{"report_id":"2ecb4b3a-6985-4b03-b878-f0eb5afb351f","version":6,"status":"done","tags":[],"date":"2023-12-01T19:50:16Z","url":{"schema":"http","addr":"ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","fqdn":"ww3.galyqaz.com","domain":"galyqaz.com","tld":"com"},"ip":{"addr":"64.190.63.136","port":0,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","fqdn":"ww3.galyqaz.com","domain":"galyqaz.com","tld":"com"},"title":"galyqaz.com - Dette nettstedet er til salgs! - galyqaz Ressurser og informasjon"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T09:39:53Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"img.sedoparking.com","ip":{"addr":"205.234.175.175","port":443,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"domain_registered":"2001-09-18","domain_rank":54200,"first_seen":"2013-04-23 00:23:29","last_seen":"2023-12-01 05:09:33","alert_count":0,"request_count":2,"received_data":28784,"sent_data":920,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.com","ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":7,"first_seen":"2015-05-10 13:11:19","last_seen":"2023-11-19 18:48:38","alert_count":0,"request_count":8,"received_data":310881,"sent_data":5598,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ww3.galyqaz.com","ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2011-08-08","domain_rank":0,"first_seen":"2023-09-21 00:00:14","last_seen":"2023-11-30 20:47:08","alert_count":2,"request_count":2,"received_data":24392,"sent_data":1161,"comment":"","tags":null,"fingerprints":null},{"fqdn":"afs.googleusercontent.com","ip":{"addr":"142.250.74.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-11-17","domain_rank":12123,"first_seen":"2013-05-06 21:11:00","last_seen":"2023-12-01 05:10:35","alert_count":0,"request_count":2,"received_data":2089,"sent_data":987,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-01","alert":"Sinkholed","trigger":"galyqaz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-01","alert":"Sinkholed","trigger":"galyqaz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=9330244380\u0026channel=%2Cexp-0051%2Cauxa-control-1%2C12519653\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=https%3A%2F%2Fww3.galyqaz.com%2Fcaf%2F%3Fses%3DY3JlPTE3MDE0NjAxOTgmdGNpZD13dzMuZ2FseXFhei5jb202NTZhMzhlNmM2OWZjNS41Nzg2NDYyOSZ0YXNrPXNlYXJjaCZkb21haW49Z2FseXFhei5jb20mYV9pZD0zJnNlc3Npb249NXNDUzViVzFyYUJJR0tvSU1sVUc%3D\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2356511220483999\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301157\u0026format=r3%7Cs\u0026nocache=5451701460204306\u0026num=0\u0026output=afd_ads\u0026domain_name=ww3.galyqaz.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701460204314\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=999\u0026frm=0\u0026cl=579967862\u0026uio=--\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=https%3A%2F%2Fww3.galyqaz.com%2Flogin.php%3Fsub1%3D20231202-0647-43e8-8b91-d5d650c4afc4","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3bfbb97b46b8fed698a464b92cd4f26e","sha1":"78acb9b6bb2f74201a2ba02f7732298e69504fc2","sha256":"5b243108221e8f125b0c9ba3cc8f3637c91d1b5ab234c61d424074f7bfee42d6","sha512":"577c18720d0ee1c87c94f547bc6e309ffa46a1c08c7cbf16e5066e0ade81661bbe8ec4ac43458533aa433711b7737af58ca6587c7e7d420fc00fe52342745e1b","ssdeep":"","tlshash":"211100a96c1442b1d893530a1c8f7fa198d9003211cb3598a00d98a83079faf662a26b","size":900,"data":"","first_seen":"2024-08-20T17:08:52.818152Z","last_seen":"2024-08-20T17:08:52.818152Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cbe93eb59d248b9b1b2dd7d250d88a2b","sha1":"9839181a76fba020337581a9fd8eae99c44aa99d","sha256":"3b6a70927bad7500dbe7f17d9efd56ff4d6fc10997d95096c3fa87da267f6989","sha512":"2d3440846665ca9596efb069ad78354eb5e1cedd20b9a9d56620c8d8ff320312d3cb2da4c76bab0b9220fd2e7ed1759599b84aec2cf0b0eb81cfb7da30ba45eb","ssdeep":"1536:ArPOSj873QtAPyqqf/2uYgMjaitiKc1CPEU6i5QI+/F2R26i57VlcZ6gCzUIomHx:72sAU5QI+t2RqB+Z+Umpa+NilYtN","tlshash":"e3e35b9a7761302663a354f4603f028fb23ab959e84885f4f194d4e47cb8da91237fbd","size":149556,"data":"","first_seen":"2023-11-09T16:02:14Z","last_seen":"2024-08-20T20:16:24.264109Z","times_seen":923,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","fqdn":"ww3.galyqaz.com","domain":"galyqaz.com","tld":"com"},"ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"f3d92a33d83531762be9b7f5c2ec20f6","sha1":"92a000f27766871a2d38e3b1435f99ba1e717c34","sha256":"1eaecd1f65631af8d272e3d9c5124b158ac6edcc96715c910909efd3d5bce232","sha512":"a36530ef2253cab3732472a38d2ce29a9a7498c5e55355f2957f20f63201025cae591e6c8ce0d877bfe158cec86b51765db77b6278b8d2920958d4e00cce6740","ssdeep":"","tlshash":"ca519618579a1ef9752573c8e454bf44479ea103e73088c8e88ddac807defae20b417b","size":3061,"data":"","first_seen":"2024-08-20T17:08:52.818806Z","last_seen":"2024-08-20T17:08:52.818806Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c86c47042de1793f2a3da0eb723c1adc","sha1":"533a39138c249689f439cbfc0f3bcb5284fba67d","sha256":"b5e16c003b2b2706c4c2c65d559b9a55351fd37716c969a2b50fe8afb93b4fa6","sha512":"d761da7d8e81d1e53699169121442ffe726d72c603388a012cb9dd0a7b0592a22e6ee69bc3d189945fb09b4692dc924c8675e5b3ce5660ff197394e61296b1c1","ssdeep":"1536:5rPOSj873QtAPyqqf/2uYgMjaitiKc1CPEU6i5QI+/F2R26i57VlcZ6gCzUIomHx:A2sAU5QI+t2RqB+Z+Umpa+NilYtN","tlshash":"cee35b9a7761302663a354f4603f028fb23ab959e84885f4f194d4e47cb8da91237fbd","size":149599,"data":"","first_seen":"2023-11-09T14:17:49Z","last_seen":"2024-08-20T20:17:00.876481Z","times_seen":1192,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","fqdn":"ww3.galyqaz.com","domain":"galyqaz.com","tld":"com"},"ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"4ddc86a1d8ae00753cc792ab72a58071","sha1":"b405fd8562e0d0582f25f4b7ac6d180d72e0e935","sha256":"4a5f92285fc4b884f74fbf249d3c256136ae5f4c387ba90230f0f357322a6d8d","sha512":"337f042898bb652dbf059bac436e37573e42862bee51cfb738b377bca7f38fa69cfd2b77116b2cf8e4835b42d4ee9d9c609073f9d5a75d49b42dcf50f35d2bda","ssdeep":"","tlshash":"86f00cb13a71034ac632eb1be1d70195be6cc017c041f86270be90200bdc9364aa0ba6","size":622,"data":"","first_seen":"2023-03-07T01:10:36Z","last_seen":"2026-03-17T22:00:07.128949Z","times_seen":34501,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","fqdn":"ww3.galyqaz.com","domain":"galyqaz.com","tld":"com"},"ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"ea441a4ad9bf148e5d8180a531b57c2b","sha1":"f825c0d4c39d7f50bc74188a695903ba8cb5ef20","sha256":"50cc8ac8f50cdef0641f8c14ac12268a1930df9781ecf751d4d10aa1a3b772f5","sha512":"ebc54c34a180c11ade08817f9600011da80bd3a5d3b71d853c3ae91bf9d406a3e86333199bf69378c97f191d130414024798dd634a54fc23eb3d301a6c2a97b8","ssdeep":"96:jQIHrUsXy9Cp1OuKfIqT1M6BXXjgXnB9qPs7Kn4uSnx73CUnKVGSrbH:zrUs2nDxQqPCXuIRIESrbH","tlshash":"20b184733155347949ff0745206f1f14b27ee8623608b419b028b7e82bebc5744dbb6a","size":5458,"data":"","first_seen":"2023-03-07T01:02:15Z","last_seen":"2024-08-21T09:43:47.501663Z","times_seen":9041,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/ads/i/iframe.html","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"33839cb72649c81ab58b763c95b4a163","sha1":"0c9b62881e660fded013cee58439ae287690065a","sha256":"cdded269406c9b2b49a3066d12e75913abf338cdd7fa00e31fff299efef1cb76","sha512":"c72011d6bc068615b6a9e4f659c5aeb6c04a889bd4163e4a351d7659c48e715a94002e35637c3e1cb6a9b269271fb43d6b77495000ab1143ee401e2bb68b7357","ssdeep":"","tlshash":"2e218b6e4c50822f6eb63e9e296fba04fb235421e049e1d0c54cf865397df93892d9f4","size":1302,"data":"","first_seen":"2023-04-05T04:36:39Z","last_seen":"2025-03-02T05:25:03.460086Z","times_seen":67768,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"img.sedoparking.com/templates/bg/arrows.png","fqdn":"img.sedoparking.com","domain":"sedoparking.com","tld":"com"},"ip":{"addr":"205.234.175.175","port":443,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:04.050Z","timestamp":1701460204050,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cachefly.net","organization":"Cachenetworks, LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 13 Nov 2023 19:46:02 GMT","end":"Sat, 14 Dec 2024 19:46:01 GMT"},"fingerprint":{"sha1":"0F:4E:B2:D7:96:B9:94:D0:35:66:76:6C:4B:16:18:49:DE:42:80:71","sha256":"B4:3D:3A:B6:67:6B:37:A7:E4:37:72:9C:D8:78:19:54:42:D6:E2:12:1F:92:06:04:F9:E5:21:A9:9D:0F:F1:88"}}},"request":{"raw":"GET /templates/bg/arrows.png HTTP/1.1\r\nHost: img.sedoparking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww3.galyqaz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Dec 2023 19:49:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 12642\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800\r\nexpires: Fri, 08 Dec 2023 19:49:59 GMT\r\nx-cfhash: \"6dc0bad9aa452ff871b282dabd47131e\"\r\nx-cff: B\r\nlast-modified: Mon, 11 Oct 2021 05:39:44 GMT\r\nx-cf3: H\r\ncf4age: 0\r\nx-cf-tsc: 1700056312\r\ncf4ttl: 31536000.000\r\nx-cf2: H\r\nserver: CFS 0215\r\nx-cf-reqid: a7351d99469f5e82c1e2e603461d67b2\r\nx-cf1: 11696:fA.arn1:cf:cacheN.arn1-01:H\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12642,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 426 x 475, 8-bit/color RGBA, non-interlaced\\012- data","md5":"6dc0bad9aa452ff871b282dabd47131e","sha1":"01411e6726e033240caa3926141a6adbc18a2d73","sha256":"3059fbd6cd3550047483dca4071c93e5cf4cc79ce8bafc4388166fbc5279644b","sha512":"a8533391f3487677d739f950a4ec26a2ac46b345462aa9e2b087c3cb7b7cd4049b5eeea8c51a1687ba5193a1d5e8f8412a4226169d5e7991f8008666684b3467","ssdeep":"384:kDdVwWUly0UrhcAJcbPGpVyZaCzld7KNu:ydWU0UHyP2VyRMu","tlshash":"f842c0a0575188d7941fa5cb9b7ca93d56e662ea30c42750cfb8ccc9f4f4d09a3a9860","first_seen":"2023-04-07T02:44:40Z","last_seen":"2026-03-17T22:00:07.122203Z","times_seen":37861,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":65,"dns":1,"connect":7,"send":0,"wait":9,"receive":1,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/ads/i/iframe.html","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:04.323Z","timestamp":1701460204323,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /afs/ads/i/iframe.html HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww3.galyqaz.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/html\r\ncontent-security-policy: script-src 'nonce-2TFWGUoNb2UXjFMoqMiDZA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ncontent-length: 726\r\ndate: Fri, 01 Dec 2023 19:49:59 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, must-revalidate\r\nlast-modified: Tue, 14 Nov 2023 07:00:00 GMT\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":726,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (1559)","md5":"befbc71c4fc7d3be24a9a64fd5bb8a58","sha1":"cda94c56cf32d97e871c9bcfc6d0081d1e0911b3","sha256":"bcae5e04d4f4aa11f50400f5185e7b9141d62f5ea5d13c5fb478fc370ea51762","sha512":"c3ff90e303280861a75c9dd2c7a41dc7d58410c070bd3af2bf56b2b39a4ff1157dd6f8a4f885836385facb5bf140add0798cd31adbf1e8acf4da78d4f434027c","ssdeep":"","tlshash":"fe31b1ae4c60812e2eb23d9d2d5bb604fa135414e445d5c0c58cf8693d79fc3882aaf4","first_seen":"2023-12-01T20:50:16Z","last_seen":"2023-12-01T20:50:16Z","times_seen":1,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww3.galyqaz.com/search/tsc.php?200=NTM0NjM4MjA1\u002621=OTEuOTAuNDIuMTU0\u0026681=MTcwMTQ2MDE5ODNjNDA3OWZkMzMyNTM5YjZhMzI4Zjc0NzYwN2QxOTEz\u0026crc=a466a001716e73a916d94f23b80d9b6fcbc49567\u0026cv=1","fqdn":"ww3.galyqaz.com","domain":"galyqaz.com","tld":"com"},"ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:04.334Z","timestamp":1701460204334,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ww3.galyqaz.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 21 Sep 2023 00:00:00 GMT","end":"Fri, 20 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"1B:CA:09:06:7F:01:56:6C:A1:6B:A9:FD:CC:30:DD:C3:AF:84:AB:26","sha256":"20:A2:83:49:79:08:BF:2C:CB:FA:95:AD:BF:E8:07:8A:C6:F4:0C:C1:C1:A3:CF:84:3A:70:0C:E2:DF:CB:B3:7A"}}},"request":{"raw":"GET /search/tsc.php?200=NTM0NjM4MjA1\u002621=OTEuOTAuNDIuMTU0\u0026681=MTcwMTQ2MDE5ODNjNDA3OWZkMzMyNTM5YjZhMzI4Zjc0NzYwN2QxOTEz\u0026crc=a466a001716e73a916d94f23b80d9b6fcbc49567\u0026cv=1 HTTP/1.1\r\nHost: ww3.galyqaz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Fri, 01 Dec 2023 19:49:59 GMT\r\nserver: NginX\r\nx-cache-miss-from: parking-698fb476bf-6x2qm\r\nx-powered-by: PHP/8.1.17\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T14:28:22.631886Z","times_seen":14957227,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-01","alert":"Sinkholed","trigger":"galyqaz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=9330244380\u0026channel=%2Cexp-0051%2Cauxa-control-1%2C12519653\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=https%3A%2F%2Fww3.galyqaz.com%2Fcaf%2F%3Fses%3DY3JlPTE3MDE0NjAxOTgmdGNpZD13dzMuZ2FseXFhei5jb202NTZhMzhlNmM2OWZjNS41Nzg2NDYyOSZ0YXNrPXNlYXJjaCZkb21haW49Z2FseXFhei5jb20mYV9pZD0zJnNlc3Npb249NXNDUzViVzFyYUJJR0tvSU1sVUc%3D\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2356511220483999\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301157\u0026format=r3%7Cs\u0026nocache=5451701460204306\u0026num=0\u0026output=afd_ads\u0026domain_name=ww3.galyqaz.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701460204314\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=999\u0026frm=0\u0026cl=579967862\u0026uio=--\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=https%3A%2F%2Fww3.galyqaz.com%2Flogin.php%3Fsub1%3D20231202-0647-43e8-8b91-d5d650c4afc4","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:04.329Z","timestamp":1701460204329,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /afs/ads?adsafe=low\u0026adtest=off\u0026psid=9330244380\u0026channel=%2Cexp-0051%2Cauxa-control-1%2C12519653\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=https%3A%2F%2Fww3.galyqaz.com%2Fcaf%2F%3Fses%3DY3JlPTE3MDE0NjAxOTgmdGNpZD13dzMuZ2FseXFhei5jb202NTZhMzhlNmM2OWZjNS41Nzg2NDYyOSZ0YXNrPXNlYXJjaCZkb21haW49Z2FseXFhei5jb20mYV9pZD0zJnNlc3Npb249NXNDUzViVzFyYUJJR0tvSU1sVUc%3D\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2356511220483999\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301157\u0026format=r3%7Cs\u0026nocache=5451701460204306\u0026num=0\u0026output=afd_ads\u0026domain_name=ww3.galyqaz.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701460204314\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=999\u0026frm=0\u0026cl=579967862\u0026uio=--\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=https%3A%2F%2Fww3.galyqaz.com%2Flogin.php%3Fsub1%3D20231202-0647-43e8-8b91-d5d650c4afc4 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww3.galyqaz.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-disposition: inline\r\ndate: Fri, 01 Dec 2023 19:49:59 GMT\r\nexpires: Fri, 01 Dec 2023 19:49:59 GMT\r\ncache-control: private, max-age=3600\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-uQ7FSwppOS-MFeEamngu-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ncontent-encoding: br\r\nserver: gws\r\ncontent-length: 2873\r\nx-xss-protection: 0\r\nset-cookie: CONSENT=PENDING+387; expires=Sun, 30-Nov-2025 19:49:59 GMT; path=/; domain=.google.com; Secure\r\np3p: CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2873,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (13630)","md5":"a0cec521b3fce6c4fd1b3a7862318c37","sha1":"30b2f640c7be1ec2405b39602f8a01b319f0f732","sha256":"75a386c4bf961bcee6be744e0eb9625281055620ede29131cacd9316cbedc139","sha512":"3a284ab5e75f3b54db0019440ef60cd3ef27bd5fd63d317355bf30ce6161eaccb3474fcf6640268848cfe81774509d078664630afd85cf4813e5f428e670d8d1","ssdeep":"192:GE12ikpBnkXABJh6VMWrvSy4CNyRak+kI:Gni8l/66aSy4CNyRak+kI","tlshash":"2a526637646227291903dc541b2a6f6ed181d43ac46f35f848a35f25c7e7f828fe628e","first_seen":"2023-12-01T20:50:17Z","last_seen":"2023-12-01T20:50:17Z","times_seen":1,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.sedoparking.com/templates/logos/sedo_logo.png","fqdn":"img.sedoparking.com","domain":"sedoparking.com","tld":"com"},"ip":{"addr":"205.234.175.175","port":443,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:04.585Z","timestamp":1701460204585,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cachefly.net","organization":"Cachenetworks, LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 13 Nov 2023 19:46:02 GMT","end":"Sat, 14 Dec 2024 19:46:01 GMT"},"fingerprint":{"sha1":"0F:4E:B2:D7:96:B9:94:D0:35:66:76:6C:4B:16:18:49:DE:42:80:71","sha256":"B4:3D:3A:B6:67:6B:37:A7:E4:37:72:9C:D8:78:19:54:42:D6:E2:12:1F:92:06:04:F9:E5:21:A9:9D:0F:F1:88"}}},"request":{"raw":"GET /templates/logos/sedo_logo.png HTTP/1.1\r\nHost: img.sedoparking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww3.galyqaz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Dec 2023 19:49:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 15086\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800\r\nexpires: Fri, 08 Dec 2023 19:49:59 GMT\r\nx-cfhash: \"def00c11b1596db4efee6a9fbe64fc27\"\r\nx-cff: B\r\nlast-modified: Mon, 11 Jan 2021 07:44:34 GMT\r\nx-cf3: H\r\ncf4age: 0\r\nx-cf-tsc: 1700056313\r\ncf4ttl: 31536000.000\r\nx-cf2: H\r\nserver: CFS 0215\r\nx-cf-reqid: 686180635cc4db36b41577c1c2303902\r\nx-cf1: 11696:fA.arn1:cf:cacheN.arn1-01:H\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\\012- data","md5":"def00c11b1596db4efee6a9fbe64fc27","sha1":"bd298981e6d8d7e4ffa18abcf687041f4246672d","sha256":"95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4","sha512":"c056e95dbfa1aab3a50dff18c6d577dbffea72c93316ffc53b6b7aa41dcc7707a810d563894589a7305de0b76610f88150b2034670de368773b2b356f14ad30f","ssdeep":"192:jiHSINqv0tJ30DezSfPAXTZwC3D2N2xp1Fd/ar/+zi3LHZNwkQH0iWpXDt3TN8rB:jzAnP9j","tlshash":"31623e0bfd4bc358ce50b23ae67c4bfb6361d8c1b090a7e257d9d51aafa7b014c9a011","first_seen":"2023-04-14T07:11:21Z","last_seen":"2026-05-10T14:29:28.141011Z","times_seen":229617,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.74.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=9330244380\u0026channel=%2Cexp-0051%2Cauxa-control-1%2C12519653\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=https%3A%2F%2Fww3.galyqaz.com%2Fcaf%2F%3Fses%3DY3JlPTE3MDE0NjAxOTgmdGNpZD13dzMuZ2FseXFhei5jb202NTZhMzhlNmM2OWZjNS41Nzg2NDYyOSZ0YXNrPXNlYXJjaCZkb21haW49Z2FseXFhei5jb20mYV9pZD0zJnNlc3Npb249NXNDUzViVzFyYUJJR0tvSU1sVUc%3D\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2356511220483999\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301157\u0026format=r3%7Cs\u0026nocache=5451701460204306\u0026num=0\u0026output=afd_ads\u0026domain_name=ww3.galyqaz.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701460204314\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=999\u0026frm=0\u0026cl=579967862\u0026uio=--\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=https%3A%2F%2Fww3.galyqaz.com%2Flogin.php%3Fsub1%3D20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:04.813Z","timestamp":1701460204813,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:23:50 GMT","end":"Mon, 15 Jan 2024 11:23:49 GMT"},"fingerprint":{"sha1":"2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE","sha256":"40:92:8E:18:42:CF:E7:31:DB:E9:39:E6:0B:C6:BC:AE:B4:2F:20:21:CC:80:C5:E8:5F:34:DE:01:85:5C:78:F1"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.google.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 174\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 01 Dec 2023 05:48:54 GMT\r\nexpires: Sat, 02 Dec 2023 04:48:54 GMT\r\ncache-control: public, max-age=82800\r\nage: 50466\r\nlast-modified: Thu, 02 Nov 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":174,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- , ASCII text, with no line terminators","md5":"11b3089d616633ca6b73b57aa877eeb4","sha1":"07632f63e06b30d9b63c97177d3a8122629bda9b","sha256":"809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1","sha512":"079b0e35b479dfdbe64a987661000f4a034b10688e26f2a5fe6aaa807e81ccc5593d40609b731ab3340e687d83dd08de4b8b1e01cdac9d4523a9f6bb3acfcba0","ssdeep":"","tlshash":"d9d02291c2182d28441e82e0c37c312600fab0a2634c00dcfa80e300b20c9abb861669","first_seen":"2023-04-06T23:53:06Z","last_seen":"2026-05-03T22:11:49.614123Z","times_seen":412187,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":59,"dns":1,"connect":9,"send":0,"wait":19,"receive":1,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967D2","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.74.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=9330244380\u0026channel=%2Cexp-0051%2Cauxa-control-1%2C12519653\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=https%3A%2F%2Fww3.galyqaz.com%2Fcaf%2F%3Fses%3DY3JlPTE3MDE0NjAxOTgmdGNpZD13dzMuZ2FseXFhei5jb202NTZhMzhlNmM2OWZjNS41Nzg2NDYyOSZ0YXNrPXNlYXJjaCZkb21haW49Z2FseXFhei5jb20mYV9pZD0zJnNlc3Npb249NXNDUzViVzFyYUJJR0tvSU1sVUc%3D\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2356511220483999\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301157\u0026format=r3%7Cs\u0026nocache=5451701460204306\u0026num=0\u0026output=afd_ads\u0026domain_name=ww3.galyqaz.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701460204314\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=999\u0026frm=0\u0026cl=579967862\u0026uio=--\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=https%3A%2F%2Fww3.galyqaz.com%2Flogin.php%3Fsub1%3D20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:04.816Z","timestamp":1701460204816,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:23:50 GMT","end":"Mon, 15 Jan 2024 11:23:49 GMT"},"fingerprint":{"sha1":"2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE","sha256":"40:92:8E:18:42:CF:E7:31:DB:E9:39:E6:0B:C6:BC:AE:B4:2F:20:21:CC:80:C5:E8:5F:34:DE:01:85:5C:78:F1"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967D2 HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.google.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 273\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 01 Dec 2023 14:22:26 GMT\r\nexpires: Sat, 02 Dec 2023 13:22:26 GMT\r\ncache-control: public, max-age=82800\r\nlast-modified: Thu, 20 Jul 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nage: 19654\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":273,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- , ASCII text, with very long lines (390)","md5":"6751e07e0f93bd43ab90822f4b2eb62a","sha1":"d1d0c6f0b4697b0a4e61ffbf171e8c60eac7c832","sha256":"ff563f41765da081fe9fd40e8bb33a623df033b10050a8ae8c1b46e15107d8f1","sha512":"a00080e16354a0193a31cb848cbbd81afebf9253bece0b81003027fd9435a060af56c520d0c003d91086105616cf0511f54c12cfbda261fe917d054aef8b0c79","ssdeep":"","tlshash":"66e0a2ea82842c048a8543b0ed08a2a002eff076130c90bbc1a0e6f8b0088aaacd2604","first_seen":"2023-04-14T22:04:42Z","last_seen":"2026-04-30T15:48:15.782678Z","times_seen":36067,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":66,"dns":3,"connect":9,"send":0,"wait":11,"receive":0,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=soab1s2muoc0\u0026aqid=5zhqZenaH9WqxdwPxbSY4A4\u0026psid=9330244380\u0026pbt=bs\u0026adbx=406.66668701171875\u0026adby=134.64999389648438\u0026adbh=554\u0026adbw=467\u0026adbah=178%2C178%2C178\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=16%7C0%7C348%7C71%7C51\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:06.295Z","timestamp":1701460206295,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=soab1s2muoc0\u0026aqid=5zhqZenaH9WqxdwPxbSY4A4\u0026psid=9330244380\u0026pbt=bs\u0026adbx=406.66668701171875\u0026adby=134.64999389648438\u0026adbh=554\u0026adbw=467\u0026adbah=178%2C178%2C178\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=16%7C0%7C348%7C71%7C51\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww3.galyqaz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-x2hvFr9_wV0dwecKXmmdpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\np3p: CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"\r\ndate: Fri, 01 Dec 2023 19:50:01 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: NID=511=dBVSAlbMyL65UJQfoj8Knc0Hat4QAjWpvd1adQdsj-mjgE_V53M6pCNj2Oi_T2HRvhkfVFnVFwyoAzS536jVm0Czsd8ghFfzQtOZSZNW6fSr3mfTopqr9iradsX-joAcOg5RJoAoN1rx5hpB3nM-tUTMT5XCM_eL4zVZv7oJlQI; expires=Sat, 01-Jun-2024 19:50:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none\nCONSENT=PENDING+535; expires=Sun, 30-Nov-2025 19:50:01 GMT; path=/; domain=.google.com; Secure\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T14:28:22.631886Z","times_seen":14957227,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=45ebyu2sxvz1\u0026aqid=5zhqZenaH9WqxdwPxbSY4A4\u0026pbt=bs\u0026adbx=490\u0026adby=807.6500244140625\u0026adbh=17\u0026adbw=300\u0026adbn=slave-1-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=5%7C0%7C359%7C71%7C52\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:06.294Z","timestamp":1701460206294,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=45ebyu2sxvz1\u0026aqid=5zhqZenaH9WqxdwPxbSY4A4\u0026pbt=bs\u0026adbx=490\u0026adby=807.6500244140625\u0026adbh=17\u0026adbw=300\u0026adbn=slave-1-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=5%7C0%7C359%7C71%7C52\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww3.galyqaz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-35nHPKdLx4otpIedE3rTkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\np3p: CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"\r\ndate: Fri, 01 Dec 2023 19:50:01 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: NID=511=Vn2jL7W0zTW6jth4Zi8V44tJ-dMfqqzqwowAFzAt74Hfd5qcZdxewDrz4QpMVROXuuEu0mbYnReM__wLq4rWa9KFZGh1O-hD9dwY0ZKPr9P--RjKwR7m8eVUab6F-E-dxghEvWwEw1t1knTrLnLct6TNINHlN6XeCaOO7Sm6Y_E; expires=Sat, 01-Jun-2024 19:50:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none\nCONSENT=PENDING+543; expires=Sun, 30-Nov-2025 19:50:01 GMT; path=/; domain=.google.com; Secure\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T14:28:22.631886Z","times_seen":14957227,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=7l46boxda2z9\u0026aqid=5zhqZenaH9WqxdwPxbSY4A4\u0026pbt=bv\u0026adbx=490\u0026adby=807.6500244140625\u0026adbh=17\u0026adbw=300\u0026adbn=slave-1-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=5%7C0%7C359%7C71%7C52\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:06.795Z","timestamp":1701460206795,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=7l46boxda2z9\u0026aqid=5zhqZenaH9WqxdwPxbSY4A4\u0026pbt=bv\u0026adbx=490\u0026adby=807.6500244140625\u0026adbh=17\u0026adbw=300\u0026adbn=slave-1-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=5%7C0%7C359%7C71%7C52\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww3.galyqaz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-j4TPqDRva_Q4vrtOHV_v5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\np3p: CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"\r\ndate: Fri, 01 Dec 2023 19:50:01 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: NID=511=k_HAnr_PTCDIoELn4tmNO9uixg_WkrXeRmgKQetQMrijP8bo1o66OeKfRHT7KeQIvpss0kjjWqzmceHm0Mz3yglBPgehuesy1tH5NCAAhyJLepgl8ZQJfOXvVlAXxEwjkQE0i2BVwH7jpk8J6oT3gGS4wGr-o9wxu9EtxlUQc68; expires=Sat, 01-Jun-2024 19:50:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none\nCONSENT=PENDING+889; expires=Sun, 30-Nov-2025 19:50:01 GMT; path=/; domain=.google.com; Secure\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T14:28:22.631886Z","times_seen":14957227,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=kjeq48r70wfr\u0026aqid=5zhqZenaH9WqxdwPxbSY4A4\u0026psid=9330244380\u0026pbt=bv\u0026adbx=406.66668701171875\u0026adby=134.64999389648438\u0026adbh=554\u0026adbw=467\u0026adbah=178%2C178%2C178\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=16%7C0%7C348%7C71%7C51\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:06.796Z","timestamp":1701460206796,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=kjeq48r70wfr\u0026aqid=5zhqZenaH9WqxdwPxbSY4A4\u0026psid=9330244380\u0026pbt=bv\u0026adbx=406.66668701171875\u0026adby=134.64999389648438\u0026adbh=554\u0026adbw=467\u0026adbah=178%2C178%2C178\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=16%7C0%7C348%7C71%7C51\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww3.galyqaz.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-fJoQ8iafBDJBQklKazzXdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\np3p: CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"\r\ndate: Fri, 01 Dec 2023 19:50:01 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: NID=511=sCG4_giHFeTl9ND_ilrp3n9HRRMZG9zgevKgk06x8AhiJunaDNAdeniXpxfa93ltK1P0sJe26ZE2hS9WFVlnV8GqS8fF9PJtuTtNH8Gg4ILcsHqM4GFQqrCsRN95uC1C5fsgV2FscAU_31BSc7zV1rzXG_zal0ods1f614A7p4Q; expires=Sat, 01-Jun-2024 19:50:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none\nCONSENT=PENDING+952; expires=Sun, 30-Nov-2025 19:50:01 GMT; path=/; domain=.google.com; Secure\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T14:28:22.631886Z","times_seen":14957227,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:04.046Z","timestamp":1701460204046,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:57 GMT","end":"Mon, 15 Jan 2024 11:24:56 GMT"},"fingerprint":{"sha1":"B0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1","sha256":"8E:7A:F4:2A:73:D7:C2:C9:1E:EC:59:1E:76:11:A4:E4:8D:03:F6:64:60:A2:8A:86:33:52:6B:1D:FE:19:FA:8D"}}},"request":{"raw":"GET /adsense/domains/caf.js HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww3.galyqaz.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Fri, 01 Dec 2023 19:49:59 GMT\r\nexpires: Fri, 01 Dec 2023 19:49:59 GMT\r\ncache-control: private, max-age=3600\r\netag: \"9734699286587705072\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://www.adsensecustomsearchads.com\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":149599,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (1888)","md5":"c86c47042de1793f2a3da0eb723c1adc","sha1":"533a39138c249689f439cbfc0f3bcb5284fba67d","sha256":"b5e16c003b2b2706c4c2c65d559b9a55351fd37716c969a2b50fe8afb93b4fa6","sha512":"d761da7d8e81d1e53699169121442ffe726d72c603388a012cb9dd0a7b0592a22e6ee69bc3d189945fb09b4692dc924c8675e5b3ce5660ff197394e61296b1c1","ssdeep":"1536:5rPOSj873QtAPyqqf/2uYgMjaitiKc1CPEU6i5QI+/F2R26i57VlcZ6gCzUIomHx:A2sAU5QI+t2RqB+Z+Umpa+NilYtN","tlshash":"cee35b9a7761302663a354f4603f028fb23ab959e84885f4f194d4e47cb8da91237fbd","first_seen":"2023-11-09T14:17:49Z","last_seen":"2024-08-20T20:17:00.876481Z","times_seen":1192,"resource_available":true,"data":null}},"time_used":336,"timings":{"blocked":150,"dns":1,"connect":8,"send":0,"wait":21,"receive":12,"ssl":142},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=9330244380\u0026channel=%2Cexp-0051%2Cauxa-control-1%2C12519653\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=https%3A%2F%2Fww3.galyqaz.com%2Fcaf%2F%3Fses%3DY3JlPTE3MDE0NjAxOTgmdGNpZD13dzMuZ2FseXFhei5jb202NTZhMzhlNmM2OWZjNS41Nzg2NDYyOSZ0YXNrPXNlYXJjaCZkb21haW49Z2FseXFhei5jb20mYV9pZD0zJnNlc3Npb249NXNDUzViVzFyYUJJR0tvSU1sVUc%3D\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2356511220483999\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301157\u0026format=r3%7Cs\u0026nocache=5451701460204306\u0026num=0\u0026output=afd_ads\u0026domain_name=ww3.galyqaz.com\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701460204314\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=999\u0026frm=0\u0026cl=579967862\u0026uio=--\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=https%3A%2F%2Fww3.galyqaz.com%2Flogin.php%3Fsub1%3D20231202-0647-43e8-8b91-d5d650c4afc4","date":"2023-12-01T19:50:04.655Z","timestamp":1701460204655,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /adsense/domains/caf.js HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.google.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Fri, 01 Dec 2023 19:49:59 GMT\r\nexpires: Fri, 01 Dec 2023 19:49:59 GMT\r\ncache-control: private, max-age=3600\r\netag: \"12555982560793362632\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://www.adsensecustomsearchads.com\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":149556,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (1888)","md5":"cbe93eb59d248b9b1b2dd7d250d88a2b","sha1":"9839181a76fba020337581a9fd8eae99c44aa99d","sha256":"3b6a70927bad7500dbe7f17d9efd56ff4d6fc10997d95096c3fa87da267f6989","sha512":"2d3440846665ca9596efb069ad78354eb5e1cedd20b9a9d56620c8d8ff320312d3cb2da4c76bab0b9220fd2e7ed1759599b84aec2cf0b0eb81cfb7da30ba45eb","ssdeep":"1536:ArPOSj873QtAPyqqf/2uYgMjaitiKc1CPEU6i5QI+/F2R26i57VlcZ6gCzUIomHx:72sAU5QI+t2RqB+Z+Umpa+NilYtN","tlshash":"e3e35b9a7761302663a354f4603f028fb23ab959e84885f4f194d4e47cb8da91237fbd","first_seen":"2023-11-09T16:02:14Z","last_seen":"2024-08-20T20:16:24.264109Z","times_seen":923,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":20,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww3.galyqaz.com/login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4","fqdn":"ww3.galyqaz.com","domain":"galyqaz.com","tld":"com"},"ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-01T19:50:03.313Z","timestamp":1701460203313,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ww3.galyqaz.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 21 Sep 2023 00:00:00 GMT","end":"Fri, 20 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"1B:CA:09:06:7F:01:56:6C:A1:6B:A9:FD:CC:30:DD:C3:AF:84:AB:26","sha256":"20:A2:83:49:79:08:BF:2C:CB:FA:95:AD:BF:E8:07:8A:C6:F4:0C:C1:C1:A3:CF:84:3A:70:0C:E2:DF:CB:B3:7A"}}},"request":{"raw":"GET /login.php?sub1=20231202-0647-43e8-8b91-d5d650c4afc4 HTTP/1.1\r\nHost: ww3.galyqaz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Fri, 01 Dec 2023 19:49:59 GMT\r\nexpires: Mon, 26 Jul 1997 05:00:00 GMT\r\nlast-modified: Fri, 01 Dec 2023 19:49:58 GMT\r\npragma: no-cache\r\nserver: NginX\r\nvary: Accept-Encoding\r\nx-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_fRc3fZIdUBybft8be1l09shdvDdMiJKDOLnoT6LDDnym6uDw9fNPYc1RL0qZvO7pbEQlDkEuo0QnkmSqsnkYpQ==\r\nx-cache-miss-from: parking-698fb476bf-lvhcl\r\nx-powered-by: PHP/8.1.17\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23511,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T14:28:22.631886Z","times_seen":14957227,"resource_available":true,"data":null}},"time_used":891,"timings":{"blocked":308,"dns":2,"connect":31,"send":0,"wait":257,"receive":0,"ssl":290},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-01","alert":"Sinkholed","trigger":"galyqaz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}