{"report_id":"e138b9df-6827-463c-ac68-fa67068e1119","version":6,"status":"done","tags":[],"date":"2025-12-22T02:21:22Z","url":{"schema":"http","addr":"ww25.80.usleallster.com/","fqdn":"ww25.80.usleallster.com","domain":"usleallster.com","tld":"com"},"ip":{"addr":"199.59.243.228","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"ww25.80.usleallster.com/","fqdn":"ww25.80.usleallster.com","domain":"usleallster.com","tld":"com"},"title":"usleallster.com","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ww25.80.usleallster.com/","fqdn":"ww25.80.usleallster.com","domain":"usleallster.com","tld":"com"},"ip":{"addr":"199.59.243.228","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-26T02:21:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"ep1.adtrafficquality.google","ip":{"addr":"142.250.178.66","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-11-17","domain_rank":3093,"first_seen":"2024-07-24T04:17:49Z","last_seen":"2025-12-21T22:44:40.280242Z","alert_count":0,"request_count":1,"received_data":11307,"sent_data":545,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ww25.80.usleallster.com","ip":{"addr":"199.59.243.228","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":15,"request_count":5,"received_data":52450,"sent_data":2331,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.com","ip":{"addr":"216.58.207.196","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2025-12-21T22:22:06.545601Z","alert_count":0,"request_count":1,"received_data":134744,"sent_data":449,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ep2.adtrafficquality.google","ip":{"addr":"142.250.178.65","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-11-17","domain_rank":3229,"first_seen":"2024-08-13T12:56:28Z","last_seen":"2025-12-22T00:14:39.212569Z","alert_count":0,"request_count":2,"received_data":34547,"sent_data":1002,"comment":"","tags":null,"fingerprints":null},{"fqdn":"afs.googleusercontent.com","ip":{"addr":"142.250.178.65","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-11-17","domain_rank":65181,"first_seen":"2013-05-06T19:11:00Z","last_seen":"2025-12-21T22:37:28.556139Z","alert_count":0,"request_count":2,"received_data":2046,"sent_data":1006,"comment":"","tags":null,"fingerprints":null},{"fqdn":"syndicatedsearch.goog","ip":{"addr":"142.250.178.110","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-04-14","domain_rank":5365,"first_seen":"2023-09-25T09:30:59Z","last_seen":"2025-12-21T22:31:13.397688Z","alert_count":0,"request_count":4,"received_data":150689,"sent_data":3226,"comment":"","tags":null,"fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2.js","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.250.178.65","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a8fe3ea2f81e289e6b14222e898086c5","sha1":"0e9a1227955675736e02c596906bee72bc33d7d6","sha256":"a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623","sha512":"3bd99998aa1b5d7543775769952adc52809f861ca023b6daadf6b7d23411411a6a9470d98c7b8543573e9a6047a24e14b5feaf45e14a22d98e64d0f019718670","ssdeep":"384:dxSMqC/d0d0lxDKyqdeWFy3Wxy9cT4nGllKnnk0TEYRWjfJtncu:i0qKlYyqdeWk3Z9w4G+tFWjfJtnZ","tlshash":"8892c6cab6d2f4624363b9b1a13f100ff13eaca9d84c5464a084e4e0bd759a94367f7c","size":19990,"data":"","first_seen":"2025-05-19T23:59:48.474751Z","last_seen":"2026-02-26T18:27:55.354921Z","times_seen":175417,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/ads?sjk=A1uLG%2BGPQ6GqLnzUBhljJw%3D%3D\u0026adtest=off\u0026psid=3113057640\u0026pcsa=false\u0026channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol409%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162\u0026client=dp-bodis01_js\u0026r=m\u0026hl=en\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww25.80.usleallster.com%2F%3Fcaf%3D1%26bpt%3D345\u0026type=3\u0026swp=as-drid-2497786236455022\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545\u0026format=r3\u0026nocache=451766370060484\u0026num=0\u0026output=afd_ads\u0026domain_name=ww25.80.usleallster.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1766370060486\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=922\u0026frm=0\u0026uio=-\u0026cont=rs\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww25.80.usleallster.com%2F","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.110","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f49ed93b52ac18fec7e89153fdc24c99","sha1":"6799852b95c96d2c2d8a8fb077b73664a5609604","sha256":"a061781b83775735c70c09afa272f56926a1ca8961b39cf35a892fa0546323fa","sha512":"035fb7164ac0d4cec73128b90b004730e4c9dcfd64e772248134e31b44e18a4881da040437cc6d85891d3f7cc590ca5bc9330445baa2b24359e594d0f9e9c83d","ssdeep":"","tlshash":"e6f059ea18650332c56719258d1f3f9050b96a72228b2680a85fb48e25befdf711d1aa","size":527,"data":"","first_seen":"2025-12-22T02:21:27.737163Z","last_seen":"2025-12-22T02:21:27.737163Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/adsense/domains/caf.js","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.110","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6cb2ae5fef74172bd46fac2076465814","sha1":"8a69280b6ae834ae875865e26a83c782c303f509","sha256":"2b0280579e3a031edcdd4a833827f74797b72ada721b69f148823c048cc3ad56","sha512":"bcbb70e3f933a33bb19e773efe9d4cd7c32e61aafdbc119ae2728c7d8206fe4e420e1d9687cfb9148824d8a3f1f7e79c8a8e17c71dd512b4a6a7d387f296e509","ssdeep":"1536:/zL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:SuydkXiR5zzTq+bxpD3ZV4T","tlshash":"a2d33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","size":134034,"data":"","first_seen":"2025-12-11T16:43:36.5228Z","last_seen":"2026-01-07T19:29:49.170183Z","times_seen":11621,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww25.80.usleallster.com/","fqdn":"ww25.80.usleallster.com","domain":"usleallster.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"63034e54aaf4c8e9226187d9e3e7309c","sha1":"bed271a471dd96448433165af416171310360ea9","sha256":"c6bab8cb977bab428fcd2ec8681a88bcbdf6141bc3ea1dfb7ebe48ff43568bec","sha512":"0d7ce935fce83cb688858527c8eab715bd5f1eccef8550d7c17fa890cbd30764234856dc994a3f1878148a753499bdd9229859636b34cb829e0b14ac19325576","ssdeep":"","tlshash":"f4e07dafad376e29e23331731bab5dec2682847145306d29b6a688b33e0018f5805fc0","size":317,"data":"","first_seen":"2025-12-22T02:21:27.73914Z","last_seen":"2025-12-22T02:21:27.73914Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww25.80.usleallster.com/bjBIWNZfm.js","fqdn":"ww25.80.usleallster.com","domain":"usleallster.com","tld":"com"},"ip":{"addr":"199.59.243.228","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7b1d05cc5eca8a6c34180094d84c832","sha1":"661ebcd47e2646f3735a52a3196e5b748efc26de","sha256":"87c20bfd7711adbf86f6dccefab12e8de11109798020e964ea9e061475421ffc","sha512":"1e51d10e0021edd9c1803738d88c227c16be5186c5c53911c5897a640e505c58526b6dee1366d2d64b54cead7d79a6e60c385353b046536e0d03a486b174987d","ssdeep":"768:TP2y15NVc67n85NdxBB5gPAJOJ3GIqNMalnEE0xNE2X0Ddem+euROgvMzLXWI+6b:jLalnEE0xNEGR+4g","tlshash":"cb134c667ab3d07046e2c9dae9b75215f238315a3006c06cf96cc8cb374e947d63ab79","size":44541,"data":"","first_seen":"2025-12-08T15:49:59.93398Z","last_seen":"2026-01-14T16:48:21.881942Z","times_seen":26829,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026bodis=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.196","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"226d8b922a47d1d01896328ac5f29080","sha1":"228b48495e20d50326164178f4e05c1df4c8e630","sha256":"f95fea007424808c54a06a6bd7a7e0297f46d00d9bdf134afa78245f7e3903fc","sha512":"da97c330d247dab15073920cde860a1491c147eb2ce02a1e917a6ffc6e7b5bbab681395d3a3e394685091a2956ca62a15b2704d32cc5a1d0caae25036c86149c","ssdeep":"1536:MzL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:XuydkXiR5zzTq+bxpD3ZV4T","tlshash":"9bd33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","size":134027,"data":"","first_seen":"2025-12-11T16:42:36.25698Z","last_seen":"2026-01-07T19:22:29.46074Z","times_seen":14588,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"ww25.80.usleallster.com/bjBIWNZfm.js","fqdn":"ww25.80.usleallster.com","domain":"usleallster.com","tld":"com"},"ip":{"addr":"199.59.243.228","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww25.80.usleallster.com/","date":"2025-12-22T02:21:00.094Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /bjBIWNZfm.js HTTP/1.1\r\nHost: ww25.80.usleallster.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww25.80.usleallster.com/\r\nCookie: parking_session=e8c35303-5537-4555-ad0b-066be57d5234\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 22 Dec 2025 02:20:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 44541\r\nx-request-id: cb7344c5-dc53-4a14-9b8a-5004d52a43ff\r\nset-cookie: parking_session=e8c35303-5537-4555-ad0b-066be57d5234; expires=Mon, 22 Dec 2025 02:36:00 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":44541,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (44537)","md5":"c7b1d05cc5eca8a6c34180094d84c832","sha1":"661ebcd47e2646f3735a52a3196e5b748efc26de","sha256":"87c20bfd7711adbf86f6dccefab12e8de11109798020e964ea9e061475421ffc","sha512":"1e51d10e0021edd9c1803738d88c227c16be5186c5c53911c5897a640e505c58526b6dee1366d2d64b54cead7d79a6e60c385353b046536e0d03a486b174987d","ssdeep":"768:TP2y15NVc67n85NdxBB5gPAJOJ3GIqNMalnEE0xNE2X0Ddem+euROgvMzLXWI+6b:jLalnEE0xNEGR+4g","tlshash":"cb134c667ab3d07046e2c9dae9b75215f238315a3006c06cf96cc8cb374e947d63ab79","first_seen":"2025-12-08T15:49:59.93398Z","last_seen":"2026-01-14T16:48:21.881942Z","times_seen":26829,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026bodis=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.196","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww25.80.usleallster.com/","date":"2025-12-22T02:21:00.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:20 GMT","end":"Wed, 25 Feb 2026 15:57:19 GMT"},"fingerprint":{"sha1":"13:5B:80:5A:23:15:61:AE:98:37:1B:0A:3C:F6:E2:BD:63:8E:3B:D6","sha256":"22:03:24:94:F7:E3:5F:66:1B:39:CE:18:75:20:3D:01:AC:FE:93:AA:1A:73:8C:D5:34:98:AB:2B:E5:19:37:12"}}},"request":{"raw":"GET /adsense/domains/caf.js?abp=1\u0026bodis=true HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww25.80.usleallster.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Mon, 22 Dec 2025 02:21:00 GMT\r\nexpires: Mon, 22 Dec 2025 02:21:00 GMT\r\ncache-control: private, max-age=3600\r\netag: \"12987528940678181325\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://syndicatedsearch.goog\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":134027,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2840)","md5":"226d8b922a47d1d01896328ac5f29080","sha1":"228b48495e20d50326164178f4e05c1df4c8e630","sha256":"f95fea007424808c54a06a6bd7a7e0297f46d00d9bdf134afa78245f7e3903fc","sha512":"da97c330d247dab15073920cde860a1491c147eb2ce02a1e917a6ffc6e7b5bbab681395d3a3e394685091a2956ca62a15b2704d32cc5a1d0caae25036c86149c","ssdeep":"1536:MzL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:XuydkXiR5zzTq+bxpD3ZV4T","tlshash":"9bd33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","first_seen":"2025-12-11T16:42:36.25698Z","last_seen":"2026-01-07T19:22:29.46074Z","times_seen":14588,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":126,"dns":1,"connect":21,"send":0,"wait":32,"receive":0,"ssl":103},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2.js","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.250.178.65","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww25.80.usleallster.com/","date":"2025-12-22T02:21:00.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 16:00:04 GMT","end":"Wed, 25 Feb 2026 16:00:03 GMT"},"fingerprint":{"sha1":"3F:6B:79:EB:6A:36:69:37:B8:80:08:17:24:3C:C7:A5:F2:4C:1D:A6","sha256":"C1:88:6A:43:5F:52:63:57:56:27:18:5B:53:42:8D:AC:C0:80:AB:8C:59:0D:49:81:7A:83:6D:01:14:14:78:6E"}}},"request":{"raw":"GET /sodar/sodar2.js HTTP/1.1\r\nHost: ep2.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww25.80.usleallster.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"adspam-signals-scs\"\r\nreport-to: {\"group\":\"adspam-signals-scs\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs\"}]}\r\ncontent-length: 7188\r\ndate: Mon, 22 Dec 2025 02:21:00 GMT\r\nexpires: Mon, 22 Dec 2025 02:21:00 GMT\r\ncache-control: private, max-age=3000\r\netag: \"1747411493688989\"\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19990,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (1398)","md5":"a8fe3ea2f81e289e6b14222e898086c5","sha1":"0e9a1227955675736e02c596906bee72bc33d7d6","sha256":"a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623","sha512":"3bd99998aa1b5d7543775769952adc52809f861ca023b6daadf6b7d23411411a6a9470d98c7b8543573e9a6047a24e14b5feaf45e14a22d98e64d0f019718670","ssdeep":"384:dxSMqC/d0d0lxDKyqdeWFy3Wxy9cT4nGllKnnk0TEYRWjfJtncu:i0qKlYyqdeWk3Z9w4G+tFWjfJtnZ","tlshash":"8892c6cab6d2f4624363b9b1a13f100ff13eaca9d84c5464a084e4e0bd759a94367f7c","first_seen":"2025-05-19T23:59:48.474751Z","last_seen":"2026-02-26T18:27:55.354921Z","times_seen":175417,"resource_available":true,"data":null}},"time_used":190,"timings":{"blocked":74,"dns":1,"connect":28,"send":0,"wait":40,"receive":1,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww25.80.usleallster.com/_tr","fqdn":"ww25.80.usleallster.com","domain":"usleallster.com","tld":"com"},"ip":{"addr":"199.59.243.228","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://ww25.80.usleallster.com/","date":"2025-12-22T02:21:00.989Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /_tr HTTP/1.1\r\nHost: ww25.80.usleallster.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://ww25.80.usleallster.com/\r\nContent-Type: application/json\r\nContent-Length: 1905\r\nOrigin: http://ww25.80.usleallster.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: parking_session=e8c35303-5537-4555-ad0b-066be57d5234\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1905,"data":"{\"signature\":\"UxFdVMwNFNwN0wzODEybVeyJhZF9sb2FkZWRfY2FsbGJhY2siOnsiY29udGFpbmVyTmFtZSI6InJzIiwiYWRzTG9hZGVkIjp0cnVlLCJjYWxsYmFja09wdGlvbnMiOnsiY2FmUmVxdWVzdEFjY2VwdGVkIjp0cnVlLCJjYWZTdGF0dXMiOnsiY2xpZW50IjoicGFydG5lci1kcC1ib2RpczAxX2pzIiwiYWR1bHQiOmZhbHNlfX19LCJhcHBfdmVyc2lvbiI6IjAuOS4zIiwiY2FmX2NsaWVudF9pZCI6InBhcnRuZXItZHAtYm9kaXMwMV9qcyIsImNhZl90aW1lZF9vdXQiOmZhbHNlLCJjYWZfbG9hZGVkX21zIjo1MDcsImNoYW5uZWwiOiJwaWQtYm9kaXMtZ2NvbnRyb2w5NyxwaWQtYm9kaXMtZ2NvbnRyb2wxMDIscGlkLWJvZGlzLWdjb250cm9sNDA5LHBpZC1ib2Rpcy1nY29udHJvbDE1MSxwaWQtYm9kaXMtZ2NvbnRyb2wxNjIiLCJkZXNrdG9wIjp0cnVlLCJ0ZXJtcyI6IiIsImZkX3NlcnZlcl9kYXRldGltZSI6MTc2NjM3MDA2MCwiZmRfc2VydmVyIjoiaXAtMTAtMjAxLTQwLTQ0LmV1LXdlc3QtMS5jb21wdXRlLmludGVybmFsIiwiZmxleF9ydWxlIjp7ImFjdGlvbiI6IiIsImN1c3RvbV9yZWFzb24iOiIiLCJmbGV4X2lkIjowLCJtaXNtYXRjaCI6ZmFsc2V9LCJob3N0Ijoid3cyNS44MC51c2xlYWxsc3Rlci5jb20iLCJpcCI6IjkxLjkwLjQyLjE1NCIsIml2dCI6ZmFsc2UsIm1vYmlsZSI6ZmFsc2UsInBhZ2VfaGVhZGVycyI6e30sInBhZ2VfbG9hZGVkX2NhbGxiYWNrIjp7InJlcXVlc3RBY2NlcHRlZCI6dHJ1ZSwic3RhdHVzIjp7ImNsaWVudCI6InBhcnRuZXItZHAtYm9kaXMwMV9qcyIsImFkdWx0IjpmYWxzZX19LCJwYWdlX21ldGhvZCI6IkdFVCIsInBhZ2VfcmVxdWVzdCI6e30sInBhZ2VfdGltZSI6MTc2NjM3MDA1OSwicGFnZV91cmwiOiJodHRwOi8vd3cyNS44MC51c2xlYWxsc3Rlci5jb20vIiwidGFibGV0IjpmYWxzZSwidGVtcGxhdGVfaWQiOjM0NSwidHlwZSI6InZpc2l0IiwidXNlcl9oYXNfYWRfYmxvY2tlciI6bnVsbCwidXNlcl9pZCI6NzcwMjYsInV1aWQiOiJlOGMzNTMwMy01NTM3LTQ1NTUtYWQwYi0wNjZiZTU3ZDUyMzQiLCJ6ZXJvY2xpY2siOnt9LCJwb3B1cCI6ZmFsc2UsInRpbWV6b25lX29mZnNldCI6MCwidXNlcl9wcmVmZXJlbmNlIjp7ImxvY2FsZSI6ImVuLVVTIiwiY2FsZW5kYXIiOiJncmVnb3J5IiwibnVtYmVyaW5nU3lzdGVtIjoibGF0biIsInRpbWVab25lIjoiVVRDIiwieWVhciI6Im51bWVyaWMiLCJtb250aCI6Im51bWVyaWMiLCJkYXkiOiJudW1lcmljIn0sInVzZXJfdXNpbmdfZGFya21vZGUiOmZhbHNlLCJ1c2VyX3N1cHBvcnRzX2Rhcmttb2RlIjp0cnVlLCJ3aW5kb3dfcmVzb2x1dGlvbiI6eyJ3aWR0aCI6MTI4MCwiaGVpZ2h0IjoxMDI0fSwic2NyZWVuX3Jlc29sdXRpb24iOnsid2lkdGgiOjEyODAsImhlaWdodCI6MTAyNH0sImZyYW1lIjpudWxsfQ==\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 22 Dec 2025 02:21:00 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 2\r\nx-request-id: 7b4e1525-54ff-41f0-8fe6-009fac77eff5\r\nset-cookie: parking_session=e8c35303-5537-4555-ad0b-066be57d5234; expires=Mon, 22 Dec 2025 02:36:01 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-04-06T08:08:45.55455Z","times_seen":391725,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.178.65","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://syndicatedsearch.goog/afs/ads?sjk=A1uLG%2BGPQ6GqLnzUBhljJw%3D%3D\u0026adtest=off\u0026psid=3113057640\u0026pcsa=false\u0026channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol409%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162\u0026client=dp-bodis01_js\u0026r=m\u0026hl=en\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww25.80.usleallster.com%2F%3Fcaf%3D1%26bpt%3D345\u0026type=3\u0026swp=as-drid-2497786236455022\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545\u0026format=r3\u0026nocache=451766370060484\u0026num=0\u0026output=afd_ads\u0026domain_name=ww25.80.usleallster.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1766370060486\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=922\u0026frm=0\u0026uio=-\u0026cont=rs\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww25.80.usleallster.com%2F","date":"2025-12-22T02:21:01.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:55:13 GMT","end":"Wed, 25 Feb 2026 15:55:12 GMT"},"fingerprint":{"sha1":"BB:2F:99:35:46:A5:4F:CD:75:B6:61:A3:99:45:CE:A5:82:7C:6A:A8","sha256":"51:69:A9:50:80:48:79:48:6F:71:8E:9E:DA:41:D6:03:0B:43:22:4D:44:D3:E5:1D:22:C0:85:F4:47:15:19:34"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 174\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 21 Dec 2025 11:01:51 GMT\r\nexpires: Mon, 22 Dec 2025 10:01:51 GMT\r\ncache-control: public, max-age=82800\r\nage: 55150\r\nlast-modified: Thu, 02 Nov 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":200,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d47125b2ba92be53dcff07ba322ce1de","sha1":"e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28","sha256":"5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6","sha512":"78a1bf7547b1c28f600163689161955bc56a621ace3228c9169143be933ccf789fc6106bbf729f2e9483bcaa03271529d3913088094c7fb906b44673e13f1f92","ssdeep":"","tlshash":"72d02291d2286d38441e82e0c37c712200ee70a2230c10ccfa81a700720c8abb8a1668","first_seen":"2023-04-07T07:55:51Z","last_seen":"2026-02-01T02:48:24.72202Z","times_seen":175105,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":100,"dns":2,"connect":28,"send":0,"wait":15,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/gen_204?client=dp-bodis01_js\u0026output=uds_ads_only\u0026zx=4v7pzkvsc11e\u0026cd_fexp=72717107%2C17301545\u0026aqid=DKtIacqiLfigk-oP6oCr2Ag\u0026psid=3113057640\u0026pbt=bs\u0026adbx=290\u0026adby=177.39999389648438\u0026adbh=373\u0026adbw=700\u0026adbah=114%2C114%2C114\u0026adbn=master-1\u0026eawp=partner-dp-bodis01_js\u0026errv=842209568\u0026csala=7%7C0%7C412%7C73%7C8\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.110","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww25.80.usleallster.com/","date":"2025-12-22T02:21:02.485Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 16:00:06 GMT","end":"Wed, 25 Feb 2026 16:00:05 GMT"},"fingerprint":{"sha1":"06:BA:36:2F:71:DB:00:20:7E:63:51:E1:07:B3:C2:09:F9:D3:65:87","sha256":"B7:6A:65:78:FC:51:25:23:3A:6D:B6:59:D6:C1:56:D4:36:21:34:3D:25:55:DA:C7:8E:BB:EF:64:94:1B:50:C7"}}},"request":{"raw":"GET /afs/gen_204?client=dp-bodis01_js\u0026output=uds_ads_only\u0026zx=4v7pzkvsc11e\u0026cd_fexp=72717107%2C17301545\u0026aqid=DKtIacqiLfigk-oP6oCr2Ag\u0026psid=3113057640\u0026pbt=bs\u0026adbx=290\u0026adby=177.39999389648438\u0026adbh=373\u0026adbw=700\u0026adbah=114%2C114%2C114\u0026adbn=master-1\u0026eawp=partner-dp-bodis01_js\u0026errv=842209568\u0026csala=7%7C0%7C412%7C73%7C8\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww25.80.usleallster.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-aVOmg9MjXNZeheUVanKOrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ndate: Mon, 22 Dec 2025 02:21:02 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww25.80.usleallster.com/","fqdn":"ww25.80.usleallster.com","domain":"usleallster.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-22T02:20:59.666Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ww25.80.usleallster.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":226,"timings":{"blocked":0,"dns":144,"connect":1,"send":0,"wait":0,"receive":0,"ssl":79},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/ads?sjk=A1uLG%2BGPQ6GqLnzUBhljJw%3D%3D\u0026adtest=off\u0026psid=3113057640\u0026pcsa=false\u0026channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol409%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162\u0026client=dp-bodis01_js\u0026r=m\u0026hl=en\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww25.80.usleallster.com%2F%3Fcaf%3D1%26bpt%3D345\u0026type=3\u0026swp=as-drid-2497786236455022\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545\u0026format=r3\u0026nocache=451766370060484\u0026num=0\u0026output=afd_ads\u0026domain_name=ww25.80.usleallster.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1766370060486\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=922\u0026frm=0\u0026uio=-\u0026cont=rs\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww25.80.usleallster.com%2F","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.110","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://ww25.80.usleallster.com/","date":"2025-12-22T02:21:00.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 16:00:06 GMT","end":"Wed, 25 Feb 2026 16:00:05 GMT"},"fingerprint":{"sha1":"06:BA:36:2F:71:DB:00:20:7E:63:51:E1:07:B3:C2:09:F9:D3:65:87","sha256":"B7:6A:65:78:FC:51:25:23:3A:6D:B6:59:D6:C1:56:D4:36:21:34:3D:25:55:DA:C7:8E:BB:EF:64:94:1B:50:C7"}}},"request":{"raw":"GET /afs/ads?sjk=A1uLG%2BGPQ6GqLnzUBhljJw%3D%3D\u0026adtest=off\u0026psid=3113057640\u0026pcsa=false\u0026channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol409%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162\u0026client=dp-bodis01_js\u0026r=m\u0026hl=en\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww25.80.usleallster.com%2F%3Fcaf%3D1%26bpt%3D345\u0026type=3\u0026swp=as-drid-2497786236455022\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545\u0026format=r3\u0026nocache=451766370060484\u0026num=0\u0026output=afd_ads\u0026domain_name=ww25.80.usleallster.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1766370060486\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=922\u0026frm=0\u0026uio=-\u0026cont=rs\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww25.80.usleallster.com%2F HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww25.80.usleallster.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-disposition: inline\r\ndate: Mon, 22 Dec 2025 02:21:00 GMT\r\nexpires: Mon, 22 Dec 2025 02:21:00 GMT\r\ncache-control: private, max-age=3600\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-n8o-PRARveTrSjWEY0f9Vg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ncontent-encoding: br\r\nserver: gws\r\ncontent-length: 2866\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":13854,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (13378)","md5":"6c8d911d1decfcad7ae327675afc36ac","sha1":"789cd4c71c598971d14b4aa75d768d2b5d02a559","sha256":"5dbbee48868ff64b4f2eaa22f7845f17ed597848847b8e0a8f65f095d6ee4028","sha512":"8bb072e3e5baf7bb936e4f5b7a91ce192fc61c857292e509dfe83605ced75a532562980811059ce6260796dd506fdbb251d644792071b2a2258d3b8ac570d9a8","ssdeep":"192:GE12iMpgbogm0yXqMcH5Wrjs8idzCjUkx:Gni0dH6r38idRkx","tlshash":"6a5223377062272d1507dc541b296f6dd181d43ac46f36e848a35f26c7ebf828be628e","first_seen":"2025-12-22T02:21:27.724702Z","last_seen":"2025-12-22T02:21:27.724702Z","times_seen":1,"resource_available":false,"data":null}},"time_used":491,"timings":{"blocked":173,"dns":0,"connect":28,"send":0,"wait":146,"receive":0,"ssl":142},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2/237/runner.html","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.250.178.65","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://ww25.80.usleallster.com/","date":"2025-12-22T02:21:00.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 16:00:04 GMT","end":"Wed, 25 Feb 2026 16:00:03 GMT"},"fingerprint":{"sha1":"3F:6B:79:EB:6A:36:69:37:B8:80:08:17:24:3C:C7:A5:F2:4C:1D:A6","sha256":"C1:88:6A:43:5F:52:63:57:56:27:18:5B:53:42:8D:AC:C0:80:AB:8C:59:0D:49:81:7A:83:6D:01:14:14:78:6E"}}},"request":{"raw":"GET /sodar/sodar2/237/runner.html HTTP/1.1\r\nHost: ep2.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww25.80.usleallster.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"adspam-signals-scs\"\r\nreport-to: {\"group\":\"adspam-signals-scs\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs\"}]}\r\ncontent-length: 5044\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 22 Dec 2025 01:34:19 GMT\r\nexpires: Mon, 22 Dec 2025 02:24:19 GMT\r\ncache-control: public, max-age=3000\r\nage: 2801\r\nlast-modified: Tue, 13 May 2025 23:17:50 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2024)","md5":"0120a1d624ff8fc3ec792d93a7133947","sha1":"1e3bd23df78ff2c60b187b40a0c6505be9ab889f","sha256":"14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966","sha512":"84286e299ebc6690ee904b5581cd6aaf6b59d06200b61156923301484d1b75fa517894167c4f4777553ba09c840a2d74a723e3ff112448f00514d910dfd172c5","ssdeep":"192:pl/6xS2OASROqI3wgh5MXDc9EAOaK3qzfaGDCiMgIcTa1mx:rz2NQJIVsTiMH3qzfcOIr1mx","tlshash":"4842a7ccbad2b0210353b4f1a13f400ff13ea8aae44c9954b181e8e17cb56a94667f7d","first_seen":"2025-05-19T23:59:48.478548Z","last_seen":"2026-02-26T18:27:55.136579Z","times_seen":169945,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep1.adtrafficquality.google/getconfig/sodar?sv=200\u0026tid=afs\u0026tv=1234567890\u0026st=env\u0026sjk=A1uLG+GPQ6GqLnzUBhljJw==\u0026sde=1","fqdn":"ep1.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.250.178.66","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww25.80.usleallster.com/","date":"2025-12-22T02:21:00.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 16:00:04 GMT","end":"Wed, 25 Feb 2026 16:00:03 GMT"},"fingerprint":{"sha1":"3F:6B:79:EB:6A:36:69:37:B8:80:08:17:24:3C:C7:A5:F2:4C:1D:A6","sha256":"C1:88:6A:43:5F:52:63:57:56:27:18:5B:53:42:8D:AC:C0:80:AB:8C:59:0D:49:81:7A:83:6D:01:14:14:78:6E"}}},"request":{"raw":"GET /getconfig/sodar?sv=200\u0026tid=afs\u0026tv=1234567890\u0026st=env\u0026sjk=A1uLG+GPQ6GqLnzUBhljJw==\u0026sde=1 HTTP/1.1\r\nHost: ep1.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://ww25.80.usleallster.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww25.80.usleallster.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\ncontent-type: application/json; charset=UTF-8\r\nx-content-type-options: nosniff\r\ncontent-disposition: attachment; filename=\"f.txt\"\r\ncontent-encoding: br\r\ndate: Mon, 22 Dec 2025 02:21:00 GMT\r\nserver: cafe\r\ncontent-length: 8124\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10750,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"8a0611c9ccc1024fbf8331c2a3c352e4","sha1":"df9b102b69bf046c4d4f19066f31a80bdfcd4a02","sha256":"c22758ef18177415f0dbfc6136d994b10e58bc3a735cd81d332544c6c4bc147e","sha512":"5a9b24bb6e34d3f399fea5120f9419edb9e07186d4c44d9ac0101e7e3c04fe199ac78e221380b1be75bc7a2be67d0e5e303d25bfd22b8859d57de18661d64c6e","ssdeep":"192:CP+XZtezgZOSqS51T/sgV23/bqsNe3I74cXX+U1QMJg7Ln6xRUebQ9qfBy6Ibj0f:CPeczg7zs3rsqBv1QMJcLY1baqcn8ys","tlshash":"b222c1e908365d7b7b35a0bce921463602d61a23931b8d6c1a5b30f35e08a673f7f5e0","first_seen":"2025-12-22T02:21:27.72957Z","last_seen":"2025-12-22T02:21:27.72957Z","times_seen":1,"resource_available":false,"data":null}},"time_used":327,"timings":{"blocked":137,"dns":1,"connect":28,"send":0,"wait":51,"receive":1,"ssl":107},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/gen_204?client=dp-bodis01_js\u0026output=uds_ads_only\u0026zx=fiwpuaul2u9s\u0026cd_fexp=72717107%2C17301545\u0026aqid=DKtIacqiLfigk-oP6oCr2Ag\u0026psid=3113057640\u0026pbt=bv\u0026adbx=290\u0026adby=177.39999389648438\u0026adbh=373\u0026adbw=700\u0026adbah=114%2C114%2C114\u0026adbn=master-1\u0026eawp=partner-dp-bodis01_js\u0026errv=842209568\u0026csala=7%7C0%7C412%7C73%7C8\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.110","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww25.80.usleallster.com/","date":"2025-12-22T02:21:02.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 16:00:06 GMT","end":"Wed, 25 Feb 2026 16:00:05 GMT"},"fingerprint":{"sha1":"06:BA:36:2F:71:DB:00:20:7E:63:51:E1:07:B3:C2:09:F9:D3:65:87","sha256":"B7:6A:65:78:FC:51:25:23:3A:6D:B6:59:D6:C1:56:D4:36:21:34:3D:25:55:DA:C7:8E:BB:EF:64:94:1B:50:C7"}}},"request":{"raw":"GET /afs/gen_204?client=dp-bodis01_js\u0026output=uds_ads_only\u0026zx=fiwpuaul2u9s\u0026cd_fexp=72717107%2C17301545\u0026aqid=DKtIacqiLfigk-oP6oCr2Ag\u0026psid=3113057640\u0026pbt=bv\u0026adbx=290\u0026adby=177.39999389648438\u0026adbh=373\u0026adbw=700\u0026adbah=114%2C114%2C114\u0026adbn=master-1\u0026eawp=partner-dp-bodis01_js\u0026errv=842209568\u0026csala=7%7C0%7C412%7C73%7C8\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww25.80.usleallster.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-kogrHfLyHe3HFUXQtwvgnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ndate: Mon, 22 Dec 2025 02:21:02 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww25.80.usleallster.com/","fqdn":"ww25.80.usleallster.com","domain":"usleallster.com","tld":"com"},"ip":{"addr":"199.59.243.228","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-22T02:20:59.908Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ww25.80.usleallster.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 22 Dec 2025 02:20:59 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 1066\r\nx-request-id: e8c35303-5537-4555-ad0b-066be57d5234\r\ncache-control: no-store, max-age=0\r\naccept-ch: sec-ch-prefers-color-scheme\r\ncritical-ch: sec-ch-prefers-color-scheme\r\nvary: sec-ch-prefers-color-scheme\r\nx-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PP8lGlmVB7pRY3yiL6NUcWlVKv3BM9+lSDkIwuTN4+NX1+YUHpqrOkJ5J+Hr8b283Z+OZO3AGNmU0CO/YPSJ/w==\r\nset-cookie: parking_session=e8c35303-5537-4555-ad0b-066be57d5234; expires=Mon, 22 Dec 2025 02:35:59 GMT; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1066,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (334)","md5":"c87476e58107bf537ae08cb811dff776","sha1":"14abecba27e122fe58fab9a768a305e107144316","sha256":"bcf10e3103f69f33115c347ca5270291059c0ba087193a0a6cdfca322b473b13","sha512":"f27af0aae3faeb512acd74ae4e8f5f2844a0d5274516482274f37fb5c297842a7995d84208d89391aad2d9cb81793fa90a8a2acebda455e50cbd95241230ea3d","ssdeep":"","tlshash":"b21179771563dd0b21b211a12e61e55c4d06575ec2106c457aeed0777d846c7e4177cc","first_seen":"2025-12-22T02:21:27.732096Z","last_seen":"2025-12-22T02:21:27.732096Z","times_seen":1,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww25.80.usleallster.com/_fd","fqdn":"ww25.80.usleallster.com","domain":"usleallster.com","tld":"com"},"ip":{"addr":"199.59.243.228","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://ww25.80.usleallster.com/","date":"2025-12-22T02:21:00.145Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /_fd HTTP/1.1\r\nHost: ww25.80.usleallster.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://ww25.80.usleallster.com/\r\nContent-Type: application/json\r\nOrigin: http://ww25.80.usleallster.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: parking_session=e8c35303-5537-4555-ad0b-066be57d5234\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 22 Dec 2025 02:21:00 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 5321\r\nx-request-id: 5725fbf8-f561-4c76-be82-671fb1e91c3a\r\nset-cookie: parking_session=e8c35303-5537-4555-ad0b-066be57d5234; expires=Mon, 22 Dec 2025 02:36:00 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5321,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"ASCII text, with very long lines (5321), with no line terminators","md5":"3da725ff93f0d889ea308fbd2abaa42a","sha1":"95e72dc9ba13d4ab58589f494accd43380b344ff","sha256":"bdfa3e8ff761c86eaab5ff58d5ac8d54082f2f98e33f831758b000820f090fb8","sha512":"8c5a523c6fa07885037cdecf08628b854539c201f32c1c0b4a3fdf997952e6dc1d7ff0226e66be8cc2884462149ab827c267b3d1a7e57976cb8d5eb9b9503394","ssdeep":"96:N9S08iCMmY4eYgvOzPULGQQGJ2ITTAwSY7S5oo2:C08iZ9fYCOzS/vNnq95oo2","tlshash":"12b160f69a99399bdb43460374ce02e9130f9afe2676226d594fd64c4a0860fb4d022f","first_seen":"2025-12-22T02:21:27.733669Z","last_seen":"2025-12-22T02:21:27.733669Z","times_seen":1,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":50,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"ww25.80.usleallster.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/adsense/domains/caf.js","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.110","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://syndicatedsearch.goog/afs/ads?sjk=A1uLG%2BGPQ6GqLnzUBhljJw%3D%3D\u0026adtest=off\u0026psid=3113057640\u0026pcsa=false\u0026channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol409%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162\u0026client=dp-bodis01_js\u0026r=m\u0026hl=en\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww25.80.usleallster.com%2F%3Fcaf%3D1%26bpt%3D345\u0026type=3\u0026swp=as-drid-2497786236455022\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545\u0026format=r3\u0026nocache=451766370060484\u0026num=0\u0026output=afd_ads\u0026domain_name=ww25.80.usleallster.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1766370060486\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=922\u0026frm=0\u0026uio=-\u0026cont=rs\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww25.80.usleallster.com%2F","date":"2025-12-22T02:21:00.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 16:00:06 GMT","end":"Wed, 25 Feb 2026 16:00:05 GMT"},"fingerprint":{"sha1":"06:BA:36:2F:71:DB:00:20:7E:63:51:E1:07:B3:C2:09:F9:D3:65:87","sha256":"B7:6A:65:78:FC:51:25:23:3A:6D:B6:59:D6:C1:56:D4:36:21:34:3D:25:55:DA:C7:8E:BB:EF:64:94:1B:50:C7"}}},"request":{"raw":"GET /adsense/domains/caf.js HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Mon, 22 Dec 2025 02:21:00 GMT\r\nexpires: Mon, 22 Dec 2025 02:21:00 GMT\r\ncache-control: private, max-age=3600\r\netag: \"16356897480330983528\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://syndicatedsearch.goog\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":134034,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2840)","md5":"6cb2ae5fef74172bd46fac2076465814","sha1":"8a69280b6ae834ae875865e26a83c782c303f509","sha256":"2b0280579e3a031edcdd4a833827f74797b72ada721b69f148823c048cc3ad56","sha512":"bcbb70e3f933a33bb19e773efe9d4cd7c32e61aafdbc119ae2728c7d8206fe4e420e1d9687cfb9148824d8a3f1f7e79c8a8e17c71dd512b4a6a7d387f296e509","ssdeep":"1536:/zL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:SuydkXiR5zzTq+bxpD3ZV4T","tlshash":"a2d33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","first_seen":"2025-12-11T16:43:36.5228Z","last_seen":"2026-01-07T19:29:49.170183Z","times_seen":11621,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.178.65","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://syndicatedsearch.goog/afs/ads?sjk=A1uLG%2BGPQ6GqLnzUBhljJw%3D%3D\u0026adtest=off\u0026psid=3113057640\u0026pcsa=false\u0026channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol409%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162\u0026client=dp-bodis01_js\u0026r=m\u0026hl=en\u0026ivt=0\u0026rpbu=http%3A%2F%2Fww25.80.usleallster.com%2F%3Fcaf%3D1%26bpt%3D345\u0026type=3\u0026swp=as-drid-2497786236455022\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545\u0026format=r3\u0026nocache=451766370060484\u0026num=0\u0026output=afd_ads\u0026domain_name=ww25.80.usleallster.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1766370060486\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=922\u0026frm=0\u0026uio=-\u0026cont=rs\u0026drt=0\u0026jsid=caf\u0026jsv=842209568\u0026rurl=http%3A%2F%2Fww25.80.usleallster.com%2F","date":"2025-12-22T02:21:01.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:55:13 GMT","end":"Wed, 25 Feb 2026 15:55:12 GMT"},"fingerprint":{"sha1":"BB:2F:99:35:46:A5:4F:CD:75:B6:61:A3:99:45:CE:A5:82:7C:6A:A8","sha256":"51:69:A9:50:80:48:79:48:6F:71:8E:9E:DA:41:D6:03:0B:43:22:4D:44:D3:E5:1D:22:C0:85:F4:47:15:19:34"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 174\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 21 Dec 2025 06:29:54 GMT\r\nexpires: Mon, 22 Dec 2025 05:29:54 GMT\r\ncache-control: public, max-age=82800\r\nage: 71467\r\nlast-modified: Thu, 02 Nov 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":200,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"11b3089d616633ca6b73b57aa877eeb4","sha1":"07632f63e06b30d9b63c97177d3a8122629bda9b","sha256":"809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1","sha512":"079b0e35b479dfdbe64a987661000f4a034b10688e26f2a5fe6aaa807e81ccc5593d40609b731ab3340e687d83dd08de4b8b1e01cdac9d4523a9f6bb3acfcba0","ssdeep":"","tlshash":"d9d02291c2182d28441e82e0c37c312600fab0a2634c00dcfa80e300b20c9abb861669","first_seen":"2023-04-06T23:53:06Z","last_seen":"2026-04-01T02:57:50.32115Z","times_seen":412182,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":98,"dns":0,"connect":14,"send":0,"wait":15,"receive":0,"ssl":78},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}