{"report_id":"3a9e5c84-2845-4704-a791-3a8a808c3c4d","version":6,"status":"done","tags":[],"date":"2025-10-26T07:05:02Z","url":{"schema":"http","addr":"gzeao.earthheartsmith.top/","fqdn":"gzeao.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"172.237.146.25","port":0,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","fqdn":"ww1.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"title":"earthheartsmith.top - earthheartsmith Ressurser og informasjon"},"submit":{"url":{"schema":"http","addr":"gzeao.earthheartsmith.top/","fqdn":"gzeao.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"172.237.146.25","port":0,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-30T07:05:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T07:04:40Z","timestamp":1761462280,"ip_dst":{"addr":"172.237.146.25","port":80,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.5","port":56898,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-10-26T07:04:40.290882+0000\",\"flow_id\":247127184247435,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":56898,\"dest_ip\":\"172.237.146.25\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"gzeao.earthheartsmith.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":536},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":3566,\"start\":\"2025-10-26T07:04:40.068235+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ww1.earthheartsmith.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"img.sedoparking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"gzeao.earthheartsmith.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"gzeao.earthheartsmith.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-01-08","domain_rank":0,"first_seen":"2025-10-26T07:05:02.527359Z","last_seen":"2025-10-26T07:05:02.527359Z","alert_count":5,"request_count":3,"received_data":5334,"sent_data":1279,"comment":"","tags":null,"fingerprints":null},{"fqdn":"router.parklogic.com","ip":{"addr":"172.234.216.100","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"domain_registered":"2007-02-28","domain_rank":346495,"first_seen":"2025-03-19T10:23:50.028513Z","last_seen":"2025-10-19T22:57:43.595933Z","alert_count":0,"request_count":1,"received_data":224,"sent_data":518,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ww1.earthheartsmith.top","ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2024-01-08","domain_rank":0,"first_seen":"2025-07-17T00:32:14.785215Z","last_seen":"2025-09-05T09:00:34.183129Z","alert_count":2,"request_count":2,"received_data":25242,"sent_data":1452,"comment":"","tags":null,"fingerprints":null},{"fqdn":"syndicatedsearch.goog","ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-04-14","domain_rank":5365,"first_seen":"2023-09-25T09:30:59Z","last_seen":"2025-10-19T22:17:31.940118Z","alert_count":0,"request_count":7,"received_data":181043,"sent_data":5460,"comment":"","tags":null,"fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}]},{"fqdn":"afs.googleusercontent.com","ip":{"addr":"142.250.74.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-11-17","domain_rank":65181,"first_seen":"2013-05-06T19:11:00Z","last_seen":"2025-10-19T22:17:32.08296Z","alert_count":0,"request_count":2,"received_data":2237,"sent_data":1005,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.com","ip":{"addr":"142.250.74.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2025-10-19T22:12:30.748133Z","alert_count":0,"request_count":1,"received_data":160388,"sent_data":477,"comment":"","tags":null,"fingerprints":null},{"fqdn":"parking3.parklogic.com","ip":{"addr":"172.232.7.47","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"domain_registered":"2007-02-28","domain_rank":497061,"first_seen":"2023-05-10T10:50:24Z","last_seen":"2025-10-19T22:40:56.837974Z","alert_count":0,"request_count":2,"received_data":1938,"sent_data":1127,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img.sedoparking.com","ip":{"addr":"205.234.175.175","port":443,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"domain_registered":"2001-09-18","domain_rank":591238,"first_seen":"2013-04-22T22:23:29Z","last_seen":"2025-10-19T22:31:19.466305Z","alert_count":2,"request_count":2,"received_data":29658,"sent_data":933,"comment":"","tags":null,"fingerprints":[{"name":"CacheFly","description":"CacheFly is a content delivery network (CDN) which offers CDN service that relies solely on IP anycast for routing, rather than DNS based global load balancing.","website":"https://www.cachefly.com","common_platform_enumeration":"","icon":"CacheFly.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T07:04:40Z","timestamp":1761462280,"ip_dst":{"addr":"172.237.146.25","port":80,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.5","port":56898,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-10-26T07:04:40.290882+0000\",\"flow_id\":247127184247435,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":56898,\"dest_ip\":\"172.237.146.25\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"gzeao.earthheartsmith.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":536},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":3566,\"start\":\"2025-10-26T07:04:40.068235+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"gzeao.earthheartsmith.top/","fqdn":"gzeao.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"172.237.146.25","port":80,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"46290f6e748f0447ae3ae3060056e3cd","sha1":"7ffe671754d2e2fbd1c4379262823271393195ce","sha256":"e9148d237adcc6e10b379b1165e3d8a1cbdb0c45614d37baf1ffe9e48cad0b5c","sha512":"18e8b0aa4639c76cc806eeda02c5d864e0b38a7b03dc0111f105d95ba13b50e4514d158407ea5b41565ef50a54a8795425bd00b7cbf937744984781e8a528dba","ssdeep":"96:ItDJYtoAJS8ffKH1NPIX4rDIcQ0ucq4o5nZQt+S5I7Bma8:IVJYtoA1ffqzr/IcQ0ybepmoa8","tlshash":"17911832b38630794be510aaa57b9718723e931535074032e7adfcd13c20a9f50c6f9a","size":4327,"data":"","first_seen":"2025-10-26T07:05:07.861702Z","last_seen":"2025-10-26T07:05:07.861702Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-26T07:04:40Z","timestamp":1761462280,"ip_dst":{"addr":"172.237.146.25","port":80,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.5","port":56898,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-10-26T07:04:40.290882+0000\",\"flow_id\":247127184247435,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":56898,\"dest_ip\":\"172.237.146.25\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"gzeao.earthheartsmith.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":536},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":3566,\"start\":\"2025-10-26T07:04:40.068235+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","fqdn":"ww1.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"c1d0bde8311bf9099a2403c78e1709de","sha1":"ae30484cf4567b1dc2465f62d0701e11471779f9","sha256":"1967cb4683b0a8a54a8cae65aafe6d160ab53ef8f523e55456114c46a4a30576","sha512":"df12cf48c0303bc514208b18401aef6b70bc57dcb1232fcd7399d33fd4d08a06209c5cd785151cd9837aaeab0c7571d71a0da80823a80f42c3de4c4f9dbd19a1","ssdeep":"","tlshash":"54813a0a5b8a1ef5c35847dad1016e320b5ec66b5a20e0eee1987f4857cfacd1f30613","size":4077,"data":"","first_seen":"2025-10-26T07:05:07.862938Z","last_seen":"2025-10-26T07:05:07.862938Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","fqdn":"ww1.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"a250fbc5a068488660893f64bcbd3883","sha1":"a1b5f3c0b8e3d1d4b24c80a2b0ec26e1bfdb710b","sha256":"c23bcb1a9582fa5e6a7640914593be32834a9f9c9996d30c430906c46a448b49","sha512":"74d79330c6ca36635369bb8304f69840d61f91475aedb739a3aace36572481c636cdf1b44089dff65720bdc905c0dc22bcda1e5d78e4775c60253f13ef4abc3e","ssdeep":"","tlshash":"49f00cf13a70030ac632e757e1da22a17e6cc053c081f8a271bea0200fc8a2617a0b96","size":622,"data":"","first_seen":"2023-03-07T01:02:15Z","last_seen":"2026-02-24T17:29:47.598055Z","times_seen":74327,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"parking3.parklogic.com/page/enhance.js?pcId=1\u0026domain=earthheartsmith.top","fqdn":"parking3.parklogic.com","domain":"parklogic.com","tld":"com"},"ip":{"addr":"172.232.7.47","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"46aa164554367bb49676742d04ba0019","sha1":"4771f63a2c90ab6041c842f7d5922b8e6baffce3","sha256":"b1f74d9affab7936cd764e30f085288ca9c7a58ae25f24e31b08e1a573635000","sha512":"7fd3766b9af48f01daff249c7e6c2ad3a25136ccfb991815eb7852080fe2839f9e19c219a0672d54048b68bb2ce834191362f75d1ea33e60ab55d735c929797c","ssdeep":"","tlshash":"e8310d4e596462b445b3202de20ba0106f3bc65a311de552ba6dca405f5fe2f8333add","size":1617,"data":"","first_seen":"2025-10-26T07:05:07.854199Z","last_seen":"2025-10-26T07:05:07.854199Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","fqdn":"ww1.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"978e89b89f929ebbd0a746295eafbcbe","sha1":"6b92ab60432c1e5a8aebc60ebc94f1f24c28cea6","sha256":"848eaac812a5c6ef9f75fc33f2bfbb7169bfea60bc4d4a28a7e77d1737ca42ac","sha512":"c7b6c342a6cc4121c889e38dc07ec85f7b3b1ff7811c0babb5f5abaf39a984424751eb1a7ff400e9bd45f0d49e96be85ff30023dfe9de0b3c0463e1d136e42d1","ssdeep":"96:zQIHrUsXy9Cp1OuKfIqT1M6BXXjgXnB9qPsBJaqJ4uSnx73CUnKVGSrbH:jrUs2nDxQqPJTuIRIESrbH","tlshash":"26c194723145347a4aff0751206f1f14b67ae8533a08b419b028b7e82bebd5744dbb6a","size":5888,"data":"","first_seen":"2024-05-23T11:11:38Z","last_seen":"2026-03-23T00:52:59.161451Z","times_seen":188504,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/ads/i/iframe.html","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"53a557946308585635eb80aec5326b9e","sha1":"544b125203bfbb516566a63c9ef3dc57e9c06df9","sha256":"eff95f5e15f8aa8c8b8c0f3aaeedba0091c1ec9732d78b6594c9ceb26c8eff28","sha512":"31c607e84c67799c8bce08e64fdd2c0164b164752ef3d7b1aaa9b2dda5b749e5064b44a66ae53109ccfdbdf7c6760bfc074502f65de4f4ed1fd6c50963885872","ssdeep":"","tlshash":"2621bb6e4c50822f2eb23edd285bb604fa235420e089e1d0c48cf9643979fd3882d9f4","size":1293,"data":"","first_seen":"2025-03-02T07:28:43.564096Z","last_seen":"2026-04-02T03:58:14.106009Z","times_seen":123069,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/ads?adsafe=low\u0026adtest=off\u0026psid=3259787283\u0026channel=exp-0051%2Cauxa-control-1%2C23197244\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fww1.earthheartsmith.top%2Fcaf%2F%3Fses%3DY3JlPTE3NjE0NjIyODImdGNpZD13dzEuZWFydGhoZWFydHNtaXRoLnRvcDY4ZmRjODBhYjNkYjg1LjYyNTAwNjY2JnRhc2s9c2VhcmNoJmRvbWFpbj1lYXJ0aGhlYXJ0c21pdGgudG9wJmFfaWQ9MyZzZXNzaW9uPXJPWjZTdUtGRi1rZngza3lpZ2Ru\u0026type=3\u0026swp=as-drid-2795522040535628\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C73110181\u0026format=r3%7Cs\u0026nocache=7861761462283140\u0026num=0\u0026output=afd_ads\u0026domain_name=ww1.earthheartsmith.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1761462283148\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=962\u0026frm=0\u0026uio=--\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=821662118\u0026rurl=https%3A%2F%2Fww1.earthheartsmith.top%2F%3Fusid%3D113%26utid%3Dbbf0907c142c27025ae85dab9268f47e\u0026referer=http%3A%2F%2Fgzeao.earthheartsmith.top%2F","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"16433508fba2eec310598a9b0e41fed0","sha1":"1e7405f30132592af2939100afef63e53f0612a6","sha256":"c2b99c4f09b046ca3c4c672d551dd827cef3258259b1e8d8d582e7c49d074854","sha512":"d588a487e2c4fd48bbbd52ef4f8c8661497851659d9cee94535a87beee2b8ed501e4e1bcad4482ebb89fc17684f88142d245be9ab2e3fb9fecb8e6406881dd10","ssdeep":"","tlshash":"311140ee68692531c93315259c0a3f93a45a153122832442e04ea8ae2479fcea94c0eb","size":893,"data":"","first_seen":"2025-10-26T07:05:07.866004Z","last_seen":"2025-10-26T07:05:07.866004Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/adsense/domains/caf.js","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ae568e02c2510f0b6165a253148a4c26","sha1":"a6e006c6b3cdb5e2683b6a8ef51a49db69da6521","sha256":"92087711702c49e8955e04dac6bdb534558775588df37e0f65e0f0d0749304a4","sha512":"dd0dd1e17b3a7d72d41eab604cdc477949adbbccd969eebb81baf1b4fdc907a43f3454daffa8c81b62323167b40dd2fd90cb0ec55e09725872b6bba2bbc7074c","ssdeep":"1536:9VsPYXEsIOcIB2VKlwYZWElir7GqWjW0km4D9FJ2VMsOQg6nXX8qW/KRWsC9okdo:l0kBYKKQ4D9qMFUXyV9okdxCoH4","tlshash":"f8f34bdd73a1702243a394b4603f018fb139b865e84c89a4f199d9e87cb4da94277fbd","size":159679,"data":"","first_seen":"2025-10-21T17:13:33.38863Z","last_seen":"2025-10-28T13:21:42.234712Z","times_seen":1065,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"072c1f92313a86c6974fceb453848e02","sha1":"608ab861288d6cd70e3492d24fd901019a5c3496","sha256":"095e3e9909d6a02cb4dfaa2a41a863bba1e819d636df43dafef1932ef2fbddd2","sha512":"1d9db25f6c958315d966f0a8e1bed44250b710b206640fa81f06732efcfdc75a951f5b290ccd3e514826fa13c65c54806fb26a1b4ff81e744f4b6a8701402212","ssdeep":"1536:dVsPYXEsIOcIB2VKlwYZWElir7GqWjW0km4D9FJ2VMsOQg6nXX8qW/KRWsC9okdo:F0kBYKKQ4D9qMFUXyV9okdxCoH4","tlshash":"4af34bcd73a1702243a394b4603f018fb139b865e84c89a4f199d9e87cb4da94277fbd","size":159672,"data":"","first_seen":"2025-10-22T16:42:01.670696Z","last_seen":"2025-10-29T14:15:31.349315Z","times_seen":1527,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","fqdn":"ww1.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T07:04:42.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ww1.earthheartsmith.top","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"43:A0:4B:AA:A3:80:A7:D9:E5:5C:42:C2:19:61:B4:00:D4:EC:B8:C2","sha256":"D2:32:38:36:B9:F3:BB:10:F0:C2:8E:CA:EF:38:8F:05:D1:B4:F0:0B:0B:C1:DF:00:99:23:5B:F6:74:4D:6C:98"}}},"request":{"raw":"GET /?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e HTTP/1.1\r\nHost: ww1.earthheartsmith.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://gzeao.earthheartsmith.top/\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sun, 26 Oct 2025 07:04:42 GMT\r\nexpires: Mon, 26 Jul 1997 05:00:00 GMT\r\nlast-modified: Sun, 26 Oct 2025 07:04:42 GMT\r\npragma: no-cache\r\nserver: Parking/1.0\r\nvary: Accept-Encoding\r\nx-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_ZdlUtJomOhN9j0XbRBEVv37NkR4DBy6auxdeL9XYIfCE4ejRN3tZ6adcNFnp0LIdKmrMgxzIEyYMFgHUr5psAQ==\r\nx-cache-miss-from: parking-7fbf5fd67f-2k2xr\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24399,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (10563)","md5":"3eac358309b4b789f76defaf004e94f8","sha1":"92a2abc0f0a9cc1055d75cf386e323903228f79d","sha256":"b4fab52f5635f90ca704c56b1902674437a5e36be2117bcd971b78f527214f24","sha512":"ea8cc283f2f4e9fc5ce1e7db2472536e783fddd4ea0d0ed45918ca03bd9fc68ed0815450677fcc1b50b4dd8f941dabda4abf6ae60b85d81308cff1081616c2c0","ssdeep":"384:5ideAvTNakL6V42jw01iFutbiPLvTqmBYTqkOlLgulFBXYGraFBTuIRIESrbO:5ifvTN1L6CjFuRiPtibOqulFBXYKGBTb","tlshash":"d1b2f9322e882475e2b7866db1d1bb11b724c913d51269a9f05cf3a8cfcbd8716d2f06","first_seen":"2025-10-26T07:05:07.849859Z","last_seen":"2025-10-26T07:05:07.849859Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1005,"timings":{"blocked":462,"dns":246,"connect":37,"send":0,"wait":81,"receive":0,"ssl":177},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ww1.earthheartsmith.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/ads/i/iframe.html","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:43.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:37:25 GMT","end":"Wed, 24 Dec 2025 14:37:24 GMT"},"fingerprint":{"sha1":"1C:60:96:F4:86:58:7B:06:EF:58:5E:19:61:E6:AA:DD:88:E8:B1:24","sha256":"13:CE:28:28:38:E7:D5:A3:98:9C:11:48:F1:F0:38:7C:61:90:9D:B8:F8:E6:D1:51:91:4B:3E:6E:44:FB:C5:DF"}}},"request":{"raw":"GET /afs/ads/i/iframe.html HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/html\r\ncontent-security-policy: script-src 'nonce-pXsd-G984joukUSCAKchQQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ncontent-length: 729\r\ndate: Sun, 26 Oct 2025 07:04:43 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, must-revalidate\r\nlast-modified: Tue, 17 Sep 2024 06:00:00 GMT\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1560,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1559)","md5":"812a398c4fbaeed884f6162d4bc491c3","sha1":"f0667e727c89053b3626d17a807e2a60b1835aee","sha256":"59da6ba09e102db2bd2c8d678a73805be9df6fc18266cb177410092fe6daff1c","sha512":"5984cedbcdcde6d86769be32b8e97971c0843c58841f3798b30ff1e11cb19827d1eeca174f727e99d1f218e5b4449bb3ea288405805b1c1911292c315bcd244e","ssdeep":"","tlshash":"a83190ae4c50412e6db63d9d2d5bb604fa139424e445d5d0c58cf86939b9fc3882a9f4","first_seen":"2025-10-26T07:05:07.851573Z","last_seen":"2025-10-26T07:05:07.851573Z","times_seen":1,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":85,"dns":1,"connect":7,"send":0,"wait":16,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.74.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://syndicatedsearch.goog/afs/ads?adsafe=low\u0026adtest=off\u0026psid=3259787283\u0026channel=exp-0051%2Cauxa-control-1%2C23197244\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fww1.earthheartsmith.top%2Fcaf%2F%3Fses%3DY3JlPTE3NjE0NjIyODImdGNpZD13dzEuZWFydGhoZWFydHNtaXRoLnRvcDY4ZmRjODBhYjNkYjg1LjYyNTAwNjY2JnRhc2s9c2VhcmNoJmRvbWFpbj1lYXJ0aGhlYXJ0c21pdGgudG9wJmFfaWQ9MyZzZXNzaW9uPXJPWjZTdUtGRi1rZngza3lpZ2Ru\u0026type=3\u0026swp=as-drid-2795522040535628\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C73110181\u0026format=r3%7Cs\u0026nocache=7861761462283140\u0026num=0\u0026output=afd_ads\u0026domain_name=ww1.earthheartsmith.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1761462283148\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=962\u0026frm=0\u0026uio=--\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=821662118\u0026rurl=https%3A%2F%2Fww1.earthheartsmith.top%2F%3Fusid%3D113%26utid%3Dbbf0907c142c27025ae85dab9268f47e\u0026referer=http%3A%2F%2Fgzeao.earthheartsmith.top%2F","date":"2025-10-26T07:04:43.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:33:53 GMT","end":"Wed, 24 Dec 2025 14:33:52 GMT"},"fingerprint":{"sha1":"DD:9F:C9:E5:86:0D:58:3C:A2:54:E5:B3:6A:85:3A:67:2E:6B:01:32","sha256":"70:67:CB:37:75:D4:DC:75:3D:35:D0:E5:15:E0:5B:7E:12:75:F1:AA:1D:A5:3E:0B:52:C8:17:7C:4E:49:44:01"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2 HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 272\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 25 Oct 2025 15:18:21 GMT\r\nexpires: Sun, 26 Oct 2025 14:18:21 GMT\r\ncache-control: public, max-age=82800\r\nage: 56782\r\nlast-modified: Thu, 20 Jul 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":391,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a6ad6e65373db8c1b1f154c4c83f8ce5","sha1":"84cc007d6d682c589e1e1f87482a5278830f3000","sha256":"920a378947204498c122722933b3a4b67788a2b6fade8bd0d47cf830eeee0563","sha512":"09b6d4711c284b1a04c9c4d874f3d1ddfc876c1491fb2aa283a13505bcdbfe90b02731d0b7ad5f492b1dda2161a4afe20040801ea634d2727cde84319adfb1d2","ssdeep":"","tlshash":"e7e0f1fa81842c004a4543b0ed0867a002eff076530c80b7c1e0e6fcb0048da6cc2744","first_seen":"2023-04-11T10:59:33Z","last_seen":"2026-02-24T17:29:47.593465Z","times_seen":82937,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":97,"dns":2,"connect":22,"send":0,"wait":21,"receive":0,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=b8027a4jwegu\u0026cd_fexp=72717108%2C73110181\u0026aqid=C8j9aOm8EsDMjuwP2eiZkAY\u0026psid=3259787283\u0026pbt=bs\u0026adbx=490\u0026adby=807.6500244140625\u0026adbh=17\u0026adbw=300\u0026adbn=slave-1-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=821662118\u0026csala=7%7C0%7C274%7C94%7C44\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:45.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:37:25 GMT","end":"Wed, 24 Dec 2025 14:37:24 GMT"},"fingerprint":{"sha1":"1C:60:96:F4:86:58:7B:06:EF:58:5E:19:61:E6:AA:DD:88:E8:B1:24","sha256":"13:CE:28:28:38:E7:D5:A3:98:9C:11:48:F1:F0:38:7C:61:90:9D:B8:F8:E6:D1:51:91:4B:3E:6E:44:FB:C5:DF"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=b8027a4jwegu\u0026cd_fexp=72717108%2C73110181\u0026aqid=C8j9aOm8EsDMjuwP2eiZkAY\u0026psid=3259787283\u0026pbt=bs\u0026adbx=490\u0026adby=807.6500244140625\u0026adbh=17\u0026adbw=300\u0026adbn=slave-1-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=821662118\u0026csala=7%7C0%7C274%7C94%7C44\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-mVRmUVrowOHhjcqtQ8eelw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ndate: Sun, 26 Oct 2025 07:04:45 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=4ztd7sqg1joa\u0026cd_fexp=72717108%2C73110181\u0026aqid=C8j9aOm8EsDMjuwP2eiZkAY\u0026psid=3259787283\u0026pbt=bv\u0026adbx=490\u0026adby=807.6500244140625\u0026adbh=17\u0026adbw=300\u0026adbn=slave-1-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=821662118\u0026csala=7%7C0%7C274%7C94%7C44\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:45.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:37:25 GMT","end":"Wed, 24 Dec 2025 14:37:24 GMT"},"fingerprint":{"sha1":"1C:60:96:F4:86:58:7B:06:EF:58:5E:19:61:E6:AA:DD:88:E8:B1:24","sha256":"13:CE:28:28:38:E7:D5:A3:98:9C:11:48:F1:F0:38:7C:61:90:9D:B8:F8:E6:D1:51:91:4B:3E:6E:44:FB:C5:DF"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=4ztd7sqg1joa\u0026cd_fexp=72717108%2C73110181\u0026aqid=C8j9aOm8EsDMjuwP2eiZkAY\u0026psid=3259787283\u0026pbt=bv\u0026adbx=490\u0026adby=807.6500244140625\u0026adbh=17\u0026adbw=300\u0026adbn=slave-1-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=821662118\u0026csala=7%7C0%7C274%7C94%7C44\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-pXWz1RspLt7SYZUOvCJ2bg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ndate: Sun, 26 Oct 2025 07:04:45 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"parking3.parklogic.com/page/enhance.js?pcId=1\u0026domain=earthheartsmith.top","fqdn":"parking3.parklogic.com","domain":"parklogic.com","tld":"com"},"ip":{"addr":"172.232.7.47","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:42.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enhance-lb01.parklogic.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Sep 2025 23:32:37 GMT","end":"Fri, 26 Dec 2025 23:32:36 GMT"},"fingerprint":{"sha1":"E4:B4:52:E3:8A:92:A3:76:06:60:BD:5B:7B:C4:F8:77:5D:4B:AE:6C","sha256":"52:70:EE:88:F9:99:66:53:99:78:C9:63:98:C2:04:D5:41:08:DD:C1:CD:AA:66:0C:3D:DC:AA:5B:B0:DD:2A:74"}}},"request":{"raw":"GET /page/enhance.js?pcId=1\u0026domain=earthheartsmith.top HTTP/1.1\r\nHost: parking3.parklogic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Oct 2025 07:04:43 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1617,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"46aa164554367bb49676742d04ba0019","sha1":"4771f63a2c90ab6041c842f7d5922b8e6baffce3","sha256":"b1f74d9affab7936cd764e30f085288ca9c7a58ae25f24e31b08e1a573635000","sha512":"7fd3766b9af48f01daff249c7e6c2ad3a25136ccfb991815eb7852080fe2839f9e19c219a0672d54048b68bb2ce834191362f75d1ea33e60ab55d735c929797c","ssdeep":"","tlshash":"e8310d4e596462b445b3202de20ba0106f3bc65a311de552ba6dca405f5fe2f8333add","first_seen":"2025-10-26T07:05:07.854199Z","last_seen":"2025-10-26T07:05:07.854199Z","times_seen":1,"resource_available":true,"data":null}},"time_used":554,"timings":{"blocked":222,"dns":1,"connect":106,"send":0,"wait":108,"receive":0,"ssl":115},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww1.earthheartsmith.top/search/tsc.php?ses=ogcRxs9DCnG4YCM5_DiAMWgtnGdK1C051V2_MdKYLnQd4gXolsoQP6A-5jktJYKUwfLKijgx79T4uWBZudg2JGVkHZd2FnmK1UYU8fIj6EKrdw1qQDIvTvOa2Tt_QihWpXD_gP6UL0M45euQf4S_E-Us6dqRHy_0inqrtUAlvHvbIPdlpSfIERRgHdq5ob2hARDGXZWw-Eh-tKpol2AQjU0QBfRYpUr-zaY4rS3Rgbiz4q9mrS-RPrq_02Fwg2mjJAGRhdRECE_L3MPvaAexPHf-irFDnCuDMc4SsTLjHbIti-p7EWh0wg1FB0sgksqvp7mFKbXfOBUUip78KaVgdyfqsYlYq3T601WPAZveZ85L5fBg0s6knDp7neHaA\u0026cv=2","fqdn":"ww1.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"64.190.63.136","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:43.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ww1.earthheartsmith.top","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"43:A0:4B:AA:A3:80:A7:D9:E5:5C:42:C2:19:61:B4:00:D4:EC:B8:C2","sha256":"D2:32:38:36:B9:F3:BB:10:F0:C2:8E:CA:EF:38:8F:05:D1:B4:F0:0B:0B:C1:DF:00:99:23:5B:F6:74:4D:6C:98"}}},"request":{"raw":"GET /search/tsc.php?ses=ogcRxs9DCnG4YCM5_DiAMWgtnGdK1C051V2_MdKYLnQd4gXolsoQP6A-5jktJYKUwfLKijgx79T4uWBZudg2JGVkHZd2FnmK1UYU8fIj6EKrdw1qQDIvTvOa2Tt_QihWpXD_gP6UL0M45euQf4S_E-Us6dqRHy_0inqrtUAlvHvbIPdlpSfIERRgHdq5ob2hARDGXZWw-Eh-tKpol2AQjU0QBfRYpUr-zaY4rS3Rgbiz4q9mrS-RPrq_02Fwg2mjJAGRhdRECE_L3MPvaAexPHf-irFDnCuDMc4SsTLjHbIti-p7EWh0wg1FB0sgksqvp7mFKbXfOBUUip78KaVgdyfqsYlYq3T601WPAZveZ85L5fBg0s6knDp7neHaA\u0026cv=2 HTTP/1.1\r\nHost: ww1.earthheartsmith.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sun, 26 Oct 2025 07:04:43 GMT\r\nserver: Parking/1.0\r\nx-cache-miss-from: parking-7fbf5fd67f-b2tzn\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ww1.earthheartsmith.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.sedoparking.com/templates/logos/sedo_logo.png","fqdn":"img.sedoparking.com","domain":"sedoparking.com","tld":"com"},"ip":{"addr":"205.234.175.175","port":443,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:43.239Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cachefly.net","organization":"Cachenetworks, LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 12 Nov 2024 20:01:06 GMT","end":"Sun, 14 Dec 2025 20:01:05 GMT"},"fingerprint":{"sha1":"E3:21:BF:A0:AC:70:6E:19:F1:83:A3:CB:83:F9:6F:0F:E0:46:F1:3C","sha256":"0D:FF:60:D6:18:60:C6:38:90:5D:DD:55:2E:87:EE:3A:E5:96:78:0B:5F:68:E8:88:AD:AE:1A:BF:51:59:94:83"}}},"request":{"raw":"GET /templates/logos/sedo_logo.png HTTP/1.1\r\nHost: img.sedoparking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Oct 2025 07:04:43 GMT\r\ncontent-type: image/png\r\ncontent-length: 15086\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800\r\nexpires: Sun, 02 Nov 2025 07:04:43 GMT\r\nx-cfhash: \"def00c11b1596db4efee6a9fbe64fc27\"\r\nx-cff: B\r\nlast-modified: Mon, 11 Jan 2021 07:44:34 GMT\r\nx-cf3: H\r\ncf4age: 0\r\nx-cf-tsc: 1729867994\r\ncf4ttl: 31536000.000\r\nx-cf2: H\r\nserver: CFS 1124\r\nx-cf-reqid: e47c0629e332476fea3ae5ee43cd1887\r\nx-cf1: 11696:fA.arn1:cf:nom:cacheN.arn1-01:H\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CacheFly","description":"CacheFly is a content delivery network (CDN) which offers CDN service that relies solely on IP anycast for routing, rather than DNS based global load balancing.","website":"https://www.cachefly.com","common_platform_enumeration":"","icon":"CacheFly.svg","categories":["CDN"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"def00c11b1596db4efee6a9fbe64fc27","sha1":"bd298981e6d8d7e4ffa18abcf687041f4246672d","sha256":"95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4","sha512":"c056e95dbfa1aab3a50dff18c6d577dbffea72c93316ffc53b6b7aa41dcc7707a810d563894589a7305de0b76610f88150b2034670de368773b2b356f14ad30f","ssdeep":"192:jiHSINqv0tJ30DezSfPAXTZwC3D2N2xp1Fd/ar/+zi3LHZNwkQH0iWpXDt3TN8rB:jzAnP9j","tlshash":"31623e0bfd4bc358ce50b23ae67c4bfb6361d8c1b090a7e257d9d51aafa7b014c9a011","first_seen":"2023-04-14T07:11:21Z","last_seen":"2026-04-04T16:46:27.320626Z","times_seen":220169,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"img.sedoparking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"parking3.parklogic.com/page/scribe.php?pcId=1\u0026domain=earthheartsmith.top\u0026aId=313\u0026pId=3026\u0026usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e\u0026query=null\u0026domainJs=ww1.earthheartsmith.top\u0026path=/\u0026ss=true\u0026lp=1\u0026tzB=UTC\u0026wd=false\u0026gpu=null","fqdn":"parking3.parklogic.com","domain":"parklogic.com","tld":"com"},"ip":{"addr":"172.232.7.47","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:43.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enhance-lb01.parklogic.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Sep 2025 23:32:37 GMT","end":"Fri, 26 Dec 2025 23:32:36 GMT"},"fingerprint":{"sha1":"E4:B4:52:E3:8A:92:A3:76:06:60:BD:5B:7B:C4:F8:77:5D:4B:AE:6C","sha256":"52:70:EE:88:F9:99:66:53:99:78:C9:63:98:C2:04:D5:41:08:DD:C1:CD:AA:66:0C:3D:DC:AA:5B:B0:DD:2A:74"}}},"request":{"raw":"GET /page/scribe.php?pcId=1\u0026domain=earthheartsmith.top\u0026aId=313\u0026pId=3026\u0026usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e\u0026query=null\u0026domainJs=ww1.earthheartsmith.top\u0026path=/\u0026ss=true\u0026lp=1\u0026tzB=UTC\u0026wd=false\u0026gpu=null HTTP/1.1\r\nHost: parking3.parklogic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ww1.earthheartsmith.top/\r\nOrigin: https://ww1.earthheartsmith.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Oct 2025 07:04:43 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":560,"timings":{"blocked":224,"dns":1,"connect":107,"send":0,"wait":108,"receive":0,"ssl":116},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gzeao.earthheartsmith.top/favicon.ico","fqdn":"gzeao.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://gzeao.earthheartsmith.top/","date":"2025-10-26T07:04:40.383Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gzeao.earthheartsmith.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://gzeao.earthheartsmith.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":3539,"timings":{"blocked":95,"dns":1725,"connect":1613,"send":1719,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"gzeao.earthheartsmith.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"router.parklogic.com/","fqdn":"router.parklogic.com","domain":"parklogic.com","tld":"com"},"ip":{"addr":"172.234.216.100","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://gzeao.earthheartsmith.top/","date":"2025-10-26T07:04:40.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"router-lb01.parklogic.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 08:20:02 GMT","end":"Wed, 26 Nov 2025 08:20:01 GMT"},"fingerprint":{"sha1":"3E:D5:12:73:BC:89:8A:A8:7C:34:59:63:38:1A:67:BE:5C:77:E8:0B","sha256":"74:75:91:EB:04:F9:6E:7F:12:E9:1B:A6:AE:E7:11:EB:E5:20:4C:AB:A1:48:E6:11:17:53:B8:AF:54:2D:AA:83"}}},"request":{"raw":"POST / HTTP/1.1\r\nHost: router.parklogic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 448\r\nOrigin: http://gzeao.earthheartsmith.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://gzeao.earthheartsmith.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Oct 2025 07:04:42 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":78,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"bfab3cfc655c4d10d9edc618829f1767","sha1":"8ac8e7e47ba42d61698bae2ac1866fbdb7e26790","sha256":"72fb3b62edd291dbae4992868929cec3be291962a7efdf3161d943112b0cef43","sha512":"1ff7d7d22113f96049bf47ce23f283493a880aea7e3c643922d5ea4c0453080fd672b3e0b9561636e6e97bdaf89b5aeac7a703cd30d9901c19b8dbf3ada934a2","ssdeep":"","tlshash":"0ba0240d0c0f35c0045740c011f0f4474dd4d075304d005fd0041404011411fddc0510","first_seen":"2025-10-26T07:05:07.85606Z","last_seen":"2025-10-26T07:05:07.85606Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1741,"timings":{"blocked":227,"dns":2,"connect":107,"send":0,"wait":1286,"receive":0,"ssl":115},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:42.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:35:29 GMT","end":"Wed, 24 Dec 2025 14:35:28 GMT"},"fingerprint":{"sha1":"3A:25:85:17:1F:EC:DB:36:25:21:AC:60:1E:FE:19:41:06:4D:BB:61","sha256":"12:E2:B9:FD:0A:C2:10:A5:CD:15:ED:F1:44:A2:48:77:21:A6:08:E1:BE:65:2A:06:2D:F3:8C:D3:95:D8:82:A5"}}},"request":{"raw":"GET /adsense/domains/caf.js?abp=1\u0026YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Sun, 26 Oct 2025 07:04:43 GMT\r\nexpires: Sun, 26 Oct 2025 07:04:43 GMT\r\ncache-control: private, max-age=3600\r\netag: \"9773243213719052755\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://syndicatedsearch.goog\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":159672,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2841)","md5":"072c1f92313a86c6974fceb453848e02","sha1":"608ab861288d6cd70e3492d24fd901019a5c3496","sha256":"095e3e9909d6a02cb4dfaa2a41a863bba1e819d636df43dafef1932ef2fbddd2","sha512":"1d9db25f6c958315d966f0a8e1bed44250b710b206640fa81f06732efcfdc75a951f5b290ccd3e514826fa13c65c54806fb26a1b4ff81e744f4b6a8701402212","ssdeep":"1536:dVsPYXEsIOcIB2VKlwYZWElir7GqWjW0km4D9FJ2VMsOQg6nXX8qW/KRWsC9okdo:F0kBYKKQ4D9qMFUXyV9okdxCoH4","tlshash":"4af34bcd73a1702243a394b4603f018fb139b865e84c89a4f199d9e87cb4da94277fbd","first_seen":"2025-10-22T16:42:01.670696Z","last_seen":"2025-10-29T14:15:31.349315Z","times_seen":1527,"resource_available":true,"data":null}},"time_used":323,"timings":{"blocked":144,"dns":1,"connect":22,"send":0,"wait":33,"receive":0,"ssl":121},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.sedoparking.com/templates/bg/arrows-curved.png","fqdn":"img.sedoparking.com","domain":"sedoparking.com","tld":"com"},"ip":{"addr":"205.234.175.175","port":443,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:42.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cachefly.net","organization":"Cachenetworks, LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 12 Nov 2024 20:01:06 GMT","end":"Sun, 14 Dec 2025 20:01:05 GMT"},"fingerprint":{"sha1":"E3:21:BF:A0:AC:70:6E:19:F1:83:A3:CB:83:F9:6F:0F:E0:46:F1:3C","sha256":"0D:FF:60:D6:18:60:C6:38:90:5D:DD:55:2E:87:EE:3A:E5:96:78:0B:5F:68:E8:88:AD:AE:1A:BF:51:59:94:83"}}},"request":{"raw":"GET /templates/bg/arrows-curved.png HTTP/1.1\r\nHost: img.sedoparking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Oct 2025 07:04:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 13502\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800\r\nexpires: Sun, 02 Nov 2025 07:04:42 GMT\r\nx-cfhash: \"107694ee1e94990d97b7e58651ffd6a0\"\r\nx-cff: B\r\nlast-modified: Tue, 12 Oct 2021 05:19:02 GMT\r\nx-cf3: H\r\ncf4age: 362\r\nx-cf-tsc: 1750436138\r\ncf4ttl: 31535638.000\r\nx-cf2: H\r\nserver: CFS 1124\r\nx-cf-reqid: ce7c2b1ed3152686ba8dbc444dabef78\r\nx-cf1: 11696:fA.arn1:cf:nom:cacheN.arn1-01:H\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CacheFly","description":"CacheFly is a content delivery network (CDN) which offers CDN service that relies solely on IP anycast for routing, rather than DNS based global load balancing.","website":"https://www.cachefly.com","common_platform_enumeration":"","icon":"CacheFly.svg","categories":["CDN"]}],"data":{"size":13502,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 413 x 594, 8-bit/color RGBA, non-interlaced","md5":"107694ee1e94990d97b7e58651ffd6a0","sha1":"7dd9ae7badf78be01ea0623df1e90171348716ff","sha256":"7aa2a3e9a9575a27f5593c3b0357423128c468a46ed20d284ce5a21555ee67bc","sha512":"5d695545e1516d28ca05933c88aec08ca324a61804bd662102a1eeb7a515ba543343ad24fda53aba329ae803f622664b29d5a3461bccbd264ec8950e8ca51002","ssdeep":"384:/mKXXNN5Jr7k18sA6pXsox1amFbraxPpkJ:euNN3r7SJZRGmgxPC","tlshash":"2c52c04825b019dc9f2252a9c51ea74c4ff6f5dc970960a83b1ab11cd375b7fca3822e","first_seen":"2023-05-01T18:29:40Z","last_seen":"2026-03-05T01:28:01.727223Z","times_seen":76686,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":37,"dns":1,"connect":7,"send":0,"wait":8,"receive":1,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"img.sedoparking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/ads?adsafe=low\u0026adtest=off\u0026psid=3259787283\u0026channel=exp-0051%2Cauxa-control-1%2C23197244\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fww1.earthheartsmith.top%2Fcaf%2F%3Fses%3DY3JlPTE3NjE0NjIyODImdGNpZD13dzEuZWFydGhoZWFydHNtaXRoLnRvcDY4ZmRjODBhYjNkYjg1LjYyNTAwNjY2JnRhc2s9c2VhcmNoJmRvbWFpbj1lYXJ0aGhlYXJ0c21pdGgudG9wJmFfaWQ9MyZzZXNzaW9uPXJPWjZTdUtGRi1rZngza3lpZ2Ru\u0026type=3\u0026swp=as-drid-2795522040535628\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C73110181\u0026format=r3%7Cs\u0026nocache=7861761462283140\u0026num=0\u0026output=afd_ads\u0026domain_name=ww1.earthheartsmith.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1761462283148\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=962\u0026frm=0\u0026uio=--\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=821662118\u0026rurl=https%3A%2F%2Fww1.earthheartsmith.top%2F%3Fusid%3D113%26utid%3Dbbf0907c142c27025ae85dab9268f47e\u0026referer=http%3A%2F%2Fgzeao.earthheartsmith.top%2F","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:43.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:37:25 GMT","end":"Wed, 24 Dec 2025 14:37:24 GMT"},"fingerprint":{"sha1":"1C:60:96:F4:86:58:7B:06:EF:58:5E:19:61:E6:AA:DD:88:E8:B1:24","sha256":"13:CE:28:28:38:E7:D5:A3:98:9C:11:48:F1:F0:38:7C:61:90:9D:B8:F8:E6:D1:51:91:4B:3E:6E:44:FB:C5:DF"}}},"request":{"raw":"GET /afs/ads?adsafe=low\u0026adtest=off\u0026psid=3259787283\u0026channel=exp-0051%2Cauxa-control-1%2C23197244\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fww1.earthheartsmith.top%2Fcaf%2F%3Fses%3DY3JlPTE3NjE0NjIyODImdGNpZD13dzEuZWFydGhoZWFydHNtaXRoLnRvcDY4ZmRjODBhYjNkYjg1LjYyNTAwNjY2JnRhc2s9c2VhcmNoJmRvbWFpbj1lYXJ0aGhlYXJ0c21pdGgudG9wJmFfaWQ9MyZzZXNzaW9uPXJPWjZTdUtGRi1rZngza3lpZ2Ru\u0026type=3\u0026swp=as-drid-2795522040535628\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C73110181\u0026format=r3%7Cs\u0026nocache=7861761462283140\u0026num=0\u0026output=afd_ads\u0026domain_name=ww1.earthheartsmith.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1761462283148\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=962\u0026frm=0\u0026uio=--\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=821662118\u0026rurl=https%3A%2F%2Fww1.earthheartsmith.top%2F%3Fusid%3D113%26utid%3Dbbf0907c142c27025ae85dab9268f47e\u0026referer=http%3A%2F%2Fgzeao.earthheartsmith.top%2F HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-disposition: inline\r\ndate: Sun, 26 Oct 2025 07:04:43 GMT\r\nexpires: Sun, 26 Oct 2025 07:04:43 GMT\r\ncache-control: private, max-age=3600\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Us87QcwE1q9IXkhh6S4jQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ncontent-encoding: br\r\nserver: gws\r\ncontent-length: 3221\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":14746,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (13907)","md5":"c23ee19c79035ea75210b53d33ad6f13","sha1":"34a27f5a30c6c565ee87e619d6d75af52fc4dd09","sha256":"1571fb162f47aa31569f9f361a3db2340f5fc0c3fa74e3b1bcde5504bd7a0baf","sha512":"fe0f4df9f663a43bf0a1b3b5db552c895e285607c9a266fa93cc1890e9aaa98ff71a3379846fa614bf2b0f6f46d4b032b4a170e7fbad710dc71a0ed9eb507e5f","ssdeep":"192:GE12iMpgbkzMBhsViWrMWEExE07h2ekD2:Gni0gssQER07/kD2","tlshash":"9562753764a6272905039c541b266f6ed181d43ac46b31f948f35f21c7ebf828fe228e","first_seen":"2025-10-26T07:05:07.858329Z","last_seen":"2025-10-26T07:05:07.858329Z","times_seen":1,"resource_available":false,"data":null}},"time_used":323,"timings":{"blocked":91,"dns":1,"connect":7,"send":0,"wait":139,"receive":1,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/adsense/domains/caf.js","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://syndicatedsearch.goog/afs/ads?adsafe=low\u0026adtest=off\u0026psid=3259787283\u0026channel=exp-0051%2Cauxa-control-1%2C23197244\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fww1.earthheartsmith.top%2Fcaf%2F%3Fses%3DY3JlPTE3NjE0NjIyODImdGNpZD13dzEuZWFydGhoZWFydHNtaXRoLnRvcDY4ZmRjODBhYjNkYjg1LjYyNTAwNjY2JnRhc2s9c2VhcmNoJmRvbWFpbj1lYXJ0aGhlYXJ0c21pdGgudG9wJmFfaWQ9MyZzZXNzaW9uPXJPWjZTdUtGRi1rZngza3lpZ2Ru\u0026type=3\u0026swp=as-drid-2795522040535628\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C73110181\u0026format=r3%7Cs\u0026nocache=7861761462283140\u0026num=0\u0026output=afd_ads\u0026domain_name=ww1.earthheartsmith.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1761462283148\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=962\u0026frm=0\u0026uio=--\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=821662118\u0026rurl=https%3A%2F%2Fww1.earthheartsmith.top%2F%3Fusid%3D113%26utid%3Dbbf0907c142c27025ae85dab9268f47e\u0026referer=http%3A%2F%2Fgzeao.earthheartsmith.top%2F","date":"2025-10-26T07:04:43.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:37:25 GMT","end":"Wed, 24 Dec 2025 14:37:24 GMT"},"fingerprint":{"sha1":"1C:60:96:F4:86:58:7B:06:EF:58:5E:19:61:E6:AA:DD:88:E8:B1:24","sha256":"13:CE:28:28:38:E7:D5:A3:98:9C:11:48:F1:F0:38:7C:61:90:9D:B8:F8:E6:D1:51:91:4B:3E:6E:44:FB:C5:DF"}}},"request":{"raw":"GET /adsense/domains/caf.js HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Sun, 26 Oct 2025 07:04:43 GMT\r\nexpires: Sun, 26 Oct 2025 07:04:43 GMT\r\ncache-control: private, max-age=3600\r\netag: \"8683277594576899921\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://syndicatedsearch.goog\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":159679,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2841)","md5":"ae568e02c2510f0b6165a253148a4c26","sha1":"a6e006c6b3cdb5e2683b6a8ef51a49db69da6521","sha256":"92087711702c49e8955e04dac6bdb534558775588df37e0f65e0f0d0749304a4","sha512":"dd0dd1e17b3a7d72d41eab604cdc477949adbbccd969eebb81baf1b4fdc907a43f3454daffa8c81b62323167b40dd2fd90cb0ec55e09725872b6bba2bbc7074c","ssdeep":"1536:9VsPYXEsIOcIB2VKlwYZWElir7GqWjW0km4D9FJ2VMsOQg6nXX8qW/KRWsC9okdo:l0kBYKKQ4D9qMFUXyV9okdxCoH4","tlshash":"f8f34bdd73a1702243a394b4603f018fb139b865e84c89a4f199d9e87cb4da94277fbd","first_seen":"2025-10-21T17:13:33.38863Z","last_seen":"2025-10-28T13:21:42.234712Z","times_seen":1065,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":35,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.74.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://syndicatedsearch.goog/afs/ads?adsafe=low\u0026adtest=off\u0026psid=3259787283\u0026channel=exp-0051%2Cauxa-control-1%2C23197244\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fww1.earthheartsmith.top%2Fcaf%2F%3Fses%3DY3JlPTE3NjE0NjIyODImdGNpZD13dzEuZWFydGhoZWFydHNtaXRoLnRvcDY4ZmRjODBhYjNkYjg1LjYyNTAwNjY2JnRhc2s9c2VhcmNoJmRvbWFpbj1lYXJ0aGhlYXJ0c21pdGgudG9wJmFfaWQ9MyZzZXNzaW9uPXJPWjZTdUtGRi1rZngza3lpZ2Ru\u0026type=3\u0026swp=as-drid-2795522040535628\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C73110181\u0026format=r3%7Cs\u0026nocache=7861761462283140\u0026num=0\u0026output=afd_ads\u0026domain_name=ww1.earthheartsmith.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1761462283148\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=962\u0026frm=0\u0026uio=--\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=821662118\u0026rurl=https%3A%2F%2Fww1.earthheartsmith.top%2F%3Fusid%3D113%26utid%3Dbbf0907c142c27025ae85dab9268f47e\u0026referer=http%3A%2F%2Fgzeao.earthheartsmith.top%2F","date":"2025-10-26T07:04:43.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:33:53 GMT","end":"Wed, 24 Dec 2025 14:33:52 GMT"},"fingerprint":{"sha1":"DD:9F:C9:E5:86:0D:58:3C:A2:54:E5:B3:6A:85:3A:67:2E:6B:01:32","sha256":"70:67:CB:37:75:D4:DC:75:3D:35:D0:E5:15:E0:5B:7E:12:75:F1:AA:1D:A5:3E:0B:52:C8:17:7C:4E:49:44:01"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 174\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 25 Oct 2025 14:31:36 GMT\r\nexpires: Sun, 26 Oct 2025 13:31:36 GMT\r\ncache-control: public, max-age=82800\r\nage: 59587\r\nlast-modified: Thu, 02 Nov 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":200,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"11b3089d616633ca6b73b57aa877eeb4","sha1":"07632f63e06b30d9b63c97177d3a8122629bda9b","sha256":"809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1","sha512":"079b0e35b479dfdbe64a987661000f4a034b10688e26f2a5fe6aaa807e81ccc5593d40609b731ab3340e687d83dd08de4b8b1e01cdac9d4523a9f6bb3acfcba0","ssdeep":"","tlshash":"d9d02291c2182d28441e82e0c37c312600fab0a2634c00dcfa80e300b20c9abb861669","first_seen":"2023-04-06T23:53:06Z","last_seen":"2026-04-01T02:57:50.32115Z","times_seen":412182,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":96,"dns":0,"connect":20,"send":0,"wait":21,"receive":1,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gzeao.earthheartsmith.top/","fqdn":"gzeao.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"172.237.146.25","port":80,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T07:04:40.079Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: gzeao.earthheartsmith.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 07:04:40 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-CH: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64\r\nPermissions-Policy: ch-ua=(self \"https://*.parklogic.com\"), ch-ua-arch=(self \"https://*.parklogic.com\"), ch-ua-bitness=(self \"https://*.parklogic.com\"), ch-ua-full-version=(self \"https://*.parklogic.com\"), ch-ua-full-version-list=(self \"https://*.parklogic.com\"), ch-ua-mobile=(self \"https://*.parklogic.com\"), ch-ua-model=(self \"https://*.parklogic.com\"), ch-ua-platform=(self \"https://*.parklogic.com\"), ch-ua-platform-version=(self \"https://*.parklogic.com\"), ch-ua-wow64=(self \"https://*.parklogic.com\")\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4422,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (4422), with no line terminators","md5":"61e0ea5fef63801261bf11507a1e1511","sha1":"d95d74b52224824860b1c605fe3dca4b186d6d1c","sha256":"33d399deb8fbb94cdd14c426c6e1f4f38377eaef4305cc91e0cabc57c8798023","sha512":"7126b5ad79ab01be68e62da8ee74c0f9fd3fffc431711a26f41b09a29534e022c7540a25506eb24c3b4cd26738132a1efaf3bc000fcb4ac6ae681c4c46a52ed3","ssdeep":"96:nItDJYtoAJS8ffKH1NPIX4rDIcQ0ucq4o5nZQt+S5I7BmaL:IVJYtoA1ffqzr/IcQ0ybepmoaL","tlshash":"a2910772b786307d4be510aaa47b9718763e9214350b4032e7adfcd13c20a9f50c6e9a","first_seen":"2025-10-26T07:05:07.860569Z","last_seen":"2025-10-26T07:05:07.860569Z","times_seen":1,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":94,"dns":1,"connect":105,"send":0,"wait":118,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T07:04:40Z","timestamp":1761462280,"ip_dst":{"addr":"172.237.146.25","port":80,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.5","port":56898,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-10-26T07:04:40.290882+0000\",\"flow_id\":247127184247435,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":56898,\"dest_ip\":\"172.237.146.25\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"gzeao.earthheartsmith.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":536},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":3566,\"start\":\"2025-10-26T07:04:40.068235+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"gzeao.earthheartsmith.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=y3dwqf8lbze\u0026cd_fexp=72717108%2C73110181\u0026aqid=C8j9aOm8EsDMjuwP2eiZkAY\u0026psid=3259787283\u0026pbt=bs\u0026adbx=392\u0026adby=134.64999389648438\u0026adbh=533\u0026adbw=496\u0026adbah=171%2C171%2C171\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=821662118\u0026csala=17%7C0%7C264%7C94%7C44\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:45.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:37:25 GMT","end":"Wed, 24 Dec 2025 14:37:24 GMT"},"fingerprint":{"sha1":"1C:60:96:F4:86:58:7B:06:EF:58:5E:19:61:E6:AA:DD:88:E8:B1:24","sha256":"13:CE:28:28:38:E7:D5:A3:98:9C:11:48:F1:F0:38:7C:61:90:9D:B8:F8:E6:D1:51:91:4B:3E:6E:44:FB:C5:DF"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=y3dwqf8lbze\u0026cd_fexp=72717108%2C73110181\u0026aqid=C8j9aOm8EsDMjuwP2eiZkAY\u0026psid=3259787283\u0026pbt=bs\u0026adbx=392\u0026adby=134.64999389648438\u0026adbh=533\u0026adbw=496\u0026adbah=171%2C171%2C171\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=821662118\u0026csala=17%7C0%7C264%7C94%7C44\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-0Teb1TzpynRdkj8sL0eXJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ndate: Sun, 26 Oct 2025 07:04:45 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=w0mmq3pdlrs2\u0026cd_fexp=72717108%2C73110181\u0026aqid=C8j9aOm8EsDMjuwP2eiZkAY\u0026psid=3259787283\u0026pbt=bv\u0026adbx=392\u0026adby=134.64999389648438\u0026adbh=533\u0026adbw=496\u0026adbah=171%2C171%2C171\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=821662118\u0026csala=17%7C0%7C264%7C94%7C44\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"216.58.207.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ww1.earthheartsmith.top/?usid=113\u0026utid=bbf0907c142c27025ae85dab9268f47e","date":"2025-10-26T07:04:45.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:37:25 GMT","end":"Wed, 24 Dec 2025 14:37:24 GMT"},"fingerprint":{"sha1":"1C:60:96:F4:86:58:7B:06:EF:58:5E:19:61:E6:AA:DD:88:E8:B1:24","sha256":"13:CE:28:28:38:E7:D5:A3:98:9C:11:48:F1:F0:38:7C:61:90:9D:B8:F8:E6:D1:51:91:4B:3E:6E:44:FB:C5:DF"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=w0mmq3pdlrs2\u0026cd_fexp=72717108%2C73110181\u0026aqid=C8j9aOm8EsDMjuwP2eiZkAY\u0026psid=3259787283\u0026pbt=bv\u0026adbx=392\u0026adby=134.64999389648438\u0026adbh=533\u0026adbw=496\u0026adbah=171%2C171%2C171\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=821662118\u0026csala=17%7C0%7C264%7C94%7C44\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ww1.earthheartsmith.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-JTer66BlqSkDsfhNS1Idmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ndate: Sun, 26 Oct 2025 07:04:45 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gzeao.earthheartsmith.top/","fqdn":"gzeao.earthheartsmith.top","domain":"earthheartsmith.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T07:04:39.573Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: gzeao.earthheartsmith.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":461,"timings":{"blocked":0,"dns":239,"connect":108,"send":0,"wait":0,"receive":0,"ssl":112},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T07:04:40Z","timestamp":1761462280,"ip_dst":{"addr":"172.237.146.25","port":80,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.5","port":56898,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-10-26T07:04:40.290882+0000\",\"flow_id\":247127184247435,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":56898,\"dest_ip\":\"172.237.146.25\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"gzeao.earthheartsmith.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":536},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":3566,\"start\":\"2025-10-26T07:04:40.068235+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"gzeao.earthheartsmith.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}