16:13:58.022487Z","times_seen":185093,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"6559111e4eae643ce013ce0821e91a02","sha1":"fa1086c9aa2cb2d14f5c13bceefe21511bcdae5a","sha256":"d72255f7e5ea4dfdf9821df800356367d0bc7df07ecd103bb660018cb1e4f400","sha512":"a6e3e096076dc152b69e95709dad8925c9c2799c23ad226b9ce7b6ee78936bea7300b66c92821ea0728ce7433d4f53787f27f5e7101f97e4d882be0a461fc051","ssdeep":"","tlshash":"407000000380020020c80233a200882af228003c00030200c008888800a808002080c2","size":25,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-04T01:31:34.59565Z","times_seen":331519,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/adsense/domains/caf.js","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f00d4af2ff93432bab783a45f0491b73","sha1":"b455c722bb44aaf7409d10b5c08e620017ac8aed","sha256":"b7dd5d1f9fb9e43930c47cbc407306b14d0d6b37624d364a47149fb7b2552303","sha512":"08e63c56e98c4249b23a35bc7bf5a774b8ff5d9e38be6283a5cba1538be40158da7fde7792eb570945e2e99c8e745bc277048d62ed26322b3154c329e4ea1622","ssdeep":"1536:szL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:3uydkXiR5zzTq+bxpD3ZV4T","tlshash":"f7d33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","size":134043,"data":"","first_seen":"2025-12-10T15:33:56.916944Z","last_seen":"2026-01-07T19:06:32.931594Z","times_seen":6309,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2.js","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a8fe3ea2f81e289e6b14222e898086c5","sha1":"0e9a1227955675736e02c596906bee72bc33d7d6","sha256":"a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623","sha512":"3bd99998aa1b5d7543775769952adc52809f861ca023b6daadf6b7d23411411a6a9470d98c7b8543573e9a6047a24e14b5feaf45e14a22d98e64d0f019718670","ssdeep":"384:dxSMqC/d0d0lxDKyqdeWFy3Wxy9cT4nGllKnnk0TEYRWjfJtncu:i0qKlYyqdeWk3Z9w4G+tFWjfJtnZ","tlshash":"8892c6cab6d2f4624363b9b1a13f100ff13eaca9d84c5464a084e4e0bd759a94367f7c","size":19990,"data":"","first_seen":"2025-05-19T23:59:48.474751Z","last_seen":"2026-02-26T18:27:55.354921Z","times_seen":175417,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026adsdeli=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.196","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2ca6e885b75d0ff0060fec9957ae1ab","sha1":"e70754db262451174bb1bc69b1d75e1e2a90e59a","sha256":"7b786ae59fb8e4f9f2cbca281705651e1bc064d921b9b2d9d5f35db679b162a2","sha512":"64cab43f1ee9eb94c57bd5758ce7e8af3f097f670751506068dc7e9e9e78eb4694d222a3eea00d5ed98c0febed38a6e0f7bb25bf10fe95210cf1a25e53f46771","ssdeep":"1536:pzL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:YuydkXiR5zzTq+bxpD3ZV4T","tlshash":"72d33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","size":134027,"data":"","first_seen":"2025-12-11T16:41:57.082479Z","last_seen":"2026-01-07T19:31:18.868862Z","times_seen":14513,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.1upfun.com/","fqdn":"www.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"172.233.219.123","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0dfa3d27a2884c23fdfc25b0da90a8d4","sha1":"b01259f16f8163e6b934491f9948617f6e395ac3","sha256":"178d7f148f9d5ab373beb2770bcf829c3b4e3c64aabfbdea267e2a5958bb110c","sha512":"d19bf134e925be67b2456d2da37ea7940b1d07bd38fc6fb918c294023b83d637b2c1b6b05deaf7f3f2d823f2e615210fdd9992e9acfa2683261391d7aba6a285","ssdeep":"96:ItDJYtoAJS8ffKH1NPIX4rDIcQ0ucq4o5nZknjHS5I7Bma8:IVJYtoA1ffqzr/IcQ0ybknGmoa8","tlshash":"7591e876b782303d5be511eaa53fab18763f9201340b4073d7a9fcd13c24a5a5096f8a","size":4303,"data":"","first_seen":"2026-01-04T04:57:46.042906Z","last_seen":"2026-01-04T04:57:46.042906Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"parking3.parklogic.com/page/enhance.js?pcId=12\u0026domain=1upfun.com","fqdn":"parking3.parklogic.com","domain":"parklogic.com","tld":"com"},"ip":{"addr":"172.232.7.47","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d8d354d2f14a80759d61f47f33938c0a","sha1":"681da0951165a6e253f010ec1fc5fec97b459d27","sha256":"200cb9afdc3416e263fe5e3f72b3927f33b2a38e833728f5463ccebf34c553f1","sha512":"30b3983a117f81c7b0ae3917de3fcfa0b105a82b6e4d7861fcafc19135f673388ee4e5056a10305e9ead9726beff836aa62ef14596d69ab59d32e31226347447","ssdeep":"","tlshash":"8b31314e597452b445b3303de207a0106f3bc65a3219e555baadc9405f4be2f8333add","size":1608,"data":"","first_seen":"2026-01-04T04:57:46.018088Z","last_seen":"2026-01-04T04:57:46.018088Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"1b334e0123cf0cb113092022fb726782","sha1":"45abb42a6680499daa10d83d2859329de1843de2","sha256":"42591f96b9a41a7e2e5ecd0240dd7fecdcf03ef8454b57c68f08697474a4b579","sha512":"867e061d0f593815a87259d55d960e2000b776954b080157deabbf46850d7530b770d3d31abf6b901aee50bed5fa395be2ce4a6a075b703d07ff7c7c7b7d5cf6","ssdeep":"","tlshash":"6290040115134057505d05134375c101d5504c3f5005d531751c07435f1045f170075c","size":50,"data":"","first_seen":"2024-01-04T10:26:15Z","last_seen":"2026-01-15T16:13:58.023216Z","times_seen":184974,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"e5d8c139688b25ef77b263d88ea99150","sha1":"7abc9c61c4966543f66d150c0155bfac575f86a7","sha256":"53e5f34ac520035c7f124076d1e68c70a85c83cf68a339fa713b872b54126148","sha512":"1cd4eb192d987ea1b21f3b553eea3881c807f8bf4a5299982675d57314a0eaa084db1722c38d02eb73178660ecb1ca3667a795a512527f843f2526dc0a99dc20","ssdeep":"","tlshash":"7440000000003000033c0000000000c0000c00000000000000000c00030000000c0000","size":7,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-04T01:31:34.597396Z","times_seen":331619,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2/237/runner.html","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"25e6119e62d1ba8afd52ec0f623a82bd","sha1":"5a880ff68e376984e4bcd6a646026c67438ecbac","sha256":"dec2ecd2607f2e892cd7041307752b509b1ea8db61ec38cc3a5bb9664ac48f62","sha512":"31ca39bd744be12fc88109f84a02d66290fb50829c5f41c31f938fabeb121eb2463366edfdf6ba4ef5898cc922b1bcda29658506e4162f4f3044428db4b5ca40","ssdeep":"","tlshash":"5911cbc577a2e441813615abd50f144bf575e47758acb410e6a1c4e4acb0abb443ab06","size":956,"data":"","first_seen":"2025-03-12T19:00:14.122018Z","last_seen":"2026-02-26T17:00:03.80743Z","times_seen":79470,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"b326b5062b2f0e69046810717534cb09","sha1":"5ffe533b830f08a0326348a9160afafc8ada44db","sha256":"b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b","sha512":"9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de","ssdeep":"","tlshash":"5430000000000000000000000000300c00000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:44Z","last_seen":"2026-04-04T01:31:34.596938Z","times_seen":352206,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"889ca9e2c79a3ce7aaadbcdfd0ce4ef5","sha1":"b05c2c051bae71f80cb8c289e5a42d4f96d323fa","sha256":"6477acf082d26199b6ce8346b93149b1b999233d9fe76b0340ebf43317cf98f8","sha512":"122a494d50a5e8077cdda40e8d6edb442bb9d89fff078852aad7f84fe24f1c58fe693f0388ca6c9453d1b33036da0b9c4e9fb394a18268e254d306ffc2ca57a3","ssdeep":"","tlshash":"46a002d4b4ed8125564583390104d91cf936c934c0d5701873f0466ca6e700a53610b2","size":62,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-04T01:31:34.597883Z","times_seen":331565,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"parking3.parklogic.com/page/scribe.php?pcId=12\u0026domain=1upfun.com\u0026aId=110\u0026pId=449\u0026usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416\u0026query=null\u0026domainJs=ww12.1upfun.com\u0026path=/\u0026ss=true\u0026lp=1\u0026tzB=UTC\u0026wd=false\u0026gpu=null","fqdn":"parking3.parklogic.com","domain":"parklogic.com","tld":"com"},"ip":{"addr":"172.232.7.47","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:22.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enhance-lb01.parklogic.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 00:41:30 GMT","end":"Wed, 25 Feb 2026 00:41:29 GMT"},"fingerprint":{"sha1":"1F:86:42:B2:D0:DC:8C:04:66:71:B3:1D:12:86:94:66:AA:A4:F0:53","sha256":"DE:22:E0:66:01:58:BA:55:12:64:EA:79:8C:51:98:E0:D9:94:9B:F7:63:31:AE:82:59:7C:9A:27:B2:0A:34:0D"}}},"request":{"raw":"GET /page/scribe.php?pcId=12\u0026domain=1upfun.com\u0026aId=110\u0026pId=449\u0026usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416\u0026query=null\u0026domainJs=ww12.1upfun.com\u0026path=/\u0026ss=true\u0026lp=1\u0026tzB=UTC\u0026wd=false\u0026gpu=null HTTP/1.1\r\nHost: parking3.parklogic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://ww12.1upfun.com/\r\nOrigin: http://ww12.1upfun.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 04:57:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":553,"timings":{"blocked":223,"dns":1,"connect":105,"send":0,"wait":107,"receive":0,"ssl":114},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"3.248.162.96","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:24.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2587\r\nOrigin: http://ww12.1upfun.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nCookie: cg_uuid=7c45afccedfae819f3ba7c4c2de677b1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2587,"data":"e=37dfbd8ee84e00126ce9c235e8418e9e9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674ed1878c567a6c48ab2c2155d233de6b9107625424c056535d615159c1b9394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7e43720058f18c2b687b05a6f24a7089abf02ac2b35970192caaa7f4919971e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b0606db6915124b89da56adc59a259bdc15b9b1bc6ce7fc02e70d2c073d56c96d5b9a589bae14b28a479b7edfc780565edd16790b44bbb131005d6595b83c2cd88c7fbc5689b64908eb28b69e3703b6cd72a79c4cedf0e2690b033872ca7dd0d9637f72d0c0b43cf76e75b9287be78bc8028d71bf7cf849b27c0194567bd065470785858c0a268f60a96ca8a2ba69569bfdf6ed481e5f87683b5f55c6379c8a71e48d8a3025f01e2e7ef38b63088b44ef3f279e30ffc68c00d906d83ba36d50735f8bcc4344c633956744f2543b8eb9e71c01ea50712512393b54fdf9a1010faa4c2bbbe64def0e7f481e4b2f24d4b20e64184b6457384426407ca645c7570eb7daf7774def99526d334c52f99aa32ccbf0b9e7e0f2326067f0dc5c2938d471b11937114c0af83e2ccc341198cf3f824c2dd7969d9cc133b6ffe94d95427b3249b5ec46395689a579f8b4d8ffb3ae6e1fac0845526aab96f718864a793b1ac109b69341403906b5d29c2e204deea7c93ebcf9902bad383451c2b55fc7dfd17a03edf9d7bd4761a334b3a616db50bcad04f0aea3e84feaa6bbb9a1ad52b2dbd1b7e308dbc844848e470f58e12d21b234017ed292683b3c52896027c888f12a1dfdff79c509a0017301ff26b370ddfc35d4eb03cfbec9e6edc86ae1c5761a368281416905403a48be41911906276d38b95189f81a8c5583ea861f8156053cc4d237bc9c24605d290f1dcbcf74fbd77\u0026cri=JvYLaH7Z98\u0026sf=0\u0026dc=LiYiOipdOi0tdy06LS06LVxxanNzOi1cLSwqOi1cLCsnJjotXC4tKCg6LVwuLCovOi1cLi0rLzotXC4sKyY6LVwuLigvOi1cLzotXC46LVwuKy8rOi1cLisvKjoqWzksLiI6KF06LS1oOi0tOixeLigtOi1cOi0tdzotLTosXistOi1cOi0tfUA6LS06LF4uLzooWzkoLiI6KF06LS12cXw6LS06LF4uOi1cOi0tfUA6LS06LF4vOihbOS4rLiI6KF06LS1sOi0tOixeLjotXDotLX1AOi0tOixeLzooWzkuKiYiOihdOi0tei86LS06LF46LS1sMXh6a11%2Ba2t6bWY6LS92bDotL3FwazotL346LS95anF8a3ZwcTotLTotXDotLX1AOi0tOixeLzooWzksLSkiOipdOihdOi0tfTotLTosXi86LVw6LS1sOi0tOixeOi0tLjotLTooWzotXDooXTotLX06LS06LF4vOi1cOi0tbDotLTosXjotLS46LS06KFs6Kls5Ki0vIjooXTotLW86LS06LF46LS1IdnEsLTotLTotXDotLXM6LS06LF46Kl06LS16cTJKTDotLTotXDotLXpxOi0tOipbOi1cOi0td3w6LS06LF4rJzotXDotLX1AOi0tOixeLis6KFs5JygrIjooXTotLWw6LS06LF4vOi1cOi0tejotLTosXjotLU9qfXN2fFR6Zlxtent6cWt2fnM6LS92bDotL3FwazotL3t6eXZxens6LS06LVw6LS19QDotLTosXi86KFs%3D\u0026cp=1\u0026gtm=-\u0026gac=-\u0026uvid=6eeb65b5d56de95c422b13d168524f25611def5c\u0026tb=1\u0026ich=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=1001\u0026mo=0\u0026pn=2491\u0026spn=1488\u0026fp=665"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww12.1upfun.com\r\ncontent-type: application/json\r\ndate: Sun, 04 Jan 2026 04:57:24 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph\u0026output=uds_ads_only\u0026zx=wrj569cxtfa1\u0026cd_fexp=72717108\u0026aqid=M_NZae_VEsXMjuwPiLH6uAg\u0026psid=5837883959\u0026pbt=bs\u0026adbx=375\u0026adby=132\u0026adbh=387\u0026adbw=530\u0026adbah=120%2C120%2C120\u0026adbn=master-1\u0026eawp=partner-dp-teaminternet09_3ph\u0026errv=842209568\u0026csala=6%7C0%7C341%7C56%7C158\u0026lle=0\u0026ifv=1\u0026hpt=1","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:25.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:55 GMT","end":"Wed, 25 Feb 2026 15:59:54 GMT"},"fingerprint":{"sha1":"E1:2F:78:B9:70:56:82:55:8F:41:90:B0:9A:C0:C3:0F:E6:89:5E:9A","sha256":"65:E4:E5:2E:71:67:66:D0:0B:50:31:80:5A:C3:63:4C:C6:F8:8D:BF:5C:0C:3A:82:A6:17:4B:BB:C8:ED:DA:8D"}}},"request":{"raw":"GET /afs/gen_204?client=dp-teaminternet09_3ph\u0026output=uds_ads_only\u0026zx=wrj569cxtfa1\u0026cd_fexp=72717108\u0026aqid=M_NZae_VEsXMjuwPiLH6uAg\u0026psid=5837883959\u0026pbt=bs\u0026adbx=375\u0026adby=132\u0026adbh=387\u0026adbw=530\u0026adbah=120%2C120%2C120\u0026adbn=master-1\u0026eawp=partner-dp-teaminternet09_3ph\u0026errv=842209568\u0026csala=6%7C0%7C341%7C56%7C158\u0026lle=0\u0026ifv=1\u0026hpt=1 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-cNF5Kq0E9MXC7WAyqpNOpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ndate: Sun, 04 Jan 2026 04:57:25 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"3.248.162.96","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:33.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1800\r\nOrigin: http://ww12.1upfun.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nCookie: cg_uuid=7c45afccedfae819f3ba7c4c2de677b1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1800,"data":"e=37dfbd8ee84e00126ce9c235e8418e9e9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674ed1878c567a6c48ab2c2155d233de6b9107625424c056535d615159c1b9394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7e43720058f18c2b687b05a6f24a7089abf02ac2b35970192caaa7f4919971e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b0606db6915124b89da56adc59a259bdc15b9b1bc6ce7fc02e70d2c073d56c96d5b9a589bae14b28a479b7edfc780565edd16790b44bbb131005d6595b83c2cd88c7fbc5689b64908eb28b69e3703b6cd72a79c4cedf0e2690b033872ca7dd0d9637f72d0c0b43cf76e75b9287be78bc8028d71bf7cf849b27c0194567bd065470785858c0a268f60a96ca8a2ba69569bfdf6ed481e5f87683b5f55c6379c8a71e48d8a3025f01e2e7ef38b63088b44ef3f279e30ffc68c00d906d83ba36d50735f8bcc4344c633956744f2543b8eb9e71c01ea50712512393b54fdf9a1010faa4c2bbbe64def0e7f481e4b2f24d4b20e64184b6457384426407ca645c7570eb7daf7774def99526d334c52f99aa32ccbf0b9e7e0f2326067f0dc5c2938d471b11937114c0af83e2ccc341198cf3f824c2dd7969d9cc133b6ffe94d95427b3249b5ec46395689a579f8b4d8ffb3ae6e1fac0845526aab96f718864a793b1ac109b69341403906b5d29c2e204deea7c93ebcf9902bad383451c2b55fc7dfd17a03edf9d7bd4761a334b3a616db50bcad04f0aea3e84feaa6bbb9a1ad52b2dbd1b7e308dbc844848e470f58e12d21b234017ed292683b3c52896027c888f12a1dfdff79c509a0017301ff26b370ddfc35d4eb03cfbec9e6edc86ae1c5761a368281416905403a48be41911906276d38b95189f81a8c5583ea861f8156053cc4d237bc9c24605d290f1dcbcf74fbd77\u0026cri=JvYLaH7Z98\u0026sf=0\u0026dc=\u0026cp=10\u0026gtm=-\u0026gac=-\u0026uvid=6eeb65b5d56de95c422b13d168524f25611def5c\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=10011\u0026mo=0\u0026pn=11501\u0026spn=1488\u0026fp=665\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww12.1upfun.com\r\ncontent-type: application/json\r\ndate: Sun, 04 Jan 2026 04:57:33 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.74.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://syndicatedsearch.goog/afs/ads?sjk=4KPFb4D2SyyPylKQops3Eg%3D%3D\u0026adtest=off\u0026psid=5837883959\u0026pcsa=false\u0026channel=000001%2Cbucket011\u0026client=dp-teaminternet09_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww12.1upfun.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.ntL52JHxANVjOfeRPMUBuRA-LlqXLeeyQMEcdEKmhpynJARvQqeIqg.y3m_PG_NRxjAE_7EuYQq5A.FbE7E5RczdhAorVNN-3bU-QT5MBkCdhioqIjfD5OaMfR-4enwX0R6lmhSIbA0Jr-Z5mpvsuRYgy-g9h5GQ_PO3P8DeWBDpMlbH3Ca_lb4ME-53VdA6VYfiG_IZZWeZt2We2Iq89jRP-xhXH79nGx51gTKak_DyDgvgQK9kJ46e11J-BcLFRuPACTpnYV-5a8E3uHdRN85fmru_WzvZno2JCnN6n4nNTDlO-u-bZRWP7Zk0SOdljoJtepbcjedy2DMrzNCLUKCt5oybRI5RmsB-4HdGFw9PfqOcVZBUMdjhBIjbOaWKHaG3HFHnpif3R3ghEYJIByNLoICfVfQRD7i8yD07vqBqDU8vb6S47zQutuNJeksijwwuh3NhGQh7h6YNixx_yQukYeqwDmeFPLXobv-SEqQ_IjFWbAdj-ArYijlzYX2pPJ0SVV-ltGlfk2s7TDFDKnt0rMOMj6s7dxTxVJkIX9EqW5bEqhSV1BTO1FwdibIjlyZyOTiF3d3UBPWctZmJIB3eG5DY9ONFeQAvsIXAue-sKAaLwgk5RJZ3bu-ZOllPYL36ec-XGLGQV7RBlLHYXjPg3AIMfwSyEzztTOdyYFILWOjkMkEIqqKzo.G6t7jl0r_f1leCSweOKYPw\u0026type=3\u0026swp=as-drid-2733393318609526\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717108\u0026format=r3%7Cs\u0026nocache=9321767502643159\u0026num=0\u0026output=afd_ads\u0026domain_name=ww12.1upfun.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=3\u0026u_tz=0\u0026dt=1767502643161\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=760\u0026frm=0\u0026uio=--\u0026cont=tc\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww12.1upfun.com%2F%3Fusid%3D104%26utid%3D967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:52:44 GMT","end":"Wed, 25 Feb 2026 15:52:43 GMT"},"fingerprint":{"sha1":"6A:F0:34:52:EF:16:19:7F:E7:B8:2A:C3:D8:EC:36:27:5F:48:61:31","sha256":"15:AF:19:35:54:71:85:51:A2:01:3A:93:C7:2E:1A:DF:0B:24:9A:C4:A8:2A:59:2F:4B:82:64:81:BB:74:37:D8"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 270\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 03 Jan 2026 13:55:49 GMT\r\nexpires: Sun, 04 Jan 2026 12:55:49 GMT\r\ncache-control: public, max-age=82800\r\nage: 54095\r\nlast-modified: Thu, 20 Jul 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":391,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"8959ddcd9712196961d93f58064ed655","sha1":"62ab1e38e7e9fbf58a04381b76c2d96a9c829f24","sha256":"17c7a89bf169c2ee400e31b042cea68513f06b9cd7d1e8990dbec800f0d771c7","sha512":"5e9effa313c30b351345db963238b4afd0728ca302fd79a853c80c89f042266d44cc1d29492520fb0fa80b47135e54e6963dfc21972f6b236b84c1da2fad809d","ssdeep":"","tlshash":"2ae068fa82846d044a8543b0ee09a7a442fff076535d90bbc1e4e6fcb0489eaacd2745","first_seen":"2023-04-08T10:54:48Z","last_seen":"2026-01-21T15:14:27.461955Z","times_seen":243741,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":261,"dns":2,"connect":23,"send":0,"wait":24,"receive":0,"ssl":237},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"router.parklogic.com/","fqdn":"router.parklogic.com","domain":"parklogic.com","tld":"com"},"ip":{"addr":"172.234.216.100","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.1upfun.com/","date":"2026-01-04T04:57:17.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"router-lb01.parklogic.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 12:02:42 GMT","end":"Sun, 25 Jan 2026 12:02:41 GMT"},"fingerprint":{"sha1":"10:6E:F2:4F:5D:F2:C2:B7:33:30:F3:3B:3D:88:83:69:F8:8A:60:2A","sha256":"DD:5E:50:D8:D6:72:D8:5A:56:DC:C8:AF:CF:1F:EE:23:3A:7E:C1:C5:9C:C1:99:74:3F:F1:F7:D3:3C:8C:E4:C3"}}},"request":{"raw":"POST / HTTP/1.1\r\nHost: router.parklogic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 429\r\nOrigin: https://www.1upfun.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.1upfun.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":429,"data":"{\"parameters\":{\"path\":\"/\",\"protocol\":\"https\",\"timezoneGeo\":\"Europe/Oslo\",\"continentName\":\"Europe\",\"countryName\":\"Norway\",\"domainApex\":\"1upfun.com\",\"domainFull\":\"www.1upfun.com\",\"ipOrig\":\"91.90.42.154\",\"continent\":\"EU\",\"region\":\"03\",\"regionName\":\"Oslo County\",\"country\":\"NO\",\"uuid\":\"967af6e2b2bf1f6adaa240098ff41416\",\"tenant\":\"shared\",\"city\":\"Oslo\",\"adBlockingDetected\":false,\"timezoneBrowser\":\"UTC\",\"webdriver\":false,\"gpu\":null}}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 04:57:18 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":70,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"53b0230500ed3f66f0068f0ddeb64705","sha1":"5304c9b9d73c7383b4811ebeedf733ef622dd8c1","sha256":"d0555439175af4654cb3e746ef323adb0ea2e56e77ccefc7efb17f373ceb2074","sha512":"95585d05c1451f9148f1e27523e1d7087a7d22c5897fb5a708eec5fe00e0815c214175936cecdded11a37e9d6b9642acdc52239d5c2ff049effdeb0d62879e62","ssdeep":"","tlshash":"5ea002ddc06417534de6dc77b1fb8d805fafa95042c6a25c64c18d1711348bab901a28","first_seen":"2026-01-04T04:57:46.008486Z","last_seen":"2026-01-04T04:57:46.008486Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1610,"timings":{"blocked":235,"dns":14,"connect":106,"send":0,"wait":1140,"receive":0,"ssl":113},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/favicon.ico","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.022Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ww12.1upfun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 04 Jan 2026 04:57:23 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 0\r\nLast-Modified: Wed, 16 Oct 2024 07:59:04 GMT\r\nConnection: keep-alive\r\nETag: \"670f7248-0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/ct?id=80705\u0026url=http%3A%2F%2Fww12.1upfun.com%2F%3Fusid%3D104%26utid%3D967af6e2b2bf1f6adaa240098ff41416\u0026sf=0\u0026tpi=\u0026ch=AdsDeli%20-%20domain%20-%20landingpage\u0026uvid=6eeb65b5d56de95c422b13d168524f25611def5c\u0026tsf=0\u0026tsfmi=\u0026tsfu=\u0026cb=1767502643392\u0026hl=3\u0026op=0\u0026ag=2881387774\u0026rand=636921901666001716829188958926216277166101176161759157505865765807821781278620477270990910\u0026fs=1280x1024\u0026fst=1280x1024\u0026np=win32\u0026nv=\u0026ref=\u0026ss=1280x1024\u0026nc=0\u0026at=\u0026di=W1siZWYiLDU4MzRdLFsiYWJuY2giLDE3XSxbLTYsIntcIndcIjpbXCIwXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJ1c2lkXCIsXCJ1dGlkXCIsXCJwYXRoXCIsXCJnZXRHUFVWZW5kb3JcIixcInRjYmxvY2tcIixcInNlYXJjaGJveEJsb2NrXCIsXCJnZXRYTUxodHRwXCIsXCJmYWxsYmFja1JlZGlyZWN0XCIsXCJhamF4UXVlcnlcIixcImFqYXhCYWNrZmlsbFwiLFwibG9hZEZlZWRcIixcInhtbEh0dHBcIixcImdldExvYWRGZWVkQXJndW1lbnRzXCIsXCJfX2N0Y2dfY3RfODA3MDVfZXhlY1wiXSxcIm5cIjpbXSxcImRcIjpbXX0iXSxbLTEwLCItIl0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJtZXNhXCIsXCJyXCI6XCJsbHZtcGlwZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMFwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wXCIsXCJndmVuXCI6XCJtb3ppbGxhXCIsXCJiZW5cIjo2MSxcIndnbFwiOjEsXCJncmVuXCI6XCJsbHZtcGlwZVwiLFwic2VmXCI6NDk0MTk1MDQzLFwic2VjXCI6XCJcIn0iXSxbLTM1LCJbMTc2NzUwMjY0MzA3NSwwXSJdLFstNTcsIlMzbFJUVTFKU2dNV0ZseE1WbHNYUUZaTVNrMVlTMHBiVEZCVlhWQlhYaGRhVmxRV1NrRkpGbEFXQ3dzTlh3RU1DZ2tMV0ZnTFd3OWNXZ29KV0ZoYUFGZ0JERjFZQzFwYlh3QVhVMG9EQ0FNQkR3c0tDaFVPQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBCV1RFcE5XRXRLVzB4UVZWMVFWMTRYV2xaVUZrcEJTUlpRRmdzTERWOEJEQW9KQzFoWUMxc1BYRm9LQ1ZoWVdnQllBUXhkV0F0YVcxOEFGMU5LQXdnREFROE5DZ2dWU2x4TmJWQlVYRlpNVFJsUldGZGRWVnhMRXc0SUFCWk5GMXhCU1ZaTFRVb1dCWGxSVFUxSlNnTVdGbHhNVmxzWFFGWk1TazFZUzBwYlRGQlZYVkJYWGhkYVZsUVdTZz09Il0sWy0xNywiNDgiXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTQxLCItIl0sWy02NiwiLSJdLFstNjgsIi0iXSxbLTEsIkxpbnV4IHg4Nl82NCJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstNCwiLSJdLFstOSwiLSJdLFstMjUsIi0iXSxbLTM5LCJbXCIyMDEwMDEwMVwiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixcIjIwMTgxMDAxMDAwMDAwXCIsbnVsbCxmYWxzZSxudWxsLGZhbHNlLG51bGwsNSx0cnVlLGZhbHNlLG51bGwsMCxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZV0iXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDAxMTEwMDEwMDAwMDEwMDAwMDAwMDAwMDEiXSxbLTU5LCItIl0sWy02MCwiLSJdLFstMiwiNyxJc045bkduV2JBWUFJeE5mUWFPcUdFMENGQVFzY0cwMEluaE9iWUJBS1lVT3pRTzZFWDAyMEltR0xjdTYydXJkUC9jMmQycE5tVlpBd2YzLy84ejc5R3JIYTFXdTNPbVhQUHZlIl0sWy01LCItIl0sWy0yMSwiLSJdLFstMzAsIltcInZcIiwwXSJdLFstMzYsIltcIjUvNFwiLFwiNS80XCJdIl0sWy00OCwiW1wiLVwiLFwiLVwiLFwiLVwiLFwiLVwiLFwiLVwiXSJdLFstNTAsIi0iXSxbLTUxLCItIl0sWy01MiwiLSJdLFstNzQsIi0iXSxbLTE0LCItIl0sWy0zMSwiZmFsc2UiXSxbLTM0LCItIl0sWy00MiwiODgzMzk5MDE2Il0sWy00NCwiMCw1LDAsNSJdLFstNDUsIjc1MiwwLDAsNzE5LDAsMCw3NjEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTUzLCIwMDEiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNjcsIi0iXSxbLTcxLCJhMDEwMDEwMTEwMDEwMDEwMTAwMDEwMTAwMTEwMTEwMDAwMDAxMCJdLFstNywiLSJdLFstMjQsIltdIl0sWy0zNywiLSJdLFstNTgsIi0iXSxbLTEzLCItIl0sWy0yNiwiLSJdLFstMzMsIi0iXSxbLTY0LCItIl0sWy02OSwiV2luMzJ8fHw0OHwtfC0iXSxbLTczLCJFaFE9Il0sWy04LCItIl0sWy00MCwiMzciXSxbLTQ5LCItIl0sWy01NCwie1wiaFwiOltcIjMyOTk3Mjg0NTJcIixcIjgyMjgyMzExOVwiLFwiXzNcIixcIjI2MzkyMjI0NjhcIl0sXCJkXCI6W10sXCJiXCI6W1wiXzBcIixcIjI2NDYwMzg4MlwiXSxcInNcIjoxfSJdLFstNjIsIjU4Il0sWy02NSwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltdfSJdLFstMjMsIisiXSxbLTI3LCItIl0sWy0zOCwiaSwtMSwtMSwwLDAsMTcsMCwxLDMxLDg4LC0xLDAsLDY2NSwxMTYyLDExNjMiXSxbLTU1LCIwIl0sWy02MywiLSJdLFsiYm5jaCIsNDgwXSxbLTEyLCJcIjFcIiJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xOCwiWzEsMCwwLDBdIl0sWy0yMCwiLSJdLFstMjksIi0iXSxbLTMyLCIwIl0sWy00NiwiMCJdLFstNzAsIi0iXSxbLTYxLCItIl0sWy03MiwiRXhVPSJdLFsiZGRiIiwiMCw3LDAsMCwxLDIsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMSwwLDIsMCwxLDEsMCwwLDAsMSwzLDQzLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDIsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMSwwLDAsMCJdLFsiY2IiLCIxLDAsMCwwLDAsMCwwLDAsMCwzLDIsMCw2MywwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDEsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXV0%3D\u0026dep=0\u0026pre=0\u0026sdd=\u0026cri=JvYLaH7Z98\u0026pto=1169\u0026ver=65\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1767502643.i2GfKPt9YaeLjiL9\u0026suid=1.1767502643.1kIFg1utsnGq84JB\u0026tuid=1.1767502643.ICqka6XiBdafGd4F\u0026fbc=-\u0026gtm=-\u0026it=11%2C193%2C41\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=\u0026sck=-\u0026io=aGA2Og%3D%3D","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"3.248.162.96","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"GET /ct?id=80705\u0026url=http%3A%2F%2Fww12.1upfun.com%2F%3Fusid%3D104%26utid%3D967af6e2b2bf1f6adaa240098ff41416\u0026sf=0\u0026tpi=\u0026ch=AdsDeli%20-%20domain%20-%20landingpage\u0026uvid=6eeb65b5d56de95c422b13d168524f25611def5c\u0026tsf=0\u0026tsfmi=\u0026tsfu=\u0026cb=1767502643392\u0026hl=3\u0026op=0\u0026ag=2881387774\u0026rand=636921901666001716829188958926216277166101176161759157505865765807821781278620477270990910\u0026fs=1280x1024\u0026fst=1280x1024\u0026np=win32\u0026nv=\u0026ref=\u0026ss=1280x1024\u0026nc=0\u0026at=\u0026di=W1siZWYiLDU4MzRdLFsiYWJuY2giLDE3XSxbLTYsIntcIndcIjpbXCIwXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJ1c2lkXCIsXCJ1dGlkXCIsXCJwYXRoXCIsXCJnZXRHUFVWZW5kb3JcIixcInRjYmxvY2tcIixcInNlYXJjaGJveEJsb2NrXCIsXCJnZXRYTUxodHRwXCIsXCJmYWxsYmFja1JlZGlyZWN0XCIsXCJhamF4UXVlcnlcIixcImFqYXhCYWNrZmlsbFwiLFwibG9hZEZlZWRcIixcInhtbEh0dHBcIixcImdldExvYWRGZWVkQXJndW1lbnRzXCIsXCJfX2N0Y2dfY3RfODA3MDVfZXhlY1wiXSxcIm5cIjpbXSxcImRcIjpbXX0iXSxbLTEwLCItIl0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJtZXNhXCIsXCJyXCI6XCJsbHZtcGlwZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMFwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wXCIsXCJndmVuXCI6XCJtb3ppbGxhXCIsXCJiZW5cIjo2MSxcIndnbFwiOjEsXCJncmVuXCI6XCJsbHZtcGlwZVwiLFwic2VmXCI6NDk0MTk1MDQzLFwic2VjXCI6XCJcIn0iXSxbLTM1LCJbMTc2NzUwMjY0MzA3NSwwXSJdLFstNTcsIlMzbFJUVTFKU2dNV0ZseE1WbHNYUUZaTVNrMVlTMHBiVEZCVlhWQlhYaGRhVmxRV1NrRkpGbEFXQ3dzTlh3RU1DZ2tMV0ZnTFd3OWNXZ29KV0ZoYUFGZ0JERjFZQzFwYlh3QVhVMG9EQ0FNQkR3c0tDaFVPQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBCV1RFcE5XRXRLVzB4UVZWMVFWMTRYV2xaVUZrcEJTUlpRRmdzTERWOEJEQW9KQzFoWUMxc1BYRm9LQ1ZoWVdnQllBUXhkV0F0YVcxOEFGMU5LQXdnREFROE5DZ2dWU2x4TmJWQlVYRlpNVFJsUldGZGRWVnhMRXc0SUFCWk5GMXhCU1ZaTFRVb1dCWGxSVFUxSlNnTVdGbHhNVmxzWFFGWk1TazFZUzBwYlRGQlZYVkJYWGhkYVZsUVdTZz09Il0sWy0xNywiNDgiXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTQxLCItIl0sWy02NiwiLSJdLFstNjgsIi0iXSxbLTEsIkxpbnV4IHg4Nl82NCJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstNCwiLSJdLFstOSwiLSJdLFstMjUsIi0iXSxbLTM5LCJbXCIyMDEwMDEwMVwiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixcIjIwMTgxMDAxMDAwMDAwXCIsbnVsbCxmYWxzZSxudWxsLGZhbHNlLG51bGwsNSx0cnVlLGZhbHNlLG51bGwsMCxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZV0iXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDAxMTEwMDEwMDAwMDEwMDAwMDAwMDAwMDEiXSxbLTU5LCItIl0sWy02MCwiLSJdLFstMiwiNyxJc045bkduV2JBWUFJeE5mUWFPcUdFMENGQVFzY0cwMEluaE9iWUJBS1lVT3pRTzZFWDAyMEltR0xjdTYydXJkUC9jMmQycE5tVlpBd2YzLy84ejc5R3JIYTFXdTNPbVhQUHZlIl0sWy01LCItIl0sWy0yMSwiLSJdLFstMzAsIltcInZcIiwwXSJdLFstMzYsIltcIjUvNFwiLFwiNS80XCJdIl0sWy00OCwiW1wiLVwiLFwiLVwiLFwiLVwiLFwiLVwiLFwiLVwiXSJdLFstNTAsIi0iXSxbLTUxLCItIl0sWy01MiwiLSJdLFstNzQsIi0iXSxbLTE0LCItIl0sWy0zMSwiZmFsc2UiXSxbLTM0LCItIl0sWy00MiwiODgzMzk5MDE2Il0sWy00NCwiMCw1LDAsNSJdLFstNDUsIjc1MiwwLDAsNzE5LDAsMCw3NjEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTUzLCIwMDEiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNjcsIi0iXSxbLTcxLCJhMDEwMDEwMTEwMDEwMDEwMTAwMDEwMTAwMTEwMTEwMDAwMDAxMCJdLFstNywiLSJdLFstMjQsIltdIl0sWy0zNywiLSJdLFstNTgsIi0iXSxbLTEzLCItIl0sWy0yNiwiLSJdLFstMzMsIi0iXSxbLTY0LCItIl0sWy02OSwiV2luMzJ8fHw0OHwtfC0iXSxbLTczLCJFaFE9Il0sWy04LCItIl0sWy00MCwiMzciXSxbLTQ5LCItIl0sWy01NCwie1wiaFwiOltcIjMyOTk3Mjg0NTJcIixcIjgyMjgyMzExOVwiLFwiXzNcIixcIjI2MzkyMjI0NjhcIl0sXCJkXCI6W10sXCJiXCI6W1wiXzBcIixcIjI2NDYwMzg4MlwiXSxcInNcIjoxfSJdLFstNjIsIjU4Il0sWy02NSwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltdfSJdLFstMjMsIisiXSxbLTI3LCItIl0sWy0zOCwiaSwtMSwtMSwwLDAsMTcsMCwxLDMxLDg4LC0xLDAsLDY2NSwxMTYyLDExNjMiXSxbLTU1LCIwIl0sWy02MywiLSJdLFsiYm5jaCIsNDgwXSxbLTEyLCJcIjFcIiJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xOCwiWzEsMCwwLDBdIl0sWy0yMCwiLSJdLFstMjksIi0iXSxbLTMyLCIwIl0sWy00NiwiMCJdLFstNzAsIi0iXSxbLTYxLCItIl0sWy03MiwiRXhVPSJdLFsiZGRiIiwiMCw3LDAsMCwxLDIsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMSwwLDIsMCwxLDEsMCwwLDAsMSwzLDQzLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDIsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMSwwLDAsMCJdLFsiY2IiLCIxLDAsMCwwLDAsMCwwLDAsMCwzLDIsMCw2MywwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDEsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXV0%3D\u0026dep=0\u0026pre=0\u0026sdd=\u0026cri=JvYLaH7Z98\u0026pto=1169\u0026ver=65\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1767502643.i2GfKPt9YaeLjiL9\u0026suid=1.1767502643.1kIFg1utsnGq84JB\u0026tuid=1.1767502643.ICqka6XiBdafGd4F\u0026fbc=-\u0026gtm=-\u0026it=11%2C193%2C41\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=\u0026sck=-\u0026io=aGA2Og%3D%3D HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript\r\ndate: Sun, 04 Jan 2026 04:57:23 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\nset-cookie: cg_uuid=7c45afccedfae819f3ba7c4c2de677b1; Max-Age=29030400; Path=/; Expires=Sun, 06 Dec 2026 04:57:23 GMT; HttpOnly; Secure; SameSite=None\r\ntiming-allow-origin: http://ww12.1upfun.com\r\ncontent-length: 1188\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3489,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (3489), with no line terminators","md5":"a61a41839e16e4082a2180ca884091ec","sha1":"0dc72ef5c1788e5c63fff0f27d445803027b418e","sha256":"0ad27f4cd305809ed7d1938b9ac56ac8fa4def0b5e79543c4f9d33d782386500","sha512":"23e8c98531dbd3531a5a5a3e549d967614e1b12bab3be08f08edf185cc8f99d38d46a7cb23d682592e26454a418c0546778d045c806e95542591244b9023cf69","ssdeep":"","tlshash":"8e71b6bf6a1a4c5d3add57d6d240e0e373e29a3b014f5405a03affc709eb6101b36514","first_seen":"2026-01-04T04:57:46.012091Z","last_seen":"2026-01-04T04:57:46.012091Z","times_seen":1,"resource_available":true,"data":null}},"time_used":275,"timings":{"blocked":109,"dns":1,"connect":34,"send":0,"wait":54,"receive":1,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep1.adtrafficquality.google/getconfig/sodar?sv=200\u0026tid=afs\u0026tv=1234567890\u0026st=env\u0026sjk=4KPFb4D2SyyPylKQops3Eg==\u0026sde=1","fqdn":"ep1.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"216.58.211.2","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:52 GMT","end":"Wed, 25 Feb 2026 15:59:51 GMT"},"fingerprint":{"sha1":"E4:25:76:F6:C4:FB:46:FE:7A:37:E5:D8:E5:14:75:A2:B3:75:D2:9B","sha256":"34:44:B0:C8:96:F4:D4:42:DB:58:BD:4B:C9:72:0A:E2:31:20:B1:87:B3:2A:DD:E7:6B:62:AA:AB:58:B6:92:89"}}},"request":{"raw":"GET /getconfig/sodar?sv=200\u0026tid=afs\u0026tv=1234567890\u0026st=env\u0026sjk=4KPFb4D2SyyPylKQops3Eg==\u0026sde=1 HTTP/1.1\r\nHost: ep1.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://ww12.1upfun.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\ncontent-type: application/json; charset=UTF-8\r\nx-content-type-options: nosniff\r\ncontent-disposition: attachment; filename=\"f.txt\"\r\ncontent-encoding: br\r\ndate: Sun, 04 Jan 2026 04:57:23 GMT\r\nserver: cafe\r\ncontent-length: 8023\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10618,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"04ecd553f1172d0312de369604de1e54","sha1":"6c8546c79875842b44df25651a96798a7058150c","sha256":"777533a1eae1aebe76d6042c303effae6d12031c3f8fa96f8cd32b23e557cd65","sha512":"e944527946537cac9ee83f4e5c4c310f92a107a9d98b979b315ba00e9a8a44417d59194a0ad22980ed76be273f0dbb7892452c465e3f6f81bab6a3300d468fad","ssdeep":"192:nPCaEhXgCdin6VV4Ee5vrdtH7zM6DSNOlV1QejZmvkCTn7EjWI274DWgDF:nKbXgCdVVV4EErXzM6DSNOlTjAbaWI2a","tlshash":"5022bf8be96bb0dc56732efdb1d3c70509582951819e00bb594ef8c46e1f30c2c2eda8","first_seen":"2026-01-04T04:57:46.015548Z","last_seen":"2026-01-04T04:57:46.015548Z","times_seen":1,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":65,"dns":1,"connect":7,"send":0,"wait":28,"receive":1,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"parking3.parklogic.com/page/enhance.js?pcId=12\u0026domain=1upfun.com","fqdn":"parking3.parklogic.com","domain":"parklogic.com","tld":"com"},"ip":{"addr":"172.232.7.47","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:22.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enhance-lb01.parklogic.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 00:41:30 GMT","end":"Wed, 25 Feb 2026 00:41:29 GMT"},"fingerprint":{"sha1":"1F:86:42:B2:D0:DC:8C:04:66:71:B3:1D:12:86:94:66:AA:A4:F0:53","sha256":"DE:22:E0:66:01:58:BA:55:12:64:EA:79:8C:51:98:E0:D9:94:9B:F7:63:31:AE:82:59:7C:9A:27:B2:0A:34:0D"}}},"request":{"raw":"GET /page/enhance.js?pcId=12\u0026domain=1upfun.com HTTP/1.1\r\nHost: parking3.parklogic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 04:57:22 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1608,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"d8d354d2f14a80759d61f47f33938c0a","sha1":"681da0951165a6e253f010ec1fc5fec97b459d27","sha256":"200cb9afdc3416e263fe5e3f72b3927f33b2a38e833728f5463ccebf34c553f1","sha512":"30b3983a117f81c7b0ae3917de3fcfa0b105a82b6e4d7861fcafc19135f673388ee4e5056a10305e9ead9726beff836aa62ef14596d69ab59d32e31226347447","ssdeep":"","tlshash":"8b31314e597452b445b3303de207a0106f3bc65a3219e555baadc9405f4be2f8333add","first_seen":"2026-01-04T04:57:46.018088Z","last_seen":"2026-01-04T04:57:46.018088Z","times_seen":1,"resource_available":true,"data":null}},"time_used":561,"timings":{"blocked":225,"dns":1,"connect":107,"send":0,"wait":110,"receive":0,"ssl":115},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/ads?sjk=4KPFb4D2SyyPylKQops3Eg%3D%3D\u0026adtest=off\u0026psid=5837883959\u0026pcsa=false\u0026channel=000001%2Cbucket011\u0026client=dp-teaminternet09_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww12.1upfun.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.ntL52JHxANVjOfeRPMUBuRA-LlqXLeeyQMEcdEKmhpynJARvQqeIqg.y3m_PG_NRxjAE_7EuYQq5A.FbE7E5RczdhAorVNN-3bU-QT5MBkCdhioqIjfD5OaMfR-4enwX0R6lmhSIbA0Jr-Z5mpvsuRYgy-g9h5GQ_PO3P8DeWBDpMlbH3Ca_lb4ME-53VdA6VYfiG_IZZWeZt2We2Iq89jRP-xhXH79nGx51gTKak_DyDgvgQK9kJ46e11J-BcLFRuPACTpnYV-5a8E3uHdRN85fmru_WzvZno2JCnN6n4nNTDlO-u-bZRWP7Zk0SOdljoJtepbcjedy2DMrzNCLUKCt5oybRI5RmsB-4HdGFw9PfqOcVZBUMdjhBIjbOaWKHaG3HFHnpif3R3ghEYJIByNLoICfVfQRD7i8yD07vqBqDU8vb6S47zQutuNJeksijwwuh3NhGQh7h6YNixx_yQukYeqwDmeFPLXobv-SEqQ_IjFWbAdj-ArYijlzYX2pPJ0SVV-ltGlfk2s7TDFDKnt0rMOMj6s7dxTxVJkIX9EqW5bEqhSV1BTO1FwdibIjlyZyOTiF3d3UBPWctZmJIB3eG5DY9ONFeQAvsIXAue-sKAaLwgk5RJZ3bu-ZOllPYL36ec-XGLGQV7RBlLHYXjPg3AIMfwSyEzztTOdyYFILWOjkMkEIqqKzo.G6t7jl0r_f1leCSweOKYPw\u0026type=3\u0026swp=as-drid-2733393318609526\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717108\u0026format=r3%7Cs\u0026nocache=9321767502643159\u0026num=0\u0026output=afd_ads\u0026domain_name=ww12.1upfun.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=3\u0026u_tz=0\u0026dt=1767502643161\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=760\u0026frm=0\u0026uio=--\u0026cont=tc\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww12.1upfun.com%2F%3Fusid%3D104%26utid%3D967af6e2b2bf1f6adaa240098ff41416","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:55 GMT","end":"Wed, 25 Feb 2026 15:59:54 GMT"},"fingerprint":{"sha1":"E1:2F:78:B9:70:56:82:55:8F:41:90:B0:9A:C0:C3:0F:E6:89:5E:9A","sha256":"65:E4:E5:2E:71:67:66:D0:0B:50:31:80:5A:C3:63:4C:C6:F8:8D:BF:5C:0C:3A:82:A6:17:4B:BB:C8:ED:DA:8D"}}},"request":{"raw":"GET /afs/ads?sjk=4KPFb4D2SyyPylKQops3Eg%3D%3D\u0026adtest=off\u0026psid=5837883959\u0026pcsa=false\u0026channel=000001%2Cbucket011\u0026client=dp-teaminternet09_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww12.1upfun.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.ntL52JHxANVjOfeRPMUBuRA-LlqXLeeyQMEcdEKmhpynJARvQqeIqg.y3m_PG_NRxjAE_7EuYQq5A.FbE7E5RczdhAorVNN-3bU-QT5MBkCdhioqIjfD5OaMfR-4enwX0R6lmhSIbA0Jr-Z5mpvsuRYgy-g9h5GQ_PO3P8DeWBDpMlbH3Ca_lb4ME-53VdA6VYfiG_IZZWeZt2We2Iq89jRP-xhXH79nGx51gTKak_DyDgvgQK9kJ46e11J-BcLFRuPACTpnYV-5a8E3uHdRN85fmru_WzvZno2JCnN6n4nNTDlO-u-bZRWP7Zk0SOdljoJtepbcjedy2DMrzNCLUKCt5oybRI5RmsB-4HdGFw9PfqOcVZBUMdjhBIjbOaWKHaG3HFHnpif3R3ghEYJIByNLoICfVfQRD7i8yD07vqBqDU8vb6S47zQutuNJeksijwwuh3NhGQh7h6YNixx_yQukYeqwDmeFPLXobv-SEqQ_IjFWbAdj-ArYijlzYX2pPJ0SVV-ltGlfk2s7TDFDKnt0rMOMj6s7dxTxVJkIX9EqW5bEqhSV1BTO1FwdibIjlyZyOTiF3d3UBPWctZmJIB3eG5DY9ONFeQAvsIXAue-sKAaLwgk5RJZ3bu-ZOllPYL36ec-XGLGQV7RBlLHYXjPg3AIMfwSyEzztTOdyYFILWOjkMkEIqqKzo.G6t7jl0r_f1leCSweOKYPw\u0026type=3\u0026swp=as-drid-2733393318609526\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717108\u0026format=r3%7Cs\u0026nocache=9321767502643159\u0026num=0\u0026output=afd_ads\u0026domain_name=ww12.1upfun.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=3\u0026u_tz=0\u0026dt=1767502643161\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=760\u0026frm=0\u0026uio=--\u0026cont=tc\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww12.1upfun.com%2F%3Fusid%3D104%26utid%3D967af6e2b2bf1f6adaa240098ff41416 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-disposition: inline\r\ndate: Sun, 04 Jan 2026 04:57:23 GMT\r\nexpires: Sun, 04 Jan 2026 04:57:23 GMT\r\ncache-control: private, max-age=3600\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-oUtQgcWBgCUvjTf51zjFKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ncontent-encoding: br\r\nserver: gws\r\ncontent-length: 3671\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":16369,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (15572)","md5":"7522e09512ca0f019591f74a5177f91a","sha1":"64b512719af58e7c736e652cc715e58d7babaf49","sha256":"688e10f31211e08965ba91cd086af8d41506071f1f6004f34368026b5c586a6d","sha512":"a1f4ff8c546016dae4d225df0b44aec6a6abae7af8dea486b9dbd316994e790457acecd21abc365cd330a1f8815255827e2c451637bd3a357acf562fe5398150","ssdeep":"384:Gni0iAJNgVGVhbgVGZhqgVGUhHjK2yh8ekc:GiCJN2Ob2Qq23Hvy8rc","tlshash":"d472963764a6272d0513dc141b256f6ed181d53ac46b36e848e76b21c7e7f838fe228e","first_seen":"2026-01-04T04:57:46.019935Z","last_seen":"2026-01-04T04:57:46.019935Z","times_seen":1,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":77,"dns":0,"connect":7,"send":0,"wait":132,"receive":1,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/munin/a/tr/answercheck/yes?domain=1upfun.com\u0026caf=1\u0026toggle=answercheck\u0026answer=yes\u0026uid=MTc2NzUwMjY0Mi4zMjYxOjdlMTExZTI0NDFjZjEzOTkzMDU3NGM4Yzg2NjBkNDAzZGQ3YWMxNTU2ODgxOGQ3ZDIwOTE4OGQwOWZjZDYxNGE6Njk1OWYzMzI0ZmEwNA%3D%3D","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.667Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /munin/a/tr/answercheck/yes?domain=1upfun.com\u0026caf=1\u0026toggle=answercheck\u0026answer=yes\u0026uid=MTc2NzUwMjY0Mi4zMjYxOjdlMTExZTI0NDFjZjEzOTkzMDU3NGM4Yzg2NjBkNDAzZGQ3YWMxNTU2ODgxOGQ3ZDIwOTE4OGQwOWZjZDYxNGE6Njk1OWYzMzI0ZmEwNA%3D%3D HTTP/1.1\r\nHost: ww12.1upfun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416\r\nCookie: _cq_duid=1.1767502643.i2GfKPt9YaeLjiL9; _cq_suid=1.1767502643.1kIFg1utsnGq84JB\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 04 Jan 2026 04:57:23 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile\r\nAccept-Ch-Lifetime: 30\r\nAccess-Control-Allow-Origin: *\r\nVia: 0.0 Caddy\r\nX-Custom-Track: answercheck\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126ce9c235e8418e9e9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674ed1878c567a6c48ab2c2155d233de6b9107625424c056535d615159c1b9394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7e43720058f18c2b687b05a6f24a7089abf02ac2b35970192caaa7f4919971e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b0606db6915124b89da56adc59a259bdc15b9b1bc6ce7fc02e70d2c073d56c96d5b9a589bae14b28a479b7edfc780565edd16790b44bbb131005d6595b83c2cd88c7fbc5689b64908eb28b69e3703b6cd72a79c4cedf0e2690b033872ca7dd0d9637f72d0c0b43cf76e75b9287be78bc8028d71bf7cf849b27c0194567bd065470785858c0a268f60a96ca8a2ba69569bfdf6ed481e5f87683b5f55c6379c8a71e48d8a3025f01e2e7ef38b63088b44ef3f279e30ffc68c00d906d83ba36d50735f8bcc4344c633956744f2543b8eb9e71c01ea50712512393b54fdf9a1010faa4c2bbbe64def0e7f481e4b2f24d4b20e64184b6457384426407ca645c7570eb7daf7774def99526d334c52f99aa32ccbf0b9e7e0f2326067f0dc5c2938d471b11937114c0af83e2ccc341198cf3f824c2dd7969d9cc133b6ffe94d95427b3249b5ec46395689a579f8b4d8ffb3ae6e1fac0845526aab96f718864a793b1ac109b69341403906b5d29c2e204deea7c93ebcf9902bad383451c2b55fc7dfd17a03edf9d7bd4761a334b3a616db50bcad04f0aea3e84feaa6bbb9a1ad52b2dbd1b7e308dbc844848e470f58e12d21b234017ed292683b3c52896027c888f12a1dfdff79c509a0017301ff26b370ddfc35d4eb03cfbec9e6edc86ae1c5761a368281416905403a48be41911906276d38b95189f81a8c5583ea861f8156053cc4d237bc9c24605d290f1dcbcf74fbd26b437965c81fd5e9bbea37269b8944a94cfe2f191be\u0026cri=JvYLaH7Z98\u0026ts=324\u0026cb=1767502643716","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"3.248.162.96","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126ce9c235e8418e9e9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674ed1878c567a6c48ab2c2155d233de6b9107625424c056535d615159c1b9394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7e43720058f18c2b687b05a6f24a7089abf02ac2b35970192caaa7f4919971e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b0606db6915124b89da56adc59a259bdc15b9b1bc6ce7fc02e70d2c073d56c96d5b9a589bae14b28a479b7edfc780565edd16790b44bbb131005d6595b83c2cd88c7fbc5689b64908eb28b69e3703b6cd72a79c4cedf0e2690b033872ca7dd0d9637f72d0c0b43cf76e75b9287be78bc8028d71bf7cf849b27c0194567bd065470785858c0a268f60a96ca8a2ba69569bfdf6ed481e5f87683b5f55c6379c8a71e48d8a3025f01e2e7ef38b63088b44ef3f279e30ffc68c00d906d83ba36d50735f8bcc4344c633956744f2543b8eb9e71c01ea50712512393b54fdf9a1010faa4c2bbbe64def0e7f481e4b2f24d4b20e64184b6457384426407ca645c7570eb7daf7774def99526d334c52f99aa32ccbf0b9e7e0f2326067f0dc5c2938d471b11937114c0af83e2ccc341198cf3f824c2dd7969d9cc133b6ffe94d95427b3249b5ec46395689a579f8b4d8ffb3ae6e1fac0845526aab96f718864a793b1ac109b69341403906b5d29c2e204deea7c93ebcf9902bad383451c2b55fc7dfd17a03edf9d7bd4761a334b3a616db50bcad04f0aea3e84feaa6bbb9a1ad52b2dbd1b7e308dbc844848e470f58e12d21b234017ed292683b3c52896027c888f12a1dfdff79c509a0017301ff26b370ddfc35d4eb03cfbec9e6edc86ae1c5761a368281416905403a48be41911906276d38b95189f81a8c5583ea861f8156053cc4d237bc9c24605d290f1dcbcf74fbd26b437965c81fd5e9bbea37269b8944a94cfe2f191be\u0026cri=JvYLaH7Z98\u0026ts=324\u0026cb=1767502643716 HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nCookie: cg_uuid=7c45afccedfae819f3ba7c4c2de677b1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\ndate: Sun, 04 Jan 2026 04:57:23 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\ncontent-length: 43\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"db04c7b378cb2db912c3ba8a5a774ee3","sha1":"dee34bd86c3484d31002182aa2b7caa4699126b8","sha256":"98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a","sha512":"826225fc21717d8861a05b9d2f959539aad2d2b131b2afed75d88fbca535e1b0d5a0da8ac69713a0876a0d467848a37a0a7f926aeafad8cf28201382d16466ab","ssdeep":"","tlshash":"6490000bca888002caa2c0302b8883022b88b0320228832e80bc30a8ee3b3a20c02000","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-04T01:31:34.591188Z","times_seen":355171,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2.js","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:52 GMT","end":"Wed, 25 Feb 2026 15:59:51 GMT"},"fingerprint":{"sha1":"E4:25:76:F6:C4:FB:46:FE:7A:37:E5:D8:E5:14:75:A2:B3:75:D2:9B","sha256":"34:44:B0:C8:96:F4:D4:42:DB:58:BD:4B:C9:72:0A:E2:31:20:B1:87:B3:2A:DD:E7:6B:62:AA:AB:58:B6:92:89"}}},"request":{"raw":"GET /sodar/sodar2.js HTTP/1.1\r\nHost: ep2.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"adspam-signals-scs\"\r\nreport-to: {\"group\":\"adspam-signals-scs\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs\"}]}\r\ncontent-length: 7188\r\ndate: Sun, 04 Jan 2026 04:57:23 GMT\r\nexpires: Sun, 04 Jan 2026 04:57:23 GMT\r\ncache-control: private, max-age=3000\r\netag: \"1747411493688989\"\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19990,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (1398)","md5":"a8fe3ea2f81e289e6b14222e898086c5","sha1":"0e9a1227955675736e02c596906bee72bc33d7d6","sha256":"a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623","sha512":"3bd99998aa1b5d7543775769952adc52809f861ca023b6daadf6b7d23411411a6a9470d98c7b8543573e9a6047a24e14b5feaf45e14a22d98e64d0f019718670","ssdeep":"384:dxSMqC/d0d0lxDKyqdeWFy3Wxy9cT4nGllKnnk0TEYRWjfJtncu:i0qKlYyqdeWk3Z9w4G+tFWjfJtnZ","tlshash":"8892c6cab6d2f4624363b9b1a13f100ff13eaca9d84c5464a084e4e0bd759a94367f7c","first_seen":"2025-05-19T23:59:48.474751Z","last_seen":"2026-02-26T18:27:55.354921Z","times_seen":175417,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":33,"dns":1,"connect":8,"send":0,"wait":18,"receive":1,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2/237/runner.html","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:24.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:52 GMT","end":"Wed, 25 Feb 2026 15:59:51 GMT"},"fingerprint":{"sha1":"E4:25:76:F6:C4:FB:46:FE:7A:37:E5:D8:E5:14:75:A2:B3:75:D2:9B","sha256":"34:44:B0:C8:96:F4:D4:42:DB:58:BD:4B:C9:72:0A:E2:31:20:B1:87:B3:2A:DD:E7:6B:62:AA:AB:58:B6:92:89"}}},"request":{"raw":"GET /sodar/sodar2/237/runner.html HTTP/1.1\r\nHost: ep2.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"adspam-signals-scs\"\r\nreport-to: {\"group\":\"adspam-signals-scs\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs\"}]}\r\ncontent-length: 5044\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 04 Jan 2026 04:10:07 GMT\r\nexpires: Sun, 04 Jan 2026 05:00:07 GMT\r\ncache-control: public, max-age=3000\r\nage: 2837\r\nlast-modified: Tue, 13 May 2025 23:17:50 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2024)","md5":"0120a1d624ff8fc3ec792d93a7133947","sha1":"1e3bd23df78ff2c60b187b40a0c6505be9ab889f","sha256":"14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966","sha512":"84286e299ebc6690ee904b5581cd6aaf6b59d06200b61156923301484d1b75fa517894167c4f4777553ba09c840a2d74a723e3ff112448f00514d910dfd172c5","ssdeep":"192:pl/6xS2OASROqI3wgh5MXDc9EAOaK3qzfaGDCiMgIcTa1mx:rz2NQJIVsTiMH3qzfcOIr1mx","tlshash":"4842a7ccbad2b0210353b4f1a13f400ff13ea8aae44c9954b181e8e17cb56a94667f7d","first_seen":"2025-05-19T23:59:48.478548Z","last_seen":"2026-02-26T18:27:55.136579Z","times_seen":169945,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"3.248.162.96","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:26.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1797\r\nOrigin: http://ww12.1upfun.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nCookie: cg_uuid=7c45afccedfae819f3ba7c4c2de677b1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1797,"data":"e=37dfbd8ee84e00126ce9c235e8418e9e9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674ed1878c567a6c48ab2c2155d233de6b9107625424c056535d615159c1b9394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7e43720058f18c2b687b05a6f24a7089abf02ac2b35970192caaa7f4919971e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b0606db6915124b89da56adc59a259bdc15b9b1bc6ce7fc02e70d2c073d56c96d5b9a589bae14b28a479b7edfc780565edd16790b44bbb131005d6595b83c2cd88c7fbc5689b64908eb28b69e3703b6cd72a79c4cedf0e2690b033872ca7dd0d9637f72d0c0b43cf76e75b9287be78bc8028d71bf7cf849b27c0194567bd065470785858c0a268f60a96ca8a2ba69569bfdf6ed481e5f87683b5f55c6379c8a71e48d8a3025f01e2e7ef38b63088b44ef3f279e30ffc68c00d906d83ba36d50735f8bcc4344c633956744f2543b8eb9e71c01ea50712512393b54fdf9a1010faa4c2bbbe64def0e7f481e4b2f24d4b20e64184b6457384426407ca645c7570eb7daf7774def99526d334c52f99aa32ccbf0b9e7e0f2326067f0dc5c2938d471b11937114c0af83e2ccc341198cf3f824c2dd7969d9cc133b6ffe94d95427b3249b5ec46395689a579f8b4d8ffb3ae6e1fac0845526aab96f718864a793b1ac109b69341403906b5d29c2e204deea7c93ebcf9902bad383451c2b55fc7dfd17a03edf9d7bd4761a334b3a616db50bcad04f0aea3e84feaa6bbb9a1ad52b2dbd1b7e308dbc844848e470f58e12d21b234017ed292683b3c52896027c888f12a1dfdff79c509a0017301ff26b370ddfc35d4eb03cfbec9e6edc86ae1c5761a368281416905403a48be41911906276d38b95189f81a8c5583ea861f8156053cc4d237bc9c24605d290f1dcbcf74fbd77\u0026cri=JvYLaH7Z98\u0026sf=0\u0026dc=\u0026cp=3\u0026gtm=-\u0026gac=-\u0026uvid=6eeb65b5d56de95c422b13d168524f25611def5c\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=3004\u0026mo=0\u0026pn=4493\u0026spn=1488\u0026fp=665\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww12.1upfun.com\r\ncontent-type: application/json\r\ndate: Sun, 04 Jan 2026 04:57:26 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph\u0026output=uds_ads_only\u0026zx=6jp6zd1w0dst\u0026cd_fexp=72717108\u0026aqid=M_NZae_VEsXMjuwPiLH6uAg\u0026psid=5837883959\u0026pbt=bv\u0026adbx=375\u0026adby=132\u0026adbh=387\u0026adbw=530\u0026adbah=120%2C120%2C120\u0026adbn=master-1\u0026eawp=partner-dp-teaminternet09_3ph\u0026errv=842209568\u0026csala=6%7C0%7C341%7C56%7C158\u0026lle=0\u0026ifv=1\u0026hpt=1","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:25.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:55 GMT","end":"Wed, 25 Feb 2026 15:59:54 GMT"},"fingerprint":{"sha1":"E1:2F:78:B9:70:56:82:55:8F:41:90:B0:9A:C0:C3:0F:E6:89:5E:9A","sha256":"65:E4:E5:2E:71:67:66:D0:0B:50:31:80:5A:C3:63:4C:C6:F8:8D:BF:5C:0C:3A:82:A6:17:4B:BB:C8:ED:DA:8D"}}},"request":{"raw":"GET /afs/gen_204?client=dp-teaminternet09_3ph\u0026output=uds_ads_only\u0026zx=6jp6zd1w0dst\u0026cd_fexp=72717108\u0026aqid=M_NZae_VEsXMjuwPiLH6uAg\u0026psid=5837883959\u0026pbt=bv\u0026adbx=375\u0026adby=132\u0026adbh=387\u0026adbw=530\u0026adbah=120%2C120%2C120\u0026adbn=master-1\u0026eawp=partner-dp-teaminternet09_3ph\u0026errv=842209568\u0026csala=6%7C0%7C341%7C56%7C158\u0026lle=0\u0026ifv=1\u0026hpt=1 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-K8pm_boRnMCRzIZ9Um0uWw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ndate: Sun, 04 Jan 2026 04:57:25 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T04:57:22.241Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416 HTTP/1.1\r\nHost: ww12.1upfun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 04 Jan 2026 04:57:22 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile\r\nAccept-Ch-Lifetime: 30\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nVia: 0.0 Caddy\r\nX-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_VyVoeq+dPVXjsDEZ6UN9U99hKv7u8GNbu0uUP/l+yDiyNimvdZL+xbFKfxEiQW4cgP5QKYGNlDy2TURd5UNK8w==\r\nX-Buckets: bucket011\r\nX-Domain: 1upfun.com\r\nX-Language: norwegian\r\nX-Pcrew-Blocked-Reason: hosting network\r\nX-Pcrew-Ip-Organization: Blix Solutions\r\nX-Subdomain: ww12\r\nX-Template: tpl_CleanPeppermintBlack_twoclick\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17872,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (9290)","md5":"e21c58f5213e8d76508a8286a3812ed6","sha1":"27860092c8148dcd527639ed768ef5e85ac1a2fc","sha256":"9bf2426a1b215db24e82fedf367a990bf0b99d97a32817859d24117fd6ffe9d3","sha512":"12c41e717bf4425ac14ea98cbd7a0435d7a50c8d84fb4e0eb286568a53a6add5cbd4cb969955fc52b6bcdcdca20274cd166f8d17b2d5c9677fee6fc1316d7ef6","ssdeep":"384:TimYoHMfOKhWpvgVG/EM9A2V/HeDVcqTEZ9eKD5qb9TNgVG6gVG5pim/p6:TiMMfCv2S9B/HSVcqTEZ9eKD5SJN2N2b","tlshash":"9c8209a35cd3183a19ef501dca76f50ab49df2178a16ec64f88d93a02f84a4dc521bbd","first_seen":"2026-01-04T04:57:46.025974Z","last_seen":"2026-01-04T04:57:46.025974Z","times_seen":1,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":32,"dns":1,"connect":31,"send":0,"wait":87,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/munin/a/tr/browserjs?domain=1upfun.com\u0026toggle=browserjs\u0026uid=MTc2NzUwMjY0Mi4zMjYxOjdlMTExZTI0NDFjZjEzOTkzMDU3NGM4Yzg2NjBkNDAzZGQ3YWMxNTU2ODgxOGQ3ZDIwOTE4OGQwOWZjZDYxNGE6Njk1OWYzMzI0ZmEwNA%3D%3D","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:22.839Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /munin/a/tr/browserjs?domain=1upfun.com\u0026toggle=browserjs\u0026uid=MTc2NzUwMjY0Mi4zMjYxOjdlMTExZTI0NDFjZjEzOTkzMDU3NGM4Yzg2NjBkNDAzZGQ3YWMxNTU2ODgxOGQ3ZDIwOTE4OGQwOWZjZDYxNGE6Njk1OWYzMzI0ZmEwNA%3D%3D HTTP/1.1\r\nHost: ww12.1upfun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 04 Jan 2026 04:57:22 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile\r\nAccept-Ch-Lifetime: 30\r\nAccess-Control-Allow-Origin: *\r\nVia: 0.0 Caddy\r\nX-Custom-Track: browserjs\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.1upfun.com/favicon.ico","fqdn":"www.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.1upfun.com/","date":"2026-01-04T04:57:17.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1upfun.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:10:02 GMT","end":"Wed, 28 Jan 2026 00:10:01 GMT"},"fingerprint":{"sha1":"12:71:05:12:D5:1C:7B:67:68:AE:33:99:FD:A0:B1:87:3D:CD:6E:97","sha256":"54:91:1D:B5:97:1F:B2:E1:90:E0:60:A8:9A:A3:D2:2E:2B:FE:E9:48:CA:15:B2:AE:3A:D2:58:BB:58:0D:F9:A1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.1upfun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.1upfun.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.1upfun.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T04:57:19.001Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416 HTTP/1.1\r\nHost: ww12.1upfun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww12.1upfun.com/chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.hy9hqXIpL-2-_mxGi0lPSlEs05Hp2ZkHgTtpH01XLehuDVbFz0ky2w.sl4bKErkOkboCERlTDtLJw.VmtP5hWqizUDnzQH_JNFu9U3InpSOUotrhOMAz5iyWZbZyrBBqb1XdbqPij2Ykpzn0xwnYmdVRpr3Xf8ZolPu9LTVxsTZ5f-OvmQdWPrTaOSWnOr1nqTLr7Rb1I2fxZH-tuJ1aT8F_RcMqwwbnYH9v0xoG2eif6ChPi2lWBCOp3Uz8C4bFcU4kGGn6sj-HS3.7hEZnqqrhsVMp_Jt3MF8lw\u0026t=6959f332\u0026token=6eeb65b5d56de95c422b13d168524f25611def5c","fqdn":"ww12.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:22.879Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.hy9hqXIpL-2-_mxGi0lPSlEs05Hp2ZkHgTtpH01XLehuDVbFz0ky2w.sl4bKErkOkboCERlTDtLJw.VmtP5hWqizUDnzQH_JNFu9U3InpSOUotrhOMAz5iyWZbZyrBBqb1XdbqPij2Ykpzn0xwnYmdVRpr3Xf8ZolPu9LTVxsTZ5f-OvmQdWPrTaOSWnOr1nqTLr7Rb1I2fxZH-tuJ1aT8F_RcMqwwbnYH9v0xoG2eif6ChPi2lWBCOp3Uz8C4bFcU4kGGn6sj-HS3.7hEZnqqrhsVMp_Jt3MF8lw\u0026t=6959f332\u0026token=6eeb65b5d56de95c422b13d168524f25611def5c HTTP/1.1\r\nHost: ww12.1upfun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Sun, 04 Jan 2026 04:57:22 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"9fe3cb2b7313dc79bb477bc8fde184a7","sha1":"4d7b3cb41e90618358d0ee066c45c76227a13747","sha256":"32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864","sha512":"c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db","ssdeep":"","tlshash":"2cc08c26351e2c0c96a322b402c36a50d092c3304c5a19004600420371c31168ac3315","first_seen":"2023-04-05T07:27:09Z","last_seen":"2026-04-04T01:31:34.593348Z","times_seen":75079,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"ww12.1upfun.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026adsdeli=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.196","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.014Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /adsense/domains/caf.js?abp=1\u0026adsdeli=true HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Type: text/javascript; charset=UTF-8\r\nCross-Origin-Resource-Policy: cross-origin\r\nCross-Origin-Opener-Policy: same-origin; report-to=\"ads-afs-ui\"\r\nReport-To: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\nDate: Sun, 04 Jan 2026 04:57:23 GMT\r\nExpires: Sun, 04 Jan 2026 04:57:23 GMT\r\nCache-Control: private, max-age=3600\r\nETag: \"6022745352614002532\"\r\nX-Content-Type-Options: nosniff\r\nLink: \u003chttps://syndicatedsearch.goog\u003e; rel=\"preconnect\"\r\nContent-Encoding: gzip\r\nTransfer-Encoding: chunked\r\nServer: sffe\r\nX-XSS-Protection: 0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":134027,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2840)","md5":"d2ca6e885b75d0ff0060fec9957ae1ab","sha1":"e70754db262451174bb1bc69b1d75e1e2a90e59a","sha256":"7b786ae59fb8e4f9f2cbca281705651e1bc064d921b9b2d9d5f35db679b162a2","sha512":"64cab43f1ee9eb94c57bd5758ce7e8af3f097f670751506068dc7e9e9e78eb4694d222a3eea00d5ed98c0febed38a6e0f7bb25bf10fe95210cf1a25e53f46771","ssdeep":"1536:pzL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:YuydkXiR5zzTq+bxpD3ZV4T","tlshash":"72d33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","first_seen":"2025-12-11T16:41:57.082479Z","last_seen":"2026-01-07T19:31:18.868862Z","times_seen":14513,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":21,"dns":1,"connect":21,"send":0,"wait":33,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png","fqdn":"d38psrni17bvxu.cloudfront.net","domain":"d38psrni17bvxu.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.192.209.209","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.017Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1\r\nHost: d38psrni17bvxu.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/png\r\nContent-Length: 11375\r\nConnection: keep-alive\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:45:03 GMT\r\nAccept-Ranges: bytes\r\nLast-Modified: Thu, 28 Aug 2025 17:42:07 GMT\r\nETag: \"dce8vhowlwqm8rz\"\r\nVary: Accept-Encoding\r\nX-Cache: Hit from cloudfront\r\nVia: 1.1 62e740a3ccdabe7c6d3d19052f330dca.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: Dvl71K_zsLGCML3Xv0a5RRD-nVK8JTfi-Ov-ChDyMnf6foRfllmmtw==\r\nAge: 40340\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":11375,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1500 x 600, 8-bit colormap, non-interlaced","md5":"0cb2e5165dc9324eb462199f04e1ffa9","sha1":"9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8","sha256":"67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865","sha512":"7a285c4a87b9f9093b7ba720d8fe08e0ad7e2ebde9ef8c8d11b70afa08245af8f8a7281c7b3fbe8bad21c3afde4f32634d3bd416822892aa47ba82c12f4b8191","ssdeep":"192:Wg3JLNIdFb540f7mqTiLHrBjcCTN1MbaJD/RBse6ogkORdLv2Ha/:vD4N54IsHVjdN1tD7lODL/","tlshash":"94329f86e207c9addc119cb16bd8e9384c673cc3c66925b748987669e4bb80475f049f","first_seen":"2023-04-05T14:20:44Z","last_seen":"2026-04-02T01:33:43.563834Z","times_seen":205145,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":24,"connect":1,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/adsense/domains/caf.js","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://syndicatedsearch.goog/afs/ads?sjk=4KPFb4D2SyyPylKQops3Eg%3D%3D\u0026adtest=off\u0026psid=5837883959\u0026pcsa=false\u0026channel=000001%2Cbucket011\u0026client=dp-teaminternet09_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww12.1upfun.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.ntL52JHxANVjOfeRPMUBuRA-LlqXLeeyQMEcdEKmhpynJARvQqeIqg.y3m_PG_NRxjAE_7EuYQq5A.FbE7E5RczdhAorVNN-3bU-QT5MBkCdhioqIjfD5OaMfR-4enwX0R6lmhSIbA0Jr-Z5mpvsuRYgy-g9h5GQ_PO3P8DeWBDpMlbH3Ca_lb4ME-53VdA6VYfiG_IZZWeZt2We2Iq89jRP-xhXH79nGx51gTKak_DyDgvgQK9kJ46e11J-BcLFRuPACTpnYV-5a8E3uHdRN85fmru_WzvZno2JCnN6n4nNTDlO-u-bZRWP7Zk0SOdljoJtepbcjedy2DMrzNCLUKCt5oybRI5RmsB-4HdGFw9PfqOcVZBUMdjhBIjbOaWKHaG3HFHnpif3R3ghEYJIByNLoICfVfQRD7i8yD07vqBqDU8vb6S47zQutuNJeksijwwuh3NhGQh7h6YNixx_yQukYeqwDmeFPLXobv-SEqQ_IjFWbAdj-ArYijlzYX2pPJ0SVV-ltGlfk2s7TDFDKnt0rMOMj6s7dxTxVJkIX9EqW5bEqhSV1BTO1FwdibIjlyZyOTiF3d3UBPWctZmJIB3eG5DY9ONFeQAvsIXAue-sKAaLwgk5RJZ3bu-ZOllPYL36ec-XGLGQV7RBlLHYXjPg3AIMfwSyEzztTOdyYFILWOjkMkEIqqKzo.G6t7jl0r_f1leCSweOKYPw\u0026type=3\u0026swp=as-drid-2733393318609526\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717108\u0026format=r3%7Cs\u0026nocache=9321767502643159\u0026num=0\u0026output=afd_ads\u0026domain_name=ww12.1upfun.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=3\u0026u_tz=0\u0026dt=1767502643161\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=760\u0026frm=0\u0026uio=--\u0026cont=tc\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww12.1upfun.com%2F%3Fusid%3D104%26utid%3D967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:55 GMT","end":"Wed, 25 Feb 2026 15:59:54 GMT"},"fingerprint":{"sha1":"E1:2F:78:B9:70:56:82:55:8F:41:90:B0:9A:C0:C3:0F:E6:89:5E:9A","sha256":"65:E4:E5:2E:71:67:66:D0:0B:50:31:80:5A:C3:63:4C:C6:F8:8D:BF:5C:0C:3A:82:A6:17:4B:BB:C8:ED:DA:8D"}}},"request":{"raw":"GET /adsense/domains/caf.js HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Sun, 04 Jan 2026 04:57:23 GMT\r\nexpires: Sun, 04 Jan 2026 04:57:23 GMT\r\ncache-control: private, max-age=3600\r\netag: \"15781381272028092416\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://syndicatedsearch.goog\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":134043,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2840)","md5":"f00d4af2ff93432bab783a45f0491b73","sha1":"b455c722bb44aaf7409d10b5c08e620017ac8aed","sha256":"b7dd5d1f9fb9e43930c47cbc407306b14d0d6b37624d364a47149fb7b2552303","sha512":"08e63c56e98c4249b23a35bc7bf5a774b8ff5d9e38be6283a5cba1538be40158da7fde7792eb570945e2e99c8e745bc277048d62ed26322b3154c329e4ea1622","ssdeep":"1536:szL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:3uydkXiR5zzTq+bxpD3ZV4T","tlshash":"f7d33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","first_seen":"2025-12-10T15:33:56.916944Z","last_seen":"2026-01-07T19:06:32.931594Z","times_seen":6309,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.1upfun.com/","fqdn":"www.1upfun.com","domain":"1upfun.com","tld":"com"},"ip":{"addr":"172.233.219.123","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T04:57:16.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1upfun.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:10:02 GMT","end":"Wed, 28 Jan 2026 00:10:01 GMT"},"fingerprint":{"sha1":"12:71:05:12:D5:1C:7B:67:68:AE:33:99:FD:A0:B1:87:3D:CD:6E:97","sha256":"54:91:1D:B5:97:1F:B2:E1:90:E0:60:A8:9A:A3:D2:2E:2B:FE:E9:48:CA:15:B2:AE:3A:D2:58:BB:58:0D:F9:A1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.1upfun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 04 Jan 2026 04:57:17 GMT\r\ncontent-type: text/html\r\ncache-control: no-store, max-age=0\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64\r\npermissions-policy: ch-ua=(self \"https://*.parklogic.com\"), ch-ua-arch=(self \"https://*.parklogic.com\"), ch-ua-bitness=(self \"https://*.parklogic.com\"), ch-ua-full-version=(self \"https://*.parklogic.com\"), ch-ua-full-version-list=(self \"https://*.parklogic.com\"), ch-ua-mobile=(self \"https://*.parklogic.com\"), ch-ua-model=(self \"https://*.parklogic.com\"), ch-ua-platform=(self \"https://*.parklogic.com\"), ch-ua-platform-version=(self \"https://*.parklogic.com\"), ch-ua-wow64=(self \"https://*.parklogic.com\")\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":4398,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (4398), with no line terminators","md5":"afbecec727f500849a54083a20ba337f","sha1":"064700514c6681b43b889219484be41d945946ad","sha256":"2ea835a7548f292d15fe0cce01d598ea2e62350973d4c7cea1435cc82982d59a","sha512":"7cdf2b552aca36a2319ae4bfcea18b80cad820c836b7cfe64dfa9b4d6d65ed08aa4273b95b2ba7fe9ed8d05e4e830c3f07c023efcda6291312139b1a6dd4bd65","ssdeep":"96:nItDJYtoAJS8ffKH1NPIX4rDIcQ0ucq4o5nZknjHS5I7BmaL:IVJYtoA1ffqzr/IcQ0ybknGmoaL","tlshash":"5c910a76b782703d9bf510eaa47f6b18763f9201340b4073e7a9fcd13c20a5a5096f8a","first_seen":"2026-01-04T04:57:46.032259Z","last_seen":"2026-01-04T04:57:46.032259Z","times_seen":1,"resource_available":false,"data":null}},"time_used":635,"timings":{"blocked":265,"dns":39,"connect":106,"send":0,"wait":106,"receive":0,"ssl":116},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.1upfun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.1upfun.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"euob.youstarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js","fqdn":"euob.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:22.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 18 May 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:29:53:45:CD:1F:37:FB:0A:5B:EE:BA:2B:10:20:63:7D:EE:AB:EB","sha256":"2F:1E:65:36:AB:FD:A7:A0:E2:EF:4F:B3:C2:81:B9:D4:40:D5:97:BE:7F:28:61:2C:32:1D:24:77:4B:21:66:37"}}},"request":{"raw":"GET /sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js HTTP/1.1\r\nHost: euob.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 44280\r\ncontent-encoding: gzip\r\nserver: Caddy\r\netag: \"1d43c-wQYUO2RTFNKsOEgFaNY5b5Iaq8s\"\r\ncache-control: max-age=43200\r\ndate: Sun, 04 Jan 2026 01:56:51 GMT\r\nexpires: Sun, 04 Jan 2026 13:56:51 GMT\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 7lZbud9SZjEWwU8qua3_8C34fO6DjQRPB9HsUhRGk0cqztPgC1pmuQ==\r\nage: 10831\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":119868,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"data","md5":"8029362628da964c8180dcd7ce5dee64","sha1":"c106143b645314d2ac38480568d6396f921aabcb","sha256":"4413059d59ca7cca178af3bbbc46eefc5a1e9f6f79fb54d475c308be87309d60","sha512":"215441c90181b9f91c827e1ce2c6eba4fbca697e409e9c0333a97ddca78a309e5eec907c8b357a7b6e0d7611a4b55dc55c8d9e5a4390ddc1edb0bd6de9ce0b02","ssdeep":"1536:Qu5y/b5E0bwM7sIo8L0SUs8LonlEzsjxM96nhXxwcTkYtsdlBnFIUtY0PVEWm/5c:QuQb7O8hzjnhGdhtNP8/kLP/VVZF","tlshash":"3cc3d79db2e27025439334a5157f410ae27b5e503c4b8294d27ee9d4ac7ce8e817bfac","first_seen":"2025-11-17T13:15:00.257414Z","last_seen":"2026-01-07T13:44:42.282578Z","times_seen":17041,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":9,"dns":1,"connect":1,"send":0,"wait":2,"receive":2,"ssl":7},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"euob.youstarsbuilding.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.74.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://syndicatedsearch.goog/afs/ads?sjk=4KPFb4D2SyyPylKQops3Eg%3D%3D\u0026adtest=off\u0026psid=5837883959\u0026pcsa=false\u0026channel=000001%2Cbucket011\u0026client=dp-teaminternet09_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww12.1upfun.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.ntL52JHxANVjOfeRPMUBuRA-LlqXLeeyQMEcdEKmhpynJARvQqeIqg.y3m_PG_NRxjAE_7EuYQq5A.FbE7E5RczdhAorVNN-3bU-QT5MBkCdhioqIjfD5OaMfR-4enwX0R6lmhSIbA0Jr-Z5mpvsuRYgy-g9h5GQ_PO3P8DeWBDpMlbH3Ca_lb4ME-53VdA6VYfiG_IZZWeZt2We2Iq89jRP-xhXH79nGx51gTKak_DyDgvgQK9kJ46e11J-BcLFRuPACTpnYV-5a8E3uHdRN85fmru_WzvZno2JCnN6n4nNTDlO-u-bZRWP7Zk0SOdljoJtepbcjedy2DMrzNCLUKCt5oybRI5RmsB-4HdGFw9PfqOcVZBUMdjhBIjbOaWKHaG3HFHnpif3R3ghEYJIByNLoICfVfQRD7i8yD07vqBqDU8vb6S47zQutuNJeksijwwuh3NhGQh7h6YNixx_yQukYeqwDmeFPLXobv-SEqQ_IjFWbAdj-ArYijlzYX2pPJ0SVV-ltGlfk2s7TDFDKnt0rMOMj6s7dxTxVJkIX9EqW5bEqhSV1BTO1FwdibIjlyZyOTiF3d3UBPWctZmJIB3eG5DY9ONFeQAvsIXAue-sKAaLwgk5RJZ3bu-ZOllPYL36ec-XGLGQV7RBlLHYXjPg3AIMfwSyEzztTOdyYFILWOjkMkEIqqKzo.G6t7jl0r_f1leCSweOKYPw\u0026type=3\u0026swp=as-drid-2733393318609526\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717108\u0026format=r3%7Cs\u0026nocache=9321767502643159\u0026num=0\u0026output=afd_ads\u0026domain_name=ww12.1upfun.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=3\u0026u_tz=0\u0026dt=1767502643161\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=760\u0026frm=0\u0026uio=--\u0026cont=tc\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww12.1upfun.com%2F%3Fusid%3D104%26utid%3D967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:23.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:52:44 GMT","end":"Wed, 25 Feb 2026 15:52:43 GMT"},"fingerprint":{"sha1":"6A:F0:34:52:EF:16:19:7F:E7:B8:2A:C3:D8:EC:36:27:5F:48:61:31","sha256":"15:AF:19:35:54:71:85:51:A2:01:3A:93:C7:2E:1A:DF:0B:24:9A:C4:A8:2A:59:2F:4B:82:64:81:BB:74:37:D8"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 174\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 03 Jan 2026 13:37:26 GMT\r\nexpires: Sun, 04 Jan 2026 12:37:26 GMT\r\ncache-control: public, max-age=82800\r\nage: 55197\r\nlast-modified: Thu, 02 Nov 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":200,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"11b3089d616633ca6b73b57aa877eeb4","sha1":"07632f63e06b30d9b63c97177d3a8122629bda9b","sha256":"809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1","sha512":"079b0e35b479dfdbe64a987661000f4a034b10688e26f2a5fe6aaa807e81ccc5593d40609b731ab3340e687d83dd08de4b8b1e01cdac9d4523a9f6bb3acfcba0","ssdeep":"","tlshash":"d9d02291c2182d28441e82e0c37c312600fab0a2634c00dcfa80e300b20c9abb861669","first_seen":"2023-04-06T23:53:06Z","last_seen":"2026-04-01T02:57:50.32115Z","times_seen":412182,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":115,"dns":1,"connect":20,"send":0,"wait":21,"receive":0,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.youstarsbuilding.com/mon","fqdn":"obseu.youstarsbuilding.com","domain":"youstarsbuilding.com","tld":"com"},"ip":{"addr":"3.248.162.96","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww12.1upfun.com/?usid=104\u0026utid=967af6e2b2bf1f6adaa240098ff41416","date":"2026-01-04T04:57:28.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.youstarsbuilding.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1D:E0:7A:77:9E:39:3D:B5:85:C1:3D:30:3E:E7:35:C5:FE:D1:7E:38","sha256":"3D:73:19:D6:DC:8A:75:98:72:2D:32:C1:65:DF:5C:3A:0D:71:99:BA:F5:6D:C8:11:D9:E4:02:85:DC:8D:75:25"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.youstarsbuilding.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1797\r\nOrigin: http://ww12.1upfun.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww12.1upfun.com/\r\nCookie: cg_uuid=7c45afccedfae819f3ba7c4c2de677b1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1797,"data":"e=37dfbd8ee84e00126ce9c235e8418e9e9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674ed1878c567a6c48ab2c2155d233de6b9107625424c056535d615159c1b9394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7e43720058f18c2b687b05a6f24a7089abf02ac2b35970192caaa7f4919971e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b0606db6915124b89da56adc59a259bdc15b9b1bc6ce7fc02e70d2c073d56c96d5b9a589bae14b28a479b7edfc780565edd16790b44bbb131005d6595b83c2cd88c7fbc5689b64908eb28b69e3703b6cd72a79c4cedf0e2690b033872ca7dd0d9637f72d0c0b43cf76e75b9287be78bc8028d71bf7cf849b27c0194567bd065470785858c0a268f60a96ca8a2ba69569bfdf6ed481e5f87683b5f55c6379c8a71e48d8a3025f01e2e7ef38b63088b44ef3f279e30ffc68c00d906d83ba36d50735f8bcc4344c633956744f2543b8eb9e71c01ea50712512393b54fdf9a1010faa4c2bbbe64def0e7f481e4b2f24d4b20e64184b6457384426407ca645c7570eb7daf7774def99526d334c52f99aa32ccbf0b9e7e0f2326067f0dc5c2938d471b11937114c0af83e2ccc341198cf3f824c2dd7969d9cc133b6ffe94d95427b3249b5ec46395689a579f8b4d8ffb3ae6e1fac0845526aab96f718864a793b1ac109b69341403906b5d29c2e204deea7c93ebcf9902bad383451c2b55fc7dfd17a03edf9d7bd4761a334b3a616db50bcad04f0aea3e84feaa6bbb9a1ad52b2dbd1b7e308dbc844848e470f58e12d21b234017ed292683b3c52896027c888f12a1dfdff79c509a0017301ff26b370ddfc35d4eb03cfbec9e6edc86ae1c5761a368281416905403a48be41911906276d38b95189f81a8c5583ea861f8156053cc4d237bc9c24605d290f1dcbcf74fbd77\u0026cri=JvYLaH7Z98\u0026sf=0\u0026dc=\u0026cp=5\u0026gtm=-\u0026gac=-\u0026uvid=6eeb65b5d56de95c422b13d168524f25611def5c\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=5006\u0026mo=0\u0026pn=6496\u0026spn=1488\u0026fp=665\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww12.1upfun.com\r\ncontent-type: application/json\r\ndate: Sun, 04 Jan 2026 04:57:28 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}