{"report_id":"db03bceb-7430-4c02-9fdd-87b959fb8b0a","version":6,"status":"done","tags":[],"date":"2025-10-16T09:39:22Z","url":{"schema":"http","addr":"server14.safarimexican.net/","fqdn":"server14.safarimexican.net","domain":"safarimexican.net","tld":"net"},"ip":{"addr":"91.195.240.12","port":0,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"server14.safarimexican.net/","fqdn":"server14.safarimexican.net","domain":"safarimexican.net","tld":"net"},"title":"safarimexican.net - safarimexican Ressurser og informasjon"},"submit":{"url":{"schema":"http","addr":"server14.safarimexican.net/","fqdn":"server14.safarimexican.net","domain":"safarimexican.net","tld":"net"},"ip":{"addr":"91.195.240.12","port":0,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-20T09:39:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":5}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-16T09:38:59Z","timestamp":1760607539,"ip_dst":{"addr":"91.195.240.12","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.5","port":37378,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET MALWARE Observed Glupteba CnC Domain (safarimexican .net in TLS SNI)","source":"{\"timestamp\":\"2025-10-16T09:38:59.285126+0000\",\"flow_id\":1159524085102574,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":37378,\"dest_ip\":\"91.195.240.12\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048659,\"rev\":1,\"signature\":\"ET MALWARE Observed Glupteba CnC Domain (safarimexican .net in TLS SNI)\",\"category\":\"Domain Observed Used for C2 Detected\",\"severity\":1,\"source\":{\"ip\":\"91.195.240.12\",\"port\":443},\"target\":{\"ip\":\"172.18.0.5\",\"port\":37378},\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_10_19\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"Glupteba\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1071\"],\"mitre_technique_name\":[\"Application_Layer_Protocol\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_19\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2023_10_19\"]}},\"tls\":{\"sni\":\"server14.safarimexican.net\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":928,\"bytes_toclient\":3641,\"start\":\"2025-10-16T09:38:59.227310+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"img.sedoparking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.google.com","ip":{"addr":"172.217.21.164","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2025-10-12T22:12:29.347805Z","alert_count":0,"request_count":1,"received_data":160068,"sent_data":480,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img.sedoparking.com","ip":{"addr":"205.234.175.175","port":443,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"domain_registered":"2001-09-18","domain_rank":591238,"first_seen":"2013-04-22T22:23:29Z","last_seen":"2025-10-12T22:24:07.401219Z","alert_count":2,"request_count":2,"received_data":98385,"sent_data":943,"comment":"","tags":null,"fingerprints":[{"name":"CacheFly","description":"CacheFly is a content delivery network (CDN) which offers CDN service that relies solely on IP anycast for routing, rather than DNS based global load balancing.","website":"https://www.cachefly.com","common_platform_enumeration":"","icon":"CacheFly.svg","categories":["CDN"]}]},{"fqdn":"syndicatedsearch.goog","ip":{"addr":"142.250.178.78","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-04-14","domain_rank":5365,"first_seen":"2023-09-25T09:30:59Z","last_seen":"2025-10-12T22:17:10.366711Z","alert_count":0,"request_count":4,"received_data":183699,"sent_data":3369,"comment":"","tags":null,"fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}]},{"fqdn":"server14.safarimexican.net","ip":{"addr":"91.195.240.12","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2023-09-12","domain_rank":0,"first_seen":"2023-09-12T08:10:26Z","last_seen":"2025-09-26T09:18:27.40495Z","alert_count":8,"request_count":2,"received_data":24853,"sent_data":1323,"comment":"","tags":null,"fingerprints":null},{"fqdn":"afs.googleusercontent.com","ip":{"addr":"142.250.178.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-11-17","domain_rank":65181,"first_seen":"2013-05-06T19:11:00Z","last_seen":"2025-10-12T22:17:10.737148Z","alert_count":0,"request_count":2,"received_data":2237,"sent_data":1005,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-16T09:38:59Z","timestamp":1760607539,"ip_dst":{"addr":"91.195.240.12","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.5","port":37378,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET MALWARE Observed Glupteba CnC Domain (safarimexican .net in TLS SNI)","source":"{\"timestamp\":\"2025-10-16T09:38:59.285126+0000\",\"flow_id\":1159524085102574,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":37378,\"dest_ip\":\"91.195.240.12\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048659,\"rev\":1,\"signature\":\"ET MALWARE Observed Glupteba CnC Domain (safarimexican .net in TLS SNI)\",\"category\":\"Domain Observed Used for C2 Detected\",\"severity\":1,\"source\":{\"ip\":\"91.195.240.12\",\"port\":443},\"target\":{\"ip\":\"172.18.0.5\",\"port\":37378},\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_10_19\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"Glupteba\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1071\"],\"mitre_technique_name\":[\"Application_Layer_Protocol\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_19\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2023_10_19\"]}},\"tls\":{\"sni\":\"server14.safarimexican.net\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":928,\"bytes_toclient\":3641,\"start\":\"2025-10-16T09:38:59.227310+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"syndicatedsearch.goog/adsense/domains/caf.js","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.78","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca96805c4b242eb8771881c47de0fcec","sha1":"091b1c089d6186ea2b5de29ba87cf7da18d70765","sha256":"e9cbe910437d59b9b00e0c385f78ff7b3888b46f390e1f47c6d2252cc2b19b5d","sha512":"3a58ffddc4c219b04727b9943811818e5e0ce767eae3dc3676034edb6ce65d7151d14ae0088626b7005f1344142e3930b1cda5b827cf71c41b26ddb48b2df0b2","ssdeep":"1536:QKzXuXs5eKcuVrQUNuDj897ZUwTCg3tdEVKcSpxqeJRV6X8oagGNNNat2mcFvXuq:FUBjCpz3fswxdZWbknH3cWdt+skVMIA","tlshash":"36f34acd73a1702243a394b4607f018fb13af865a84c88a4b199d9e47db4dad4277fbd","size":159359,"data":"","first_seen":"2025-10-13T19:46:55.232225Z","last_seen":"2025-10-16T18:20:08.065563Z","times_seen":1132,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"server14.safarimexican.net/","fqdn":"server14.safarimexican.net","domain":"safarimexican.net","tld":"net"},"ip":{"addr":"91.195.240.12","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"a1492fb7ecd4f2fc1f4753dfd3a1d7d5","sha1":"aa0d8f6df4b8a332d99f444f069b33274db5ff6c","sha256":"299dc65c64b8e57ef43ec8a21343c524dcb3ab1ce277c119953ae060b72d33c9","sha512":"9746a4558fe1cc84ad39c1af1f2d0894722131779d52e88def59bad3b93cf527e9c9b3c165a6ff4c3bfb92f53892a847f9ef67d58496733df8b46617b0aa1d26","ssdeep":"","tlshash":"76810a780d0a09bbae3647ca60047e061759aa51681128f9dc6e5d1dc67facc33a37ef","size":4088,"data":"","first_seen":"2025-10-16T09:39:24.041999Z","last_seen":"2025-10-16T09:39:24.041999Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"server14.safarimexican.net/","fqdn":"server14.safarimexican.net","domain":"safarimexican.net","tld":"net"},"ip":{"addr":"91.195.240.12","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"026990f9cb8f13393fa1eb1607e897aa","sha1":"fd6f6ea2cec26c66f1da131258fd2ca2e763eb6b","sha256":"5c6f593586bc2ab2432a9fbf59b7760231b7737917b7a56a92b2f9ee1ee2c1d5","sha512":"4faf3873e046bcdc1fd956fbca99e1ec7b95bdf60d6d17fbbc0f12d0497e9bc765a276cfc9a089d12f6b60e0913f58448e76fb6fcbc786729317b35c55d84000","ssdeep":"","tlshash":"d7f00cb13ab0030ad632eb2bf1e611917e6ce153c041f96271be90200bcc92647a0ba6","size":622,"data":"","first_seen":"2023-03-13T06:55:33Z","last_seen":"2026-01-19T10:34:20.306514Z","times_seen":13892,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"172.217.21.164","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ad4e02326dc8f30b2e41af0ea028fb6","sha1":"fedab47ad7545a27febf31651218116210ebea1b","sha256":"9b525213f7152af1e4f4c002fb013332db00a3f9ce018051b2bfb2318f5a1f5b","sha512":"7b289addd9f9513808c498add4f548905180616be17fa74b54086bbecbeb48cd716d8d4c634a6b0e959e743e43afa9fa0ac9586ea6b96cacc13cac9d46fbf328","ssdeep":"1536:rKzXuXs5eKcuVrQUNuDj897ZUwTCg3tdEVKcSpxqeJRV6X8oagGNNNat2mcFvXuq:wUBjCpz3fswxdZWbknH3cWdt+skVMIA","tlshash":"40f34acd73a1702243a394b4607f018fb13af865a84c88a4b199d9e47db4dad4277fbd","size":159352,"data":"","first_seen":"2025-10-13T19:47:59.534992Z","last_seen":"2025-10-16T18:19:19.336168Z","times_seen":1517,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"server14.safarimexican.net/","fqdn":"server14.safarimexican.net","domain":"safarimexican.net","tld":"net"},"ip":{"addr":"91.195.240.12","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"978e89b89f929ebbd0a746295eafbcbe","sha1":"6b92ab60432c1e5a8aebc60ebc94f1f24c28cea6","sha256":"848eaac812a5c6ef9f75fc33f2bfbb7169bfea60bc4d4a28a7e77d1737ca42ac","sha512":"c7b6c342a6cc4121c889e38dc07ec85f7b3b1ff7811c0babb5f5abaf39a984424751eb1a7ff400e9bd45f0d49e96be85ff30023dfe9de0b3c0463e1d136e42d1","ssdeep":"96:zQIHrUsXy9Cp1OuKfIqT1M6BXXjgXnB9qPsBJaqJ4uSnx73CUnKVGSrbH:jrUs2nDxQqPJTuIRIESrbH","tlshash":"26c194723145347a4aff0751206f1f14b67ae8533a08b419b028b7e82bebd5744dbb6a","size":5888,"data":"","first_seen":"2024-05-23T11:11:38Z","last_seen":"2026-03-23T00:52:59.161451Z","times_seen":188504,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fserver14.safarimexican.net%2Fcaf%2F%3Fses%3DY3JlPTE3NjA2MDc1MzkmdGNpZD1zZXJ2ZXIxNC5zYWZhcmltZXhpY2FuLm5ldDY4ZjBiZDMzOWVlM2Y1LjE5NjYzMDY1JnRhc2s9c2VhcmNoJmRvbWFpbj1zYWZhcmltZXhpY2FuLm5ldCZhX2lkPTMmc2Vzc2lvbj1QdE1yd1ZvZzUwRHhBbFdnWVV0NA%3D%3D\u0026type=3\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108\u0026format=r6\u0026nocache=4451760607540085\u0026num=0\u0026output=afd_ads\u0026domain_name=server14.safarimexican.net\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1760607540086\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1069\u0026frm=0\u0026uio=-\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=815829948\u0026rurl=https%3A%2F%2Fserver14.safarimexican.net%2F","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.78","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e69a9e2eb3ed5b247c94eeee24b4127a","sha1":"3426e023e3275e1ec963422cb04248a0389877d1","sha256":"290c22da43f1f1dbd67f2fb9288eb56c453dc07914b42c58879526e8e606141e","sha512":"188baea1c180c0d4db563771b989872783d16dfa969a4f319203acfc1241030ca08e6b2dc9faa2a56f970f040f3e25c2ea095a9472bcefd9545bb013cd7dca5a","ssdeep":"","tlshash":"3af0c09a58781231e957c0264d4b3fd16c69197221c72642f58ea8de10bee8ea11c0ea","size":544,"data":"","first_seen":"2025-10-16T09:39:24.053011Z","last_seen":"2025-10-16T09:39:24.053011Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"172.217.21.164","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://server14.safarimexican.net/","date":"2025-10-16T09:38:59.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:42:40 GMT","end":"Mon, 15 Dec 2025 08:42:39 GMT"},"fingerprint":{"sha1":"99:C6:4E:8E:B8:5B:D1:99:2A:8E:B6:F5:1D:F0:C9:9F:D1:98:60:99","sha256":"5E:61:10:69:80:4E:43:5E:5C:BC:64:28:29:74:91:F6:DC:3B:42:28:2D:71:3C:A4:FA:4E:A8:88:A1:46:E6:39"}}},"request":{"raw":"GET /adsense/domains/caf.js?abp=1\u0026YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://server14.safarimexican.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Thu, 16 Oct 2025 09:38:59 GMT\r\nexpires: Thu, 16 Oct 2025 09:38:59 GMT\r\ncache-control: private, max-age=3600\r\netag: \"6239430463514302425\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://syndicatedsearch.goog\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":159352,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2840)","md5":"5ad4e02326dc8f30b2e41af0ea028fb6","sha1":"fedab47ad7545a27febf31651218116210ebea1b","sha256":"9b525213f7152af1e4f4c002fb013332db00a3f9ce018051b2bfb2318f5a1f5b","sha512":"7b289addd9f9513808c498add4f548905180616be17fa74b54086bbecbeb48cd716d8d4c634a6b0e959e743e43afa9fa0ac9586ea6b96cacc13cac9d46fbf328","ssdeep":"1536:rKzXuXs5eKcuVrQUNuDj897ZUwTCg3tdEVKcSpxqeJRV6X8oagGNNNat2mcFvXuq:wUBjCpz3fswxdZWbknH3cWdt+skVMIA","tlshash":"40f34acd73a1702243a394b4607f018fb13af865a84c88a4b199d9e47db4dad4277fbd","first_seen":"2025-10-13T19:47:59.534992Z","last_seen":"2025-10-16T18:19:19.336168Z","times_seen":1517,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":76,"dns":1,"connect":8,"send":0,"wait":26,"receive":0,"ssl":89},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.sedoparking.com/templates/bg/arrows-1-colors-3.png","fqdn":"img.sedoparking.com","domain":"sedoparking.com","tld":"com"},"ip":{"addr":"205.234.175.175","port":443,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://server14.safarimexican.net/","date":"2025-10-16T09:38:59.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cachefly.net","organization":"Cachenetworks, LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 12 Nov 2024 20:01:06 GMT","end":"Sun, 14 Dec 2025 20:01:05 GMT"},"fingerprint":{"sha1":"E3:21:BF:A0:AC:70:6E:19:F1:83:A3:CB:83:F9:6F:0F:E0:46:F1:3C","sha256":"0D:FF:60:D6:18:60:C6:38:90:5D:DD:55:2E:87:EE:3A:E5:96:78:0B:5F:68:E8:88:AD:AE:1A:BF:51:59:94:83"}}},"request":{"raw":"GET /templates/bg/arrows-1-colors-3.png HTTP/1.1\r\nHost: img.sedoparking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://server14.safarimexican.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 16 Oct 2025 09:38:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 82231\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800\r\nexpires: Thu, 23 Oct 2025 09:38:59 GMT\r\nx-cfhash: \"b68c0210cadb1e12efc4557d7e49e48e\"\r\nx-cff: B\r\nlast-modified: Wed, 22 Apr 2020 09:38:21 GMT\r\nx-cf3: H\r\ncf4age: 0\r\nx-cf-tsc: 1750207220\r\ncf4ttl: 31536000.000\r\nx-cf2: H\r\nserver: CFS 1124\r\nx-cf-reqid: c9e2ac1853edb503744d69bdb6a4b5e3\r\nx-cf1: 11696:fD.arn1:cf:nom:cacheN.arn1-01:H\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CacheFly","description":"CacheFly is a content delivery network (CDN) which offers CDN service that relies solely on IP anycast for routing, rather than DNS based global load balancing.","website":"https://www.cachefly.com","common_platform_enumeration":"","icon":"CacheFly.svg","categories":["CDN"]}],"data":{"size":82231,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 3024 x 2000, 8-bit/color RGBA, non-interlaced","md5":"b68c0210cadb1e12efc4557d7e49e48e","sha1":"ad24ed2b2d5d166d07fbf0680693c88fb56fcb4b","sha256":"e7ff091c85669b175de49d629d7d77bd20cd08d2c16ae74deef2ab06aec5854d","sha512":"08f54e954e1e3bfa566cbb5783f54a500490f41c60005b1a0145fa51571833d954cb4d692a6da78bd4e59e10c03f4780f68619618e2056a34af1d0529427da94","ssdeep":"1536:lNNF5dc3RlXaayiiOxIAjNaFS3k2bYwtaThZE6EbWDi:ZF58RlKoi8RF/bYwtaTQjam","tlshash":"9883e002e9cb0dd3e9dcc9b9dc29af48777541b514528fc7c7b98223dcb52e1a2258a3","first_seen":"2023-04-07T10:24:35Z","last_seen":"2026-03-02T09:29:51.546644Z","times_seen":18808,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":59,"dns":1,"connect":8,"send":0,"wait":10,"receive":11,"ssl":55},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"img.sedoparking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fserver14.safarimexican.net%2Fcaf%2F%3Fses%3DY3JlPTE3NjA2MDc1MzkmdGNpZD1zZXJ2ZXIxNC5zYWZhcmltZXhpY2FuLm5ldDY4ZjBiZDMzOWVlM2Y1LjE5NjYzMDY1JnRhc2s9c2VhcmNoJmRvbWFpbj1zYWZhcmltZXhpY2FuLm5ldCZhX2lkPTMmc2Vzc2lvbj1QdE1yd1ZvZzUwRHhBbFdnWVV0NA%3D%3D\u0026type=3\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108\u0026format=r6\u0026nocache=4451760607540085\u0026num=0\u0026output=afd_ads\u0026domain_name=server14.safarimexican.net\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1760607540086\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1069\u0026frm=0\u0026uio=-\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=815829948\u0026rurl=https%3A%2F%2Fserver14.safarimexican.net%2F","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.78","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://server14.safarimexican.net/","date":"2025-10-16T09:39:00.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:44:04 GMT","end":"Mon, 15 Dec 2025 08:44:03 GMT"},"fingerprint":{"sha1":"35:35:57:02:F2:4B:CA:4F:51:18:1E:36:52:1F:55:FC:7B:D3:5A:1E","sha256":"0C:AD:E8:CF:82:18:03:04:52:7D:69:A0:4A:E8:5F:51:71:7C:DF:71:A1:68:24:00:BD:E3:60:4C:4D:2C:AB:D6"}}},"request":{"raw":"GET /afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fserver14.safarimexican.net%2Fcaf%2F%3Fses%3DY3JlPTE3NjA2MDc1MzkmdGNpZD1zZXJ2ZXIxNC5zYWZhcmltZXhpY2FuLm5ldDY4ZjBiZDMzOWVlM2Y1LjE5NjYzMDY1JnRhc2s9c2VhcmNoJmRvbWFpbj1zYWZhcmltZXhpY2FuLm5ldCZhX2lkPTMmc2Vzc2lvbj1QdE1yd1ZvZzUwRHhBbFdnWVV0NA%3D%3D\u0026type=3\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108\u0026format=r6\u0026nocache=4451760607540085\u0026num=0\u0026output=afd_ads\u0026domain_name=server14.safarimexican.net\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1760607540086\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1069\u0026frm=0\u0026uio=-\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=815829948\u0026rurl=https%3A%2F%2Fserver14.safarimexican.net%2F HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://server14.safarimexican.net/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-disposition: inline\r\ndate: Thu, 16 Oct 2025 09:39:00 GMT\r\nexpires: Thu, 16 Oct 2025 09:39:00 GMT\r\ncache-control: private, max-age=3600\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-3tu8btM3WXy0msmE4oUrWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ncontent-encoding: br\r\nserver: gws\r\ncontent-length: 3620\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":21520,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (21030)","md5":"726763cc9b7fd2603040fc4249203177","sha1":"30d79ab44a16f8747a040eb9a2a8e61c87761a28","sha256":"f5e4fe48e1350a0d84cf849378c7689d8500742601a96a4403402728c4d72ea1","sha512":"f0c2b7f651bda2d58e31c5ceda0a74e9916a417039a4276b1bed58525059ee54cdc724c51f820cd09b0c64ec0f14fd7fc7f73696a0f0321ccec52d2fec33def6","ssdeep":"192:GE12iMpgb1pMBhGVe7axvBT/KxFI8wBk3:Gni0pGg4/Kxu88k3","tlshash":"15a244367462272e0917dc1417296f6ec185c42ac86f35e948f35b25c7f7f828be628e","first_seen":"2025-10-16T09:39:24.015715Z","last_seen":"2025-10-16T09:39:24.015715Z","times_seen":1,"resource_available":false,"data":null}},"time_used":411,"timings":{"blocked":112,"dns":1,"connect":28,"send":0,"wait":183,"receive":0,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"server14.safarimexican.net/search/tsc.php?ses=ogcNMfuqssGGvaiPFQV0mTxOEss8ogFLoUKnyUAI8JVGVpkAPFrJWeeol5XZ0jBFQYLTBFDKHGmJ258RDi1Yrw1-ZHcY8iWahO6Mx7RPtPmUPlpFAT8DO7SC9PQ_KOcsV9u4XwHPCr1oJZBS8vSVC3EuUeF3-Selia1lTZuPiMuPzzgR9m1fja76Z_fRPTyKghoh4yAHVfu-YN9SvV4LQcNLwgHEuRhdGnKaVW1OUQwFg2KsMjYCabgoMc2fu0FjVRSu7NHXEk5qWpMfBKXq4NJudYbwR7j1btQ4y-t6EZQV8H92ZP8P8ZgQHgZnsbhUB156TXFQIeqOilwcboShV4DBxyCHNzLUvQJmfNHtAODucn73GSOVVL9hhjC7g\u0026cv=2","fqdn":"server14.safarimexican.net","domain":"safarimexican.net","tld":"net"},"ip":{"addr":"91.195.240.12","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://server14.safarimexican.net/","date":"2025-10-16T09:39:00.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"server14.safarimexican.net","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 12 Sep 2025 00:00:00 GMT","end":"Wed, 10 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"84:BC:3D:E1:73:2B:E0:47:B6:B6:95:DB:CC:7A:18:A7:D2:F2:0B:81","sha256":"98:C5:B0:58:7D:1B:52:94:BF:D4:78:37:BE:D6:13:3E:25:FA:92:0C:14:FB:86:C9:03:CC:36:9E:19:3B:7F:E6"}}},"request":{"raw":"GET /search/tsc.php?ses=ogcNMfuqssGGvaiPFQV0mTxOEss8ogFLoUKnyUAI8JVGVpkAPFrJWeeol5XZ0jBFQYLTBFDKHGmJ258RDi1Yrw1-ZHcY8iWahO6Mx7RPtPmUPlpFAT8DO7SC9PQ_KOcsV9u4XwHPCr1oJZBS8vSVC3EuUeF3-Selia1lTZuPiMuPzzgR9m1fja76Z_fRPTyKghoh4yAHVfu-YN9SvV4LQcNLwgHEuRhdGnKaVW1OUQwFg2KsMjYCabgoMc2fu0FjVRSu7NHXEk5qWpMfBKXq4NJudYbwR7j1btQ4y-t6EZQV8H92ZP8P8ZgQHgZnsbhUB156TXFQIeqOilwcboShV4DBxyCHNzLUvQJmfNHtAODucn73GSOVVL9hhjC7g\u0026cv=2 HTTP/1.1\r\nHost: server14.safarimexican.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://server14.safarimexican.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 16 Oct 2025 09:39:00 GMT\r\nserver: Parking/1.0\r\nx-cache-miss-from: parking-7fbf5fd67f-bj5zp\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T04:13:34.904649Z","times_seen":13845851,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/adsense/domains/caf.js","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.78","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://syndicatedsearch.goog/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fserver14.safarimexican.net%2Fcaf%2F%3Fses%3DY3JlPTE3NjA2MDc1MzkmdGNpZD1zZXJ2ZXIxNC5zYWZhcmltZXhpY2FuLm5ldDY4ZjBiZDMzOWVlM2Y1LjE5NjYzMDY1JnRhc2s9c2VhcmNoJmRvbWFpbj1zYWZhcmltZXhpY2FuLm5ldCZhX2lkPTMmc2Vzc2lvbj1QdE1yd1ZvZzUwRHhBbFdnWVV0NA%3D%3D\u0026type=3\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108\u0026format=r6\u0026nocache=4451760607540085\u0026num=0\u0026output=afd_ads\u0026domain_name=server14.safarimexican.net\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1760607540086\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1069\u0026frm=0\u0026uio=-\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=815829948\u0026rurl=https%3A%2F%2Fserver14.safarimexican.net%2F","date":"2025-10-16T09:39:00.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:44:04 GMT","end":"Mon, 15 Dec 2025 08:44:03 GMT"},"fingerprint":{"sha1":"35:35:57:02:F2:4B:CA:4F:51:18:1E:36:52:1F:55:FC:7B:D3:5A:1E","sha256":"0C:AD:E8:CF:82:18:03:04:52:7D:69:A0:4A:E8:5F:51:71:7C:DF:71:A1:68:24:00:BD:E3:60:4C:4D:2C:AB:D6"}}},"request":{"raw":"GET /adsense/domains/caf.js HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Thu, 16 Oct 2025 09:39:00 GMT\r\nexpires: Thu, 16 Oct 2025 09:39:00 GMT\r\ncache-control: private, max-age=3600\r\netag: \"2770540364355260001\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://syndicatedsearch.goog\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":159359,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2840)","md5":"ca96805c4b242eb8771881c47de0fcec","sha1":"091b1c089d6186ea2b5de29ba87cf7da18d70765","sha256":"e9cbe910437d59b9b00e0c385f78ff7b3888b46f390e1f47c6d2252cc2b19b5d","sha512":"3a58ffddc4c219b04727b9943811818e5e0ce767eae3dc3676034edb6ce65d7151d14ae0088626b7005f1344142e3930b1cda5b827cf71c41b26ddb48b2df0b2","ssdeep":"1536:QKzXuXs5eKcuVrQUNuDj897ZUwTCg3tdEVKcSpxqeJRV6X8oagGNNNat2mcFvXuq:FUBjCpz3fswxdZWbknH3cWdt+skVMIA","tlshash":"36f34acd73a1702243a394b4607f018fb13af865a84c88a4b199d9e47db4dad4277fbd","first_seen":"2025-10-13T19:46:55.232225Z","last_seen":"2025-10-16T18:20:08.065563Z","times_seen":1132,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.178.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://syndicatedsearch.goog/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fserver14.safarimexican.net%2Fcaf%2F%3Fses%3DY3JlPTE3NjA2MDc1MzkmdGNpZD1zZXJ2ZXIxNC5zYWZhcmltZXhpY2FuLm5ldDY4ZjBiZDMzOWVlM2Y1LjE5NjYzMDY1JnRhc2s9c2VhcmNoJmRvbWFpbj1zYWZhcmltZXhpY2FuLm5ldCZhX2lkPTMmc2Vzc2lvbj1QdE1yd1ZvZzUwRHhBbFdnWVV0NA%3D%3D\u0026type=3\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108\u0026format=r6\u0026nocache=4451760607540085\u0026num=0\u0026output=afd_ads\u0026domain_name=server14.safarimexican.net\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1760607540086\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1069\u0026frm=0\u0026uio=-\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=815829948\u0026rurl=https%3A%2F%2Fserver14.safarimexican.net%2F","date":"2025-10-16T09:39:00.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:56 GMT","end":"Mon, 15 Dec 2025 08:41:55 GMT"},"fingerprint":{"sha1":"FB:46:5A:12:E3:6E:02:EF:CC:80:E2:C9:DB:21:F6:D0:B2:1C:01:8C","sha256":"FE:5F:B4:C6:68:6F:78:97:3E:0D:1E:04:2D:10:0E:C7:A2:90:5A:3C:B8:74:B6:84:19:8A:1F:38:D8:D8:31:28"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2 HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 272\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 16 Oct 2025 04:07:37 GMT\r\nexpires: Fri, 17 Oct 2025 03:07:37 GMT\r\ncache-control: public, max-age=82800\r\nage: 19883\r\nlast-modified: Thu, 20 Jul 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":391,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a6ad6e65373db8c1b1f154c4c83f8ce5","sha1":"84cc007d6d682c589e1e1f87482a5278830f3000","sha256":"920a378947204498c122722933b3a4b67788a2b6fade8bd0d47cf830eeee0563","sha512":"09b6d4711c284b1a04c9c4d874f3d1ddfc876c1491fb2aa283a13505bcdbfe90b02731d0b7ad5f492b1dda2161a4afe20040801ea634d2727cde84319adfb1d2","ssdeep":"","tlshash":"e7e0f1fa81842c004a4543b0ed0867a002eff076530c80b7c1e0e6fcb0048da6cc2744","first_seen":"2023-04-11T10:59:33Z","last_seen":"2026-02-24T17:29:47.593465Z","times_seen":82937,"resource_available":false,"data":null}},"time_used":454,"timings":{"blocked":217,"dns":0,"connect":14,"send":0,"wait":18,"receive":1,"ssl":198},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"server14.safarimexican.net/","fqdn":"server14.safarimexican.net","domain":"safarimexican.net","tld":"net"},"ip":{"addr":"91.195.240.12","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T09:38:59.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"server14.safarimexican.net","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 12 Sep 2025 00:00:00 GMT","end":"Wed, 10 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"84:BC:3D:E1:73:2B:E0:47:B6:B6:95:DB:CC:7A:18:A7:D2:F2:0B:81","sha256":"98:C5:B0:58:7D:1B:52:94:BF:D4:78:37:BE:D6:13:3E:25:FA:92:0C:14:FB:86:C9:03:CC:36:9E:19:3B:7F:E6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: server14.safarimexican.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 16 Oct 2025 09:38:59 GMT\r\nexpires: Mon, 26 Jul 1997 05:00:00 GMT\r\nlast-modified: Thu, 16 Oct 2025 09:38:59 GMT\r\npragma: no-cache\r\nserver: Parking/1.0\r\nvary: Accept-Encoding\r\nx-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_XI9GvD/pCZZJf0nW3DSnuhQ7RJ4n6++URgkA+Op9TruEn1FOJGQZOuu/x+OUKIEPi40pc2kV0025To0Ia5ETzA==\r\nx-cache-miss-from: parking-7fbf5fd67f-bj5zp\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24010,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9934)","md5":"eb23a890f46d9f61cae853322b782edd","sha1":"9331a8ce187587c9be4d777d8de47a2f12c875d6","sha256":"3c4d5cd514ed451ab833ad5a058f487331da8ed4df17f4f662574623fda4ceb4","sha512":"bbe9586cef4dbd0250b4ccf5bb3d9ce205d01f7fcfff951c445ced1106a91f61455c04ae87802f63e5ea88700adc128bbf4ae45dbfcc1cfa5a2ee27fa63a8d6e","ssdeep":"384:5ihL8/a3kL6V42jw01ipbiwLvAj/fgulFCYBX4GraFBTuIRIESrbO:5iqa0L6CjtiwqgulFCYBX4KGBTuIOESm","tlshash":"5eb2e9722a44243ab1b7861d7191bb05b720cd13d90669b9f46ce2b8cfcbd9712d3f4a","first_seen":"2025-10-16T09:39:24.032823Z","last_seen":"2025-10-16T09:39:24.032823Z","times_seen":1,"resource_available":false,"data":null}},"time_used":836,"timings":{"blocked":310,"dns":35,"connect":25,"send":0,"wait":216,"receive":0,"ssl":247},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"server14.safarimexican.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.sedoparking.com/templates/logos/sedo_logo.png","fqdn":"img.sedoparking.com","domain":"sedoparking.com","tld":"com"},"ip":{"addr":"205.234.175.175","port":443,"asn":30081,"as":"CACHENETWORKS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://server14.safarimexican.net/","date":"2025-10-16T09:39:00.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cachefly.net","organization":"Cachenetworks, LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 12 Nov 2024 20:01:06 GMT","end":"Sun, 14 Dec 2025 20:01:05 GMT"},"fingerprint":{"sha1":"E3:21:BF:A0:AC:70:6E:19:F1:83:A3:CB:83:F9:6F:0F:E0:46:F1:3C","sha256":"0D:FF:60:D6:18:60:C6:38:90:5D:DD:55:2E:87:EE:3A:E5:96:78:0B:5F:68:E8:88:AD:AE:1A:BF:51:59:94:83"}}},"request":{"raw":"GET /templates/logos/sedo_logo.png HTTP/1.1\r\nHost: img.sedoparking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://server14.safarimexican.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 16 Oct 2025 09:39:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 15086\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800\r\nexpires: Thu, 23 Oct 2025 09:39:00 GMT\r\nx-cfhash: \"def00c11b1596db4efee6a9fbe64fc27\"\r\nx-cff: B\r\nlast-modified: Mon, 11 Jan 2021 07:44:34 GMT\r\nx-cf3: H\r\ncf4age: 0\r\nx-cf-tsc: 1729867994\r\ncf4ttl: 31536000.000\r\nx-cf2: H\r\nserver: CFS 1124\r\nx-cf-reqid: e9811b76bc9d110c39fa6a7e04dfce34\r\nx-cf1: 11696:fD.arn1:cf:nom:cacheN.arn1-01:H\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CacheFly","description":"CacheFly is a content delivery network (CDN) which offers CDN service that relies solely on IP anycast for routing, rather than DNS based global load balancing.","website":"https://www.cachefly.com","common_platform_enumeration":"","icon":"CacheFly.svg","categories":["CDN"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"def00c11b1596db4efee6a9fbe64fc27","sha1":"bd298981e6d8d7e4ffa18abcf687041f4246672d","sha256":"95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4","sha512":"c056e95dbfa1aab3a50dff18c6d577dbffea72c93316ffc53b6b7aa41dcc7707a810d563894589a7305de0b76610f88150b2034670de368773b2b356f14ad30f","ssdeep":"192:jiHSINqv0tJ30DezSfPAXTZwC3D2N2xp1Fd/ar/+zi3LHZNwkQH0iWpXDt3TN8rB:jzAnP9j","tlshash":"31623e0bfd4bc358ce50b23ae67c4bfb6361d8c1b090a7e257d9d51aafa7b014c9a011","first_seen":"2023-04-14T07:11:21Z","last_seen":"2026-04-17T02:23:56.90301Z","times_seen":224163,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"img.sedoparking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff","fqdn":"afs.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.178.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://syndicatedsearch.goog/afs/ads?adsafe=low\u0026adtest=off\u0026psid=6267031743\u0026channel=exp-0051%2Cauxa-control-1%2C8810114\u0026client=dp-sedo85_3ph\u0026r=m\u0026hl=no\u0026ivt=0\u0026rpbu=https%3A%2F%2Fserver14.safarimexican.net%2Fcaf%2F%3Fses%3DY3JlPTE3NjA2MDc1MzkmdGNpZD1zZXJ2ZXIxNC5zYWZhcmltZXhpY2FuLm5ldDY4ZjBiZDMzOWVlM2Y1LjE5NjYzMDY1JnRhc2s9c2VhcmNoJmRvbWFpbj1zYWZhcmltZXhpY2FuLm5ldCZhX2lkPTMmc2Vzc2lvbj1QdE1yd1ZvZzUwRHhBbFdnWVV0NA%3D%3D\u0026type=3\u0026swp=as-drid-2383353299994854\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108\u0026format=r6\u0026nocache=4451760607540085\u0026num=0\u0026output=afd_ads\u0026domain_name=server14.safarimexican.net\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1760607540086\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=1069\u0026frm=0\u0026uio=-\u0026cont=rb-default\u0026drt=0\u0026jsid=caf\u0026jsv=815829948\u0026rurl=https%3A%2F%2Fserver14.safarimexican.net%2F","date":"2025-10-16T09:39:00.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:56 GMT","end":"Mon, 15 Dec 2025 08:41:55 GMT"},"fingerprint":{"sha1":"FB:46:5A:12:E3:6E:02:EF:CC:80:E2:C9:DB:21:F6:D0:B2:1C:01:8C","sha256":"FE:5F:B4:C6:68:6F:78:97:3E:0D:1E:04:2D:10:0E:C7:A2:90:5A:3C:B8:74:B6:84:19:8A:1F:38:D8:D8:31:28"}}},"request":{"raw":"GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1\r\nHost: afs.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://syndicatedsearch.goog/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers\r\ncross-origin-opener-policy: same-origin; report-to=\"afs-native-asset-managers\"\r\nreport-to: {\"group\":\"afs-native-asset-managers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers\"}]}\r\ncontent-length: 174\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 16 Oct 2025 02:25:42 GMT\r\nexpires: Fri, 17 Oct 2025 01:25:42 GMT\r\ncache-control: public, max-age=82800\r\nage: 25998\r\nlast-modified: Thu, 02 Nov 2023 22:48:00 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":200,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"11b3089d616633ca6b73b57aa877eeb4","sha1":"07632f63e06b30d9b63c97177d3a8122629bda9b","sha256":"809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1","sha512":"079b0e35b479dfdbe64a987661000f4a034b10688e26f2a5fe6aaa807e81ccc5593d40609b731ab3340e687d83dd08de4b8b1e01cdac9d4523a9f6bb3acfcba0","ssdeep":"","tlshash":"d9d02291c2182d28441e82e0c37c312600fab0a2634c00dcfa80e300b20c9abb861669","first_seen":"2023-04-06T23:53:06Z","last_seen":"2026-04-01T02:57:50.32115Z","times_seen":412182,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":86,"dns":1,"connect":14,"send":0,"wait":14,"receive":0,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=jze6vtheupdf\u0026cd_fexp=72717108\u0026aqid=NL3waN6NEoOkjuwP0bWGqAg\u0026psid=6267031743\u0026pbt=bs\u0026adbx=467.20001220703125\u0026adby=186.89999389648438\u0026adbh=937\u0026adbw=346\u0026adbah=146%2C146%2C146%2C146%2C146%2C187\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=815829948\u0026csala=5%7C0%7C383%7C107%7C11\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.78","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://server14.safarimexican.net/","date":"2025-10-16T09:39:02.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:44:04 GMT","end":"Mon, 15 Dec 2025 08:44:03 GMT"},"fingerprint":{"sha1":"35:35:57:02:F2:4B:CA:4F:51:18:1E:36:52:1F:55:FC:7B:D3:5A:1E","sha256":"0C:AD:E8:CF:82:18:03:04:52:7D:69:A0:4A:E8:5F:51:71:7C:DF:71:A1:68:24:00:BD:E3:60:4C:4D:2C:AB:D6"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=jze6vtheupdf\u0026cd_fexp=72717108\u0026aqid=NL3waN6NEoOkjuwP0bWGqAg\u0026psid=6267031743\u0026pbt=bs\u0026adbx=467.20001220703125\u0026adby=186.89999389648438\u0026adbh=937\u0026adbw=346\u0026adbah=146%2C146%2C146%2C146%2C146%2C187\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=815829948\u0026csala=5%7C0%7C383%7C107%7C11\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://server14.safarimexican.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-If9PqpkwXlb8uL3N7gML5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ndate: Thu, 16 Oct 2025 09:39:02 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T04:13:34.904649Z","times_seen":13845851,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"syndicatedsearch.goog/afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=hslwnyrck9k5\u0026cd_fexp=72717108\u0026aqid=NL3waN6NEoOkjuwP0bWGqAg\u0026psid=6267031743\u0026pbt=bv\u0026adbx=467.20001220703125\u0026adby=186.89999389648438\u0026adbh=937\u0026adbw=346\u0026adbah=146%2C146%2C146%2C146%2C146%2C187\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=815829948\u0026csala=5%7C0%7C383%7C107%7C11\u0026lle=0\u0026ifv=1\u0026hpt=0","fqdn":"syndicatedsearch.goog","domain":"syndicatedsearch.goog","tld":"goog"},"ip":{"addr":"142.250.178.78","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://server14.safarimexican.net/","date":"2025-10-16T09:39:02.097Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syndicatedsearch.goog","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:44:04 GMT","end":"Mon, 15 Dec 2025 08:44:03 GMT"},"fingerprint":{"sha1":"35:35:57:02:F2:4B:CA:4F:51:18:1E:36:52:1F:55:FC:7B:D3:5A:1E","sha256":"0C:AD:E8:CF:82:18:03:04:52:7D:69:A0:4A:E8:5F:51:71:7C:DF:71:A1:68:24:00:BD:E3:60:4C:4D:2C:AB:D6"}}},"request":{"raw":"GET /afs/gen_204?client=dp-sedo85_3ph\u0026output=uds_ads_only\u0026zx=hslwnyrck9k5\u0026cd_fexp=72717108\u0026aqid=NL3waN6NEoOkjuwP0bWGqAg\u0026psid=6267031743\u0026pbt=bv\u0026adbx=467.20001220703125\u0026adby=186.89999389648438\u0026adbh=937\u0026adbw=346\u0026adbah=146%2C146%2C146%2C146%2C146%2C187\u0026adbn=master-1\u0026eawp=partner-dp-sedo85_3ph\u0026errv=815829948\u0026csala=5%7C0%7C383%7C107%7C11\u0026lle=0\u0026ifv=1\u0026hpt=0 HTTP/1.1\r\nHost: syndicatedsearch.goog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://server14.safarimexican.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-NJYK0jg8Uh0VOKrDzMl9Qg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ndate: Thu, 16 Oct 2025 09:39:02 GMT\r\nserver: gws\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Web Server","description":"","website":"https://en.wikipedia.org/wiki/Google_Web_Server","common_platform_enumeration":"cpe:2.3:a:google:web_server:*:*:*:*:*:*:*:*","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T04:13:34.904649Z","times_seen":13845851,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}