{"report_id":"86b869bd-3292-4e28-a7ae-4bcd88f9651b","version":6,"status":"done","tags":[],"date":"2023-12-04T06:38:25Z","url":{"schema":"http","addr":"one.timespace.top/","fqdn":"one.timespace.top","domain":"timespace.top","tld":"top"},"ip":{"addr":"91.195.240.12","port":0,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"http","addr":"one.timespace.top/","fqdn":"one.timespace.top","domain":"timespace.top","tld":"top"},"title":"timespace.top - timespace Ressurser og informasjon"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T09:14:36Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"one.timespace.top","ip":{"addr":"91.195.240.12","port":0,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2022-11-29 08:18:28","last_seen":"2022-12-02 08:29:57","alert_count":2,"request_count":3,"received_data":15563,"sent_data":1166,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img.sedoparking.com","ip":{"addr":"205.234.175.175","port":80,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"domain_registered":"2001-09-18","domain_rank":54200,"first_seen":"2013-04-23 00:23:29","last_seen":"2023-12-03 05:09:44","alert_count":0,"request_count":2,"received_data":98393,"sent_data":759,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.com","ip":{"addr":"216.58.207.228","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":7,"first_seen":"2015-05-10 13:11:19","last_seen":"2023-11-19 18:48:38","alert_count":0,"request_count":5,"received_data":116657,"sent_data":3541,"comment":"","tags":null,"fingerprints":null},{"fqdn":"afs.googleusercontent.com","ip":{"addr":"142.250.74.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-11-17","domain_rank":12123,"first_seen":"2013-05-06 21:11:00","last_seen":"2023-12-03 05:09:45","alert_count":0,"request_count":2,"received_data":2088,"sent_data":987,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T06:38:13Z","timestamp":1701671893,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":39517,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query to a *.top domain - Likely Hostile","source":"{\"timestamp\":\"2023-12-04T06:38:13.701351+0000\",\"flow_id\":190805865509799,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.173\",\"src_port\":39517,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023883,\"rev\":4,\"signature\":\"ET DNS Query to a *.top domain - Likely Hostile\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_09_15\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":21235,\"rrname\":\"one.timespace.top\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":88,\"bytes_toclient\":0,\"start\":\"2023-12-04T06:38:13.701351+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T06:38:16Z","timestamp":1701671896,"ip_dst":{"addr":"91.195.240.12","port":80,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":37396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2023-12-04T06:38:16.908901+0000\",\"flow_id\":1989911831427810,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.173\",\"src_port\":37396,\"dest_ip\":\"91.195.240.12\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_08_20\"]}},\"http\":{\"hostname\":\"one.timespace.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":774},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":554,\"bytes_toclient\":1654,\"start\":\"2023-12-04T06:38:16.703202+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"one.timespace.top/","fqdn":"one.timespace.top","domain":"timespace.top","tld":"top"},"ip":{"addr":"91.195.240.12","port":0,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"374086d6b5875f3df8a6408eb3030d67","sha1":"53e741481bbd013386add615eb3a66c02d0a8b33","sha256":"fa4b765bbb4ec222f72dfa52f3aff3515252178d97dbe8303f0c7e612e39c2ae","sha512":"92a5cdd8d6ca02c4d5be59f042f4603a8629ed2c428006d4f2ced6f96163511abb18695e24b8593ebda770531e82b287bae899dd7ed90567a0560c76640afdfe","ssdeep":"","tlshash":"c351b42d57420e769914afc8e80639058b4ca2d37b60a89ed1cb1dde03cfdce20493e7","size":2941,"data":"","first_seen":"2024-08-20T16:51:11.176865Z","last_seen":"2024-08-20T16:51:11.176865Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T06:38:16Z","timestamp":1701671896,"ip_dst":{"addr":"91.195.240.12","port":80,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"10.70.215.173","port":37396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2023-12-04T06:38:16.908901+0000\",\"flow_id\":1989911831427810,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.173\",\"src_port\":37396,\"dest_ip\":\"91.195.240.12\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_08_20\"]}},\"http\":{\"hostname\":\"one.timespace.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":774},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":554,\"bytes_toclient\":1654,\"start\":\"2023-12-04T06:38:16.703202+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"one.timespace.top/","fqdn":"one.timespace.top","domain":"timespace.top","tld":"top"},"ip":{"addr":"91.195.240.12","port":0,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"026990f9cb8f13393fa1eb1607e897aa","sha1":"fd6f6ea2cec26c66f1da131258fd2ca2e763eb6b","sha256":"5c6f593586bc2ab2432a9fbf59b7760231b7737917b7a56a92b2f9ee1ee2c1d5","sha512":"4faf3873e046bcdc1fd956fbca99e1ec7b95bdf60d6d17fbbc0f12d0497e9bc765a276cfc9a089d12f6b60e0913f58448e76fb6fcbc786729317b35c55d84000","ssdeep":"","tlshash":"d7f00cb13ab0030ad632eb2bf1e611917e6ce153c041f96271be90200bcc92647a0ba6","size":622,"data":"","first_seen":"2023-03-13T06:55:33Z","last_seen":"2026-01-19T10:34:20.306514Z","times_seen":13892,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T06:38:16Z","timestamp":1701671896,"ip_dst":{"addr":"91.195.240.12","port":80,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"10.70.215.173","port":37396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2023-12-04T06:38:16.908901+0000\",\"flow_id\":1989911831427810,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.173\",\"src_port\":37396,\"dest_ip\":\"91.195.240.12\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_08_20\"]}},\"http\":{\"hostname\":\"one.timespace.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":774},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":554,\"bytes_toclient\":1654,\"start\":\"2023-12-04T06:38:16.703202+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=http%3A%2F%2Fone.timespace.top%2Fcaf%2F%3Fses%3DY3JlPTE3MDE2NzE4OTQmdGNpZD1vbmUudGltZXNwYWNlLnRvcDY1NmQ3M2Q2MWRlZjQ5LjA3Mjk5NTAyJnRhc2s9c2VhcmNoJmRvbWFpbj10aW1lc3BhY2UudG9wJmFfaWQ9MyZzZXNzaW9uPS1GQXlUQ1dfUFZ3eXRtUmJ2blIz\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301157\u0026format=r6\u0026nocache=6411701671899844\u0026num=0\u0026output=afd_ads\u0026domain_name=one.timespace.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701671899846\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1043\u0026frm=0\u0026cl=579967862\u0026uio=-\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=http%3A%2F%2Fone.timespace.top%2F","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.228","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"dfab42a3f3f8d6c09a8b848e6b2e70e8","sha1":"b7e0e454c4f5e7726f6e1ae702edcf085a81cb82","sha256":"33651e88f7573801dec33ea65323fb0401e47b9807bde18ecb43cb5937608dc6","sha512":"627bb5fe7622644b99a02f69e62c2c3ed8bc0aa98349303e2aad0a9ddf30b55d1779cc064ca3a8aca6d4cb4ea70b71b02e8c4359772bf019b8630de58dbfa2bf","ssdeep":"","tlshash":"2d019e961c6812b2ed674126289f3f925cad143512973185a45ea8e920bdecf61190eb","size":672,"data":"","first_seen":"2024-08-20T16:51:11.17835Z","last_seen":"2024-08-20T16:51:11.17835Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.228","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9936326b99d390a8db3297e3ef06b08f","sha1":"65a7954dcffefe28444eb367c8a3ed1f636318bd","sha256":"4445c2b418767ae76cab2ee7edbe1e6d78d535a90e04fdee5b50205a1991856b","sha512":"6b7ae1d50ea2b4849291ddaa06a61a3791e0445dee5b41128daa5803a9803a0962db2752fe0e6953c882337eb26c5533162c9b3dc97364162ac815db2ef716b0","ssdeep":"1536:RrPOSj873QtAPyqqf/2uYgMjaitiKc1CPEU6i5QI+/F2R26i57VlcZ6gCzUIomHx:I2sAU5QI+t2RqB+Z+Umpa+NilYtN","tlshash":"05e35b9a7761302663a354f4603f028fb23ab959e84885f4f194d4e47cb8da91237fbd","size":149574,"data":"","first_seen":"2023-11-09T20:01:28Z","last_seen":"2023-12-07T21:19:16Z","times_seen":454,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"one.timespace.top/","fqdn":"one.timespace.top","domain":"timespace.top","tld":"top"},"ip":{"addr":"91.195.240.12","port":0,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"ea441a4ad9bf148e5d8180a531b57c2b","sha1":"f825c0d4c39d7f50bc74188a695903ba8cb5ef20","sha256":"50cc8ac8f50cdef0641f8c14ac12268a1930df9781ecf751d4d10aa1a3b772f5","sha512":"ebc54c34a180c11ade08817f9600011da80bd3a5d3b71d853c3ae91bf9d406a3e86333199bf69378c97f191d130414024798dd634a54fc23eb3d301a6c2a97b8","ssdeep":"96:jQIHrUsXy9Cp1OuKfIqT1M6BXXjgXnB9qPs7Kn4uSnx73CUnKVGSrbH:zrUs2nDxQqPCXuIRIESrbH","tlshash":"20b184733155347949ff0745206f1f14b27ee8623608b419b028b7e82bebc5744dbb6a","size":5458,"data":"","first_seen":"2023-03-07T01:02:15Z","last_seen":"2024-08-21T09:43:47.501663Z","times_seen":9041,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T06:38:16Z","timestamp":1701671896,"ip_dst":{"addr":"91.195.240.12","port":80,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"10.70.215.173","port":37396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2023-12-04T06:38:16.908901+0000\",\"flow_id\":1989911831427810,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.173\",\"src_port\":37396,\"dest_ip\":\"91.195.240.12\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_08_20\"]}},\"http\":{\"hostname\":\"one.timespace.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":774},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":554,\"bytes_toclient\":1654,\"start\":\"2023-12-04T06:38:16.703202+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.google.com/adsense/domains/caf.js","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.228","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8a76c49bbeb49fa874cb415fe2b10d0c","sha1":"76de9796dbe01e64d77fccd00d0b19cf382493b8","sha256":"a1f85a8b9c0ae7e01a01780b44c447ebbadb5d856c6ff826e2cd9fe19f15135f","sha512":"5d8b69505a03617366958eeee4da4f70e2bc899d9456a83cd255c6f9272f443862c7eadccb714e720b6dffc71149015b10ceed3c65136b63592b3de3ce820dc8","ssdeep":"","tlshash":"","size":149590,"data":"","first_seen":"2023-11-09T14:10:05Z","last_seen":"2024-08-20T20:17:02.629141Z","times_seen":2217,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"one.timespace.top/","fqdn":"one.timespace.top","domain":"timespace.top","tld":"top"},"ip":{"addr":"91.195.240.12","port":0,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-04T06:38:13.720Z","timestamp":1701671893720,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: one.timespace.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 04 Dec 2023 06:38:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ntransfer-encoding: chunked\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/8.1.17\r\nexpires: Mon, 26 Jul 1997 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nx-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_b1Kv2cPASbNYtddNC9plVAb9TjO0rflJ5jWEyijr8A9CcoLG9Iiiim2hddfc/er6ARRVbynRs4QL6TKSS2Yu7w==\r\nlast-modified: Mon, 04 Dec 2023 06:38:11 GMT\r\nx-cache-miss-from: parking-698fb476bf-g877q\r\nserver: NginX\r\ncontent-encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":6987,"size_decoded":0,"mime_type":"","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9763)","md5":"324e606a7eba5b195812e1f2a96fa40f","sha1":"bc4a9c2005526602387ccbf816b34fd5bbae3746","sha256":"be72a0d72115348bc34a438121400ebc0a371b41ab1db4840d6b6499d223f9e7","sha512":"5c3900448d8c79a57a31112163c9f62d8df6386c6d3afd1572feb1ea4f8b98ff3eaa6cf290b0b4967922ae657a1461fec70997b1e51f73a3cbc88e4028070e50","ssdeep":"384:5iXe/a3kL6V42jw01iPPiiLvuWqStqSjr2qSkgulFeBXumraFSuIRIESrbO:5i6a0L6CjHiiPHN2LulFeBXuqGSuIOEl","tlshash":"3aa2e8326b842479b1b78a1db191bb55bb24c913d90569a5f06cf3b4cfcbc8712d2f0a","first_seen":"2023-12-04T07:38:41Z","last_seen":"2023-12-04T07:38:41Z","times_seen":1,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":31,"send":0,"wait":0,"receive":0,"ssl":-1},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T06:38:16Z","timestamp":1701671896,"ip_dst":{"addr":"91.195.240.12","port":80,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"10.70.215.173","port":37396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2023-12-04T06:38:16.908901+0000\",\"flow_id\":1989911831427810,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.173\",\"src_port\":37396,\"dest_ip\":\"91.195.240.12\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_08_20\"]}},\"http\":{\"hostname\":\"one.timespace.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":774},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":554,\"bytes_toclient\":1654,\"start\":\"2023-12-04T06:38:16.703202+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"one.timespace.top/","fqdn":"one.timespace.top","domain":"timespace.top","tld":"top"},"ip":{"addr":"91.195.240.12","port":0,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-04T06:38:13.720Z","timestamp":1701671893720,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: one.timespace.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 04 Dec 2023 06:38:14 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ntransfer-encoding: chunked\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/8.1.17\r\nexpires: Mon, 26 Jul 1997 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nx-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_b1Kv2cPASbNYtddNC9plVAb9TjO0rflJ5jWEyijr8A9CcoLG9Iiiim2hddfc/er6ARRVbynRs4QL6TKSS2Yu7w==\r\nlast-modified: Mon, 04 Dec 2023 06:38:11 GMT\r\nx-cache-miss-from: parking-698fb476bf-6x2qm\r\nserver: NginX\r\ncontent-encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":7033,"size_decoded":0,"mime_type":"","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9763)","md5":"3043ffde5883a7195203a58f948c5b52","sha1":"df652402337a052d7e34d3297c68911dfe4b0e56","sha256":"5b4e8d45f44fd4927b7efceafe94b6b9ef183fe23e974dba6daa3d33f0ddfe5a","sha512":"7693e7041b555fc19745d9d32a50536375c97dc499c6c7ea799ae8088c68400de5204f78052a900bc2b1eeba1fbbb98af72f2cbddef3c11ccb90945650e17a32","ssdeep":"384:5iXe/a3kL6V42jw01iPPiiLvaajauwwaNgulFeBXumraFSuIRIESrbO:5i6a0L6CjHii2+ulFeBXuqGSuIOESPO","tlshash":"4aa2f8326b442539b1b78b1db191bb15b720c913d90569a9f06ce3b8cfcbc8712d2f4a","first_seen":"2023-12-04T07:38:41Z","last_seen":"2023-12-04T07:38:41Z","times_seen":1,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":31,"send":0,"wait":0,"receive":0,"ssl":-1},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T06:38:16Z","timestamp":1701671896,"ip_dst":{"addr":"91.195.240.12","port":80,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"10.70.215.173","port":37396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2023-12-04T06:38:16.908901+0000\",\"flow_id\":1989911831427810,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.173\",\"src_port\":37396,\"dest_ip\":\"91.195.240.12\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_08_20\"]}},\"http\":{\"hostname\":\"one.timespace.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":774},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":554,\"bytes_toclient\":1654,\"start\":\"2023-12-04T06:38:16.703202+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img.sedoparking.com/templates/bg/arrows-1-colors-3.png","fqdn":"img.sedoparking.com","domain":"sedoparking.com","tld":"com"},"ip":{"addr":"205.234.175.175","port":80,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://one.timespace.top/","date":"2023-12-04T06:38:19.771Z","timestamp":1701671899771,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /templates/bg/arrows-1-colors-3.png HTTP/1.1\r\nHost: img.sedoparking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://one.timespace.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 04 Dec 2023 06:38:14 GMT\r\nContent-Type: image/png\r\nContent-Length: 82231\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=604800\r\nExpires: Mon, 11 Dec 2023 06:38:14 GMT\r\nX-CFHash: \"b68c0210cadb1e12efc4557d7e49e48e\"\r\nX-CFF: B\r\nLast-Modified: Wed, 22 Apr 2020 09:38:21 GMT\r\nX-CF3: H\r\nCF4Age: 223755\r\nx-cf-tsc: 1701583899\r\nCF4ttl: 31312244.000\r\nX-CF2: H\r\nServer: CFS 1124\r\nX-CF-ReqID: c05ceb7dec98f5837eb06b9bbc949efe\r\nX-CF1: 11696:fB.arn1:cf:cacheN.arn1-01:H\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":82231,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 3024 x 2000, 8-bit/color RGBA, non-interlaced\\012- data","md5":"b68c0210cadb1e12efc4557d7e49e48e","sha1":"ad24ed2b2d5d166d07fbf0680693c88fb56fcb4b","sha256":"e7ff091c85669b175de49d629d7d77bd20cd08d2c16ae74deef2ab06aec5854d","sha512":"08f54e954e1e3bfa566cbb5783f54a500490f41c60005b1a0145fa51571833d954cb4d692a6da78bd4e59e10c03f4780f68619618e2056a34af1d0529427da94","ssdeep":"1536:lNNF5dc3RlXaayiiOxIAjNaFS3k2bYwtaThZE6EbWDi:ZF58RlKoi8RF/bYwtaTQjam","tlshash":"9883e002e9cb0dd3e9dcc9b9dc29af48777541b514528fc7c7b98223dcb52e1a2258a3","first_seen":"2023-04-07T10:24:35Z","last_seen":"2026-05-09T19:16:54.63119Z","times_seen":18809,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":9,"dns":2,"connect":7,"send":0,"wait":8,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.228","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=http%3A%2F%2Fone.timespace.top%2Fcaf%2F%3Fses%3DY3JlPTE3MDE2NzE4OTQmdGNpZD1vbmUudGltZXNwYWNlLnRvcDY1NmQ3M2Q2MWRlZjQ5LjA3Mjk5NTAyJnRhc2s9c2VhcmNoJmRvbWFpbj10aW1lc3BhY2UudG9wJmFfaWQ9MyZzZXNzaW9uPS1GQXlUQ1dfUFZ3eXRtUmJ2blIz\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301157\u0026format=r6\u0026nocache=6411701671899844\u0026num=0\u0026output=afd_ads\u0026domain_name=one.timespace.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701671899846\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1043\u0026frm=0\u0026cl=579967862\u0026uio=-\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=http%3A%2F%2Fone.timespace.top%2F","date":"2023-12-04T06:38:20.184Z","timestamp":1701671900184,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /adsense/domains/caf.js HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://one.timespace.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Type: text/javascript; charset=UTF-8\r\nContent-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui\r\nCross-Origin-Resource-Policy: cross-origin\r\nCross-Origin-Opener-Policy: same-origin; report-to=\"ads-afs-ui\"\r\nReport-To: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\nDate: Mon, 04 Dec 2023 06:38:14 GMT\r\nExpires: Mon, 04 Dec 2023 06:38:14 GMT\r\nCache-Control: private, max-age=3600\r\nETag: \"3100330882123301848\"\r\nX-Content-Type-Options: nosniff\r\nLink: \u003chttps://www.adsensecustomsearchads.com\u003e; rel=\"preconnect\"\r\nContent-Encoding: gzip\r\nTransfer-Encoding: chunked\r\nServer: sffe\r\nX-XSS-Protection: 0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":54355,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (1888)","md5":"8a76c49bbeb49fa874cb415fe2b10d0c","sha1":"76de9796dbe01e64d77fccd00d0b19cf382493b8","sha256":"a1f85a8b9c0ae7e01a01780b44c447ebbadb5d856c6ff826e2cd9fe19f15135f","sha512":"5d8b69505a03617366958eeee4da4f70e2bc899d9456a83cd255c6f9272f443862c7eadccb714e720b6dffc71149015b10ceed3c65136b63592b3de3ce820dc8","ssdeep":"","tlshash":"","first_seen":"2023-11-09T14:10:05Z","last_seen":"2024-08-20T20:17:02.629141Z","times_seen":2217,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"one.timespace.top/search/tsc.php?200=NTYxOTUzMTA2\u002621=OTEuOTAuNDIuMTU0\u0026681=MTcwMTY3MTg5NGUwNGM1NzU3MjM5NjViN2Y5YWU3YWY3NDVjNTZhZWQ1\u0026crc=440210ff67daef1de77c17fc0ff5ae92b6e3cb36\u0026cv=1","fqdn":"one.timespace.top","domain":"timespace.top","tld":"top"},"ip":{"addr":"91.195.240.12","port":80,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://one.timespace.top/","date":"2023-12-04T06:38:19.866Z","timestamp":1701671899866,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /search/tsc.php?200=NTYxOTUzMTA2\u002621=OTEuOTAuNDIuMTU0\u0026681=MTcwMTY3MTg5NGUwNGM1NzU3MjM5NjViN2Y5YWU3YWY3NDVjNTZhZWQ1\u0026crc=440210ff67daef1de77c17fc0ff5ae92b6e3cb36\u0026cv=1 HTTP/1.1\r\nHost: one.timespace.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://one.timespace.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 04 Dec 2023 06:38:14 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nx-powered-by: PHP/8.1.17\r\nx-cache-miss-from: parking-698fb476bf-g877q\r\nserver: NginX\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img.sedoparking.com/templates/logos/sedo_logo.png","fqdn":"img.sedoparking.com","domain":"sedoparking.com","tld":"com"},"ip":{"addr":"205.234.175.175","port":80,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://one.timespace.top/","date":"2023-12-04T06:38:19.907Z","timestamp":1701671899907,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /templates/logos/sedo_logo.png HTTP/1.1\r\nHost: img.sedoparking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://one.timespace.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 04 Dec 2023 06:38:14 GMT\r\nContent-Type: image/png\r\nContent-Length: 15086\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=604800\r\nExpires: Mon, 11 Dec 2023 06:38:14 GMT\r\nX-CFHash: \"def00c11b1596db4efee6a9fbe64fc27\"\r\nX-CFF: B\r\nLast-Modified: Mon, 11 Jan 2021 07:44:34 GMT\r\nX-CF3: H\r\nCF4Age: 2436\r\nx-cf-tsc: 1701545420\r\nCF4ttl: 31533564.000\r\nX-CF2: H\r\nServer: CFS 1124\r\nX-CF-ReqID: 87bdc867eaf553c168c98bbdf799fd59\r\nX-CF1: 11696:fB.arn1:cf:cacheN.arn1-01:H\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\\012- data","md5":"def00c11b1596db4efee6a9fbe64fc27","sha1":"bd298981e6d8d7e4ffa18abcf687041f4246672d","sha256":"95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4","sha512":"c056e95dbfa1aab3a50dff18c6d577dbffea72c93316ffc53b6b7aa41dcc7707a810d563894589a7305de0b76610f88150b2034670de368773b2b356f14ad30f","ssdeep":"192:jiHSINqv0tJ30DezSfPAXTZwC3D2N2xp1Fd/ar/+zi3LHZNwkQH0iWpXDt3TN8rB:jzAnP9j","tlshash":"31623e0bfd4bc358ce50b23ae67c4bfb6361d8c1b090a7e257d9d51aafa7b014c9a011","first_seen":"2023-04-14T07:11:21Z","last_seen":"2026-05-13T14:30:51.661092Z","times_seen":230176,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=http%3A%2F%2Fone.timespace.top%2Fcaf%2F%3Fses%3DY3JlPTE3MDE2NzE4OTQmdGNpZD1vbmUudGltZXNwYWNlLnRvcDY1NmQ3M2Q2MWRlZjQ5LjA3Mjk5NTAyJnRhc2s9c2VhcmNoJmRvbWFpbj10aW1lc3BhY2UudG9wJmFfaWQ9MyZzZXNzaW9uPS1GQXlUQ1dfUFZ3eXRtUmJ2blIz\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301157\u0026format=r6\u0026nocache=6411701671899844\u0026num=0\u0026output=afd_ads\u0026domain_name=one.timespace.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701671899846\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1043\u0026frm=0\u0026cl=579967862\u0026uio=-\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=http%3A%2F%2Fone.timespace.top%2F","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.228","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://one.timespace.top/","date":"2023-12-04T06:38:19.860Z","timestamp":1701671899860,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:57 GMT","end":"Mon, 15 Jan 2024 11:24:56 GMT"},"fingerprint":{"sha1":"B0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1","sha256":"8E:7A:F4:2A:73:D7:C2:C9:1E:EC:59:1E:76:11:A4:E4:8D:03:F6:64:60:A2:8A:86:33:52:6B:1D:FE:19:FA:8D"}}},"request":{"raw":"GET /afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=http%3A%2F%2Fone.timespace.top%2Fcaf%2F%3Fses%3DY3JlPTE3MDE2NzE4OTQmdGNpZD1vbmUudGltZXNwYWNlLnRvcDY1NmQ3M2Q2MWRlZjQ5LjA3Mjk5NTAyJnRhc2s9c2VhcmNoJmRvbWFpbj10aW1lc3BhY2UudG9wJmFfaWQ9MyZzZXNzaW9uPS1GQXlUQ1dfUFZ3eXRtUmJ2blIz\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301157\u0026format=r6\u0026nocache=6411701671899844\u0026num=0\u0026output=afd_ads\u0026domain_name=one.timespace.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701671899846\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1043\u0026frm=0\u0026cl=579967862\u0026uio=-\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=http%3A%2F%2Fone.timespace.top%2F HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://one.timespace.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-disposition: inline\r\ndate: Mon, 04 Dec 2023 06:38:14 GMT\r\nexpires: Mon, 04 Dec 2023 06:38:14 GMT\r\ncache-control: private, max-age=3600\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-czLQ3qJsnG8wOK2_BNcVzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ncontent-encoding: br\r\nserver: gws\r\ncontent-length: 3137\r\nx-xss-protection: 0\r\nset-cookie: CONSENT=PENDING+988; expires=Wed, 03-Dec-2025 06:38:14 GMT; path=/; domain=.google.com; Secure\r\np3p: CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3137,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (20331)","md5":"22cbbf6dc19da7f264cb9f8b03050c54","sha1":"f5bab507586238d36ff3e84bb2fb885c84c41ec6","sha256":"ccadae6d327f64df6a71dc733f807c22e9b894a4716c412c7ba6b470065944b6","sha512":"62a529f0e32c6b4cdcd34284b5354ee9a43a82cc9278a000629e9d544cc01ed13f99bcd2f841997f8b676ba6848fccda27322f62442c5d60ecbf2c3dd99724ec","ssdeep":"192:GE12ikpBn1MMBhhVh7eN1snN10pbN1lN1l6N1WN16tt9sk2y:Gni8PhHBUX6tt9sk2y","tlshash":"c192113670a267290507ec54172a6f6dc185d43ac86f35e948e31f25c7e7f828be628e","first_seen":"2023-12-04T07:38:41Z","last_seen":"2023-12-04T07:38:41Z","times_seen":1,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":60,"dns":3,"connect":7,"send":0,"wait":79,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.74.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=http%3A%2F%2Fone.timespace.top%2Fcaf%2F%3Fses%3DY3JlPTE3MDE2NzE4OTQmdGNpZD1vbmUudGltZXNwYWNlLnRvcDY1NmQ3M2Q2MWRlZjQ5LjA3Mjk5NTAyJnRhc2s9c2VhcmNoJmRvbWFpbj10aW1lc3BhY2UudG9wJmFfaWQ9MyZzZXNzaW9uPS1GQXlUQ1dfUFZ3eXRtUmJ2blIz\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301157\u0026format=r6\u0026nocache=6411701671899844\u0026num=0\u0026output=afd_ads\u0026domain_name=one.timespace.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701671899846\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1043\u0026frm=0\u0026cl=579967862\u0026uio=-\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=http%3A%2F%2Fone.timespace.top%2F","date":"2023-12-04T06:38:20.418Z","timestamp":1701671900418,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:23:50 GMT","end":"Mon, 15 Jan 2024 11:23:49 GMT"},"fingerprint":{"sha1":"2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE","sha256":"40:92:8E:18:42:CF:E7:31:DB:E9:39:E6:0B:C6:BC:AE:B4:2F:20:21:CC:80:C5:E8:5F:34:DE:01:85:5C:78:F1"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.google.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 174\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 04 Dec 2023 02:49:01 GMT\r\nexpires: Tue, 05 Dec 2023 01:49:01 GMT\r\ncache-control: public, max-age=82800\r\nage: 13753\r\nlast-modified: Thu, 02 Nov 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":174,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- , ASCII text, with no line terminators","md5":"11b3089d616633ca6b73b57aa877eeb4","sha1":"07632f63e06b30d9b63c97177d3a8122629bda9b","sha256":"809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1","sha512":"079b0e35b479dfdbe64a987661000f4a034b10688e26f2a5fe6aaa807e81ccc5593d40609b731ab3340e687d83dd08de4b8b1e01cdac9d4523a9f6bb3acfcba0","ssdeep":"","tlshash":"d9d02291c2182d28441e82e0c37c312600fab0a2634c00dcfa80e300b20c9abb861669","first_seen":"2023-04-06T23:53:06Z","last_seen":"2026-05-03T22:11:49.614123Z","times_seen":412187,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":52,"dns":0,"connect":8,"send":0,"wait":9,"receive":1,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.74.97","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=http%3A%2F%2Fone.timespace.top%2Fcaf%2F%3Fses%3DY3JlPTE3MDE2NzE4OTQmdGNpZD1vbmUudGltZXNwYWNlLnRvcDY1NmQ3M2Q2MWRlZjQ5LjA3Mjk5NTAyJnRhc2s9c2VhcmNoJmRvbWFpbj10aW1lc3BhY2UudG9wJmFfaWQ9MyZzZXNzaW9uPS1GQXlUQ1dfUFZ3eXRtUmJ2blIz\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301157\u0026format=r6\u0026nocache=6411701671899844\u0026num=0\u0026output=afd_ads\u0026domain_name=one.timespace.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701671899846\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1043\u0026frm=0\u0026cl=579967862\u0026uio=-\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=http%3A%2F%2Fone.timespace.top%2F","date":"2023-12-04T06:38:20.420Z","timestamp":1701671900420,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:23:50 GMT","end":"Mon, 15 Jan 2024 11:23:49 GMT"},"fingerprint":{"sha1":"2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE","sha256":"40:92:8E:18:42:CF:E7:31:DB:E9:39:E6:0B:C6:BC:AE:B4:2F:20:21:CC:80:C5:E8:5F:34:DE:01:85:5C:78:F1"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2 HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.google.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 272\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 03 Dec 2023 14:42:22 GMT\r\nexpires: Mon, 04 Dec 2023 13:42:22 GMT\r\ncache-control: public, max-age=82800\r\nage: 57352\r\nlast-modified: Thu, 20 Jul 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":272,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- , ASCII text, with very long lines (390)","md5":"a6ad6e65373db8c1b1f154c4c83f8ce5","sha1":"84cc007d6d682c589e1e1f87482a5278830f3000","sha256":"920a378947204498c122722933b3a4b67788a2b6fade8bd0d47cf830eeee0563","sha512":"09b6d4711c284b1a04c9c4d874f3d1ddfc876c1491fb2aa283a13505bcdbfe90b02731d0b7ad5f492b1dda2161a4afe20040801ea634d2727cde84319adfb1d2","ssdeep":"","tlshash":"e7e0f1fa81842c004a4543b0ed0867a002eff076530c80b7c1e0e6fcb0048da6cc2744","first_seen":"2023-04-11T10:59:33Z","last_seen":"2026-02-24T17:29:47.593465Z","times_seen":82937,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":61,"dns":1,"connect":8,"send":0,"wait":8,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=ivszrgly0wu\u0026aqid=1nNtZeTRGo2yxdwP9ZmVyAQ\u0026psid=6267031743\u0026pbt=bs\u0026adbx=467.20001220703125\u0026adby=186.89999389648438\u0026adbh=1081\u0026adbw=346\u0026adbah=201%2C153%2C201%2C201%2C153%2C153\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=4%7C0%7C359%7C161%7C19\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.228","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://one.timespace.top/","date":"2023-12-04T06:38:21.889Z","timestamp":1701671901889,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=ivszrgly0wu\u0026aqid=1nNtZeTRGo2yxdwP9ZmVyAQ\u0026psid=6267031743\u0026pbt=bs\u0026adbx=467.20001220703125\u0026adby=186.89999389648438\u0026adbh=1081\u0026adbw=346\u0026adbah=201%2C153%2C201%2C201%2C153%2C153\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=4%7C0%7C359%7C161%7C19\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://one.timespace.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-48K08aS9r0DqYctKClTs0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\np3p: CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"\r\ndate: Mon, 04 Dec 2023 06:38:16 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: NID=511=sjSZ6X0KHYqgJ2vUj9v5ab4gk4CwbQqrP8BSGe5QaApSd6k9NqqMmijXQQ0s0mCC0zFOTNoYoW_t63Pu5cqOADdG5kyxZ8CRULnfltemDjsk_e_bzCaHprZNL81Tbe9jpzJnzWmnkiR0ppMh8YP4A7sfZbxqmXZPuFAG4xvLJsk; expires=Tue, 04-Jun-2024 06:38:16 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none\nCONSENT=PENDING+668; expires=Wed, 03-Dec-2025 06:38:16 GMT; path=/; domain=.google.com; Secure\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.228","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.google.com/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026rpbu=http%3A%2F%2Fone.timespace.top%2Fcaf%2F%3Fses%3DY3JlPTE3MDE2NzE4OTQmdGNpZD1vbmUudGltZXNwYWNlLnRvcDY1NmQ3M2Q2MWRlZjQ5LjA3Mjk5NTAyJnRhc2s9c2VhcmNoJmRvbWFpbj10aW1lc3BhY2UudG9wJmFfaWQ9MyZzZXNzaW9uPS1GQXlUQ1dfUFZ3eXRtUmJ2blIz\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301157\u0026format=r6\u0026nocache=6411701671899844\u0026num=0\u0026output=afd_ads\u0026domain_name=one.timespace.top\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1701671899846\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1043\u0026frm=0\u0026cl=579967862\u0026uio=-\u0026cont=rb-default\u0026jsid=caf\u0026jsv=579967862\u0026rurl=http%3A%2F%2Fone.timespace.top%2F","date":"2023-12-04T06:38:20.184Z","timestamp":1701671900184,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /adsense/domains/caf.js HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.google.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Mon, 04 Dec 2023 06:38:14 GMT\r\nexpires: Mon, 04 Dec 2023 06:38:14 GMT\r\ncache-control: private, max-age=3600\r\netag: \"9570478711633809781\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://www.adsensecustomsearchads.com\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":54341,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (1888)","md5":"9936326b99d390a8db3297e3ef06b08f","sha1":"65a7954dcffefe28444eb367c8a3ed1f636318bd","sha256":"4445c2b418767ae76cab2ee7edbe1e6d78d535a90e04fdee5b50205a1991856b","sha512":"6b7ae1d50ea2b4849291ddaa06a61a3791e0445dee5b41128daa5803a9803a0962db2752fe0e6953c882337eb26c5533162c9b3dc97364162ac815db2ef716b0","ssdeep":"1536:RrPOSj873QtAPyqqf/2uYgMjaitiKc1CPEU6i5QI+/F2R26i57VlcZ6gCzUIomHx:I2sAU5QI+t2RqB+Z+Umpa+NilYtN","tlshash":"05e35b9a7761302663a354f4603f028fb23ab959e84885f4f194d4e47cb8da91237fbd","first_seen":"2023-11-09T20:01:28Z","last_seen":"2023-12-07T21:19:16Z","times_seen":454,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=rmrh7cmjie2v\u0026aqid=1nNtZeTRGo2yxdwP9ZmVyAQ\u0026psid=6267031743\u0026pbt=bv\u0026adbx=467.20001220703125\u0026adby=186.89999389648438\u0026adbh=1081\u0026adbw=346\u0026adbah=201%2C153%2C201%2C201%2C153%2C153\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=4%7C0%7C359%7C161%7C19\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.228","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://one.timespace.top/","date":"2023-12-04T06:38:22.391Z","timestamp":1701671902391,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:18:24 GMT","end":"Mon, 15 Jan 2024 11:18:23 GMT"},"fingerprint":{"sha1":"4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95","sha256":"15:CB:A2:CE:4B:FE:61:1E:1A:B7:EA:EF:89:4D:AC:02:D4:54:5E:C6:82:ED:66:53:FC:05:C1:2F:71:78:EA:AE"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=rmrh7cmjie2v\u0026aqid=1nNtZeTRGo2yxdwP9ZmVyAQ\u0026psid=6267031743\u0026pbt=bv\u0026adbx=467.20001220703125\u0026adby=186.89999389648438\u0026adbh=1081\u0026adbw=346\u0026adbah=201%2C153%2C201%2C201%2C153%2C153\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=579967862\u0026csala=4%7C0%7C359%7C161%7C19\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://one.timespace.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-tPAdtfeCfVcqx30b1yTbtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\np3p: CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"\r\ndate: Mon, 04 Dec 2023 06:38:16 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: NID=511=BjLEt_EeoIslZ1xDTHYOtUSW4U_j1egXPaQektZ5WurWcdfPBDoBC3YeKpfiH4dUmfj4b9M6BeD1I8A-p2pTRhEsnYuMaL26oCG2S918X8uSi2crlkvTESqY6qw1vb_3gCmdTDUPNFLW1Cnkkc1kU66AAVLG9tJCBd3S1CNKGyM; expires=Tue, 04-Jun-2024 06:38:16 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none\nCONSENT=PENDING+533; expires=Wed, 03-Dec-2025 06:38:16 GMT; path=/; domain=.google.com; Secure\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}