Report - ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

Report Overview

Visitedpublic

2024-08-01 17:32:37

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2024-07-30 19:45:26	429 B	57 kB	142.250.74.164
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-01 18:12:56	2.3 kB	6.2 kB	23.36.76.226
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-01 18:12:08	327 B	887 B	23.36.76.226
ww25.lyxynyx.com	unknown	2023-12-14	2023-12-15 10:16:18	2023-12-15 10:16:50	2.3 kB	42 kB	199.59.243.226
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-08-01 18:20:07	2.0 kB	4.2 kB	142.250.74.131
syndicatedsearch.goog	unknown	2023-04-14	2023-09-25 11:30:59	2024-08-01 13:05:52	3.2 kB	160 kB	216.58.207.206
afs.googleusercontent.com	12123	2008-11-17	2013-05-06 21:11:00	2024-08-01 18:24:28	993 B	2.1 kB	142.250.74.161

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-01	medium	lyxynyx.com	Sinkholed
2024-08-01	medium	lyxynyx.com	Sinkholed
2024-08-01	medium	lyxynyx.com	Sinkholed
2024-08-01	medium	lyxynyx.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86	ScriptElement	435 B	2024-08-19	2024-08-19
URL ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86 IP / ASN 199.59.243.226 #16509 AMAZON-02 Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 1 Size 435 B (435 bytes) MD5 a2bc236153684d7b09bc833069c8607d SHA1 9e48fee637c7342ded914fde101b059f7429c65c SHA256 055c82db00168f2ce79c4e6fc4834c0bfeb4656d712b35f0758fde1d5c68e0cc Format Code Loading...

	ww25.lyxynyx.com/buisgMeNC.js	ScriptElement	34 kB	2024-06-14	2024-08-29
URL ww25.lyxynyx.com/buisgMeNC.js IP / ASN 199.59.243.226 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-06-14 Last Seen 2024-08-29 Times Seen 19107 Size 34 kB (33929 bytes) MD5 54285d7f26ed4bc84ba79113426dcecb SHA1 17dc89efec5df34a280459ffc0e27cb8467045ab SHA256 b0754afe500a24201f740ed9c023d64483ca9183fa6361d759bb329462d25344 Format Code Loading...

	www.google.com/adsense/domains/caf.js?abp=1&bodis=true	ScriptElement	155 kB	2024-08-01	2024-08-19
URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP / ASN 142.250.74.164 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-01 Last Seen 2024-08-19 Times Seen 2177 Size 155 kB (154794 bytes) MD5 d41fcdf585f1a7b2d1f29f25bc97a442 SHA1 e5026e735cae32e757e6f3b1257d6d64afe560a8 SHA256 3382e43d6fd55cbe5f63fc20c88bd43b13a332adf0a1d4725c0a58ae1608bfc4 Format Code Loading...

	syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol317%2Cpid-bodis-gcontrol470%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=5501722533533041&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1722533533042&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=657227691&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86	ScriptElement	656 B	2024-08-19	2024-08-19
URL syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol317%2Cpid-bodis-gcontrol470%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=5501722533533041&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1722533533042&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=657227691&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86 IP / ASN 216.58.207.206 #15169 GOOGLE Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 1 Size 656 B (656 bytes) MD5 df5ea401d54b9894680312388ef6f2c9 SHA1 7023d1c00af4d5bda22d699459ee4b8e07b653f4 SHA256 f9b6f7489e545b792e77a090bc330f169fb52c7fa307d67f8d1ac6ba56ac4156 Format Code Loading...

	syndicatedsearch.goog/adsense/domains/caf.js	ScriptElement	155 kB	2024-08-01	2024-08-19
URL syndicatedsearch.goog/adsense/domains/caf.js IP / ASN 216.58.207.206 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-01 Last Seen 2024-08-19 Times Seen 1915 Size 155 kB (154810 bytes) MD5 3e2474be0dadb8295553f29076cd335f SHA1 fc2fb17420d679a6ed089209a1163efb4a8d19ab SHA256 465ff8dfe4cbf2e9f0a6447d64bbadf59bb5a3ab29212dea4f8b015c5fe33513 Format Code Loading...

HTTP Transactions (25)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-01

Last Seen2024-08-19

Times Seen14629

Size504 B (504 bytes)

MD51fc39f9a6ccc25867cc2924e625282d0

SHA1f859354fa7202cd2f2cbd279ad12ab0358c638d1

SHA256037bd31a93556f0a88d519cc4629ca3f8fcc94ffc357a71d34a133e5943c3b96

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "037BD31A93556F0A88D519CC4629CA3F8FCC94FFC357A71D34A133E5943C3B96"
Last-Modified: Thu, 01 Aug 2024 06:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13676
Expires: Thu, 01 Aug 2024 21:20:07 GMT
Date: Thu, 01 Aug 2024 17:32:11 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-01

Last Seen2024-08-19

Times Seen21208

Size504 B (504 bytes)

MD544e4b90088be23610d96d270d377406d

SHA1ce7ab232af453bb960a97435173b3ab09a376054

SHA25631567666bda7db348cd6e2ad94576da2c7240872f45e969fd6a52cf14440e95b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "31567666BDA7DB348CD6E2AD94576DA2C7240872F45E969FD6A52CF14440E95B"
Last-Modified: Thu, 01 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13684
Expires: Thu, 01 Aug 2024 21:20:15 GMT
Date: Thu, 01 Aug 2024 17:32:11 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-01

Last Seen2024-08-19

Times Seen18732

Size504 B (504 bytes)

MD5b84a2e6efef529bac3e0d5dd309babe7

SHA1b22b4d0e8f84859a83b85939ae4c77d16fde0c93

SHA2569ed1020ce84380273c514b5c14a8705879d8233acaae13b428063bc7b83a067b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9ED1020CE84380273C514B5C14A8705879D8233ACAAE13B428063BC7B83A067B"
Last-Modified: Thu, 01 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10697
Expires: Thu, 01 Aug 2024 20:30:28 GMT
Date: Thu, 01 Aug 2024 17:32:11 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-01

Last Seen2024-08-19

Times Seen23373

Size504 B (504 bytes)

MD506f86a556a3bc0d04f36267a3081f07f

SHA13ca01a6761c66a9434a2ee060e2cb4b685b0b9f8

SHA256e9d373f8bcb454c3fc0b4e4d3768e5104c7f4cad03145468f9d2c0ff89c08143

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E9D373F8BCB454C3FC0B4E4D3768E5104C7F4CAD03145468F9D2C0FF89C08143"
Last-Modified: Thu, 01 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2891
Expires: Thu, 01 Aug 2024 18:20:23 GMT
Date: Thu, 01 Aug 2024 17:32:12 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-01

Last Seen2024-08-19

Times Seen246

Size504 B (504 bytes)

MD5e40928b82ba603f48acaa3c88408f9f7

SHA13e0c92afd8393740b73a707a8eae3831325890de

SHA256410256a833632cb150a639422daaf45057274046e128e653a772432cae35cb76

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "410256A833632CB150A639422DAAF45057274046E128E653A772432CAE35CB76"
Last-Modified: Wed, 31 Jul 2024 16:10:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7111
Expires: Thu, 01 Aug 2024 19:30:43 GMT
Date: Thu, 01 Aug 2024 17:32:12 GMT
Connection: keep-alive

GET ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

199.59.243.226

200 OK

1.2 kB

URL

ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

IP / ASN

199.59.243.226

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (450)

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size1.2 kB (1182 bytes)

MD5d9da08e58aab28ebd9351c8878df9003

SHA19436167c97991f62fca57474c4a1690ef59077f3

SHA256c363378d10d8c0431436a535cd27f732d54cd95a90b810a67eb809b5a51f60f5

Certificate Info

IssuerLet's Encrypt

Subjectww25.lyxynyx.com

FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA

ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86 HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Aug 2024 17:32:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1182
X-Request-Id: 138d3872-79d0-46f6-ae08-98960ba5bd0e
Cache-Control: no-store, max-age=0
Accept-Ch: sec-ch-prefers-color-scheme
Critical-Ch: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MzBp7GH7ITPZ17zN9KfJRiegp+4CbHqMBunkB7aPyunyIGehPFXnLWWePPE9HLeRd1wqfSED8qvbcO0fyG65IQ==
Set-Cookie: parking_session=138d3872-79d0-46f6-ae08-98960ba5bd0e; expires=Thu, 01 Aug 2024 17:47:12 GMT; path=/
Connection: close

GET ww25.lyxynyx.com/buisgMeNC.js

199.59.243.226

200 OK

34 kB

URL

ww25.lyxynyx.com/buisgMeNC.js

IP / ASN

199.59.243.226

#16509 AMAZON-02

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (33926)

First Seen2024-06-14

Last Seen2024-08-29

Times Seen19107

Size34 kB (33929 bytes)

MD554285d7f26ed4bc84ba79113426dcecb

SHA117dc89efec5df34a280459ffc0e27cb8467045ab

SHA256b0754afe500a24201f740ed9c023d64483ca9183fa6361d759bb329462d25344

Certificate Info

IssuerLet's Encrypt

Subjectww25.lyxynyx.com

FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA

ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /buisgMeNC.js HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86
Cookie: parking_session=138d3872-79d0-46f6-ae08-98960ba5bd0e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Aug 2024 17:32:12 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 33929
X-Request-Id: f5870a00-d921-4c6a-837d-fc0e788a871e
Set-Cookie: parking_session=138d3872-79d0-46f6-ae08-98960ba5bd0e; expires=Thu, 01 Aug 2024 17:47:12 GMT
Connection: close

POST ww25.lyxynyx.com/_fd?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

199.59.243.226

200 OK

5.6 kB

URL

ww25.lyxynyx.com/_fd?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

IP / ASN

199.59.243.226

#16509 AMAZON-02

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

Resource Info

File typeASCII text, with very long lines (5649), with no line terminators

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size5.6 kB (5649 bytes)

MD5999c7bfa1537918db62edc6166d9ddc6

SHA1fe4d2e73d476e613eb56b9ce6b9ea4961b4baef8

SHA256e5f96da863431208451756655bf3c3af25142a0ab3e753d1f5d47e1e17ce5bb2

Certificate Info

IssuerLet's Encrypt

Subjectww25.lyxynyx.com

FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA

ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86 HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86
Content-Type: application/json
Origin: https://ww25.lyxynyx.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=138d3872-79d0-46f6-ae08-98960ba5bd0e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Date: Thu, 01 Aug 2024 17:32:11 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 5649
X-Request-Id: abefec51-45ca-4ec8-b575-c8963b3405bd
Set-Cookie: parking_session=138d3872-79d0-46f6-ae08-98960ba5bd0e; expires=Thu, 01 Aug 2024 17:47:12 GMT
Connection: close

o.pki.goog/wr2

142.250.74.131

471 B

URL

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-07-31

Last Seen2024-08-19

Times Seen2052

Size471 B (471 bytes)

MD512465d9ad6e5cfb37b94a1599ed9d9e6

SHA151152b45dade1dd0f88de4d356dd14b3e84caf08

SHA256ef1cb19d786123e0d05795a81f7baf34e54486cf30eff0d2b254cbc6b7471f81

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Aug 2024 17:32:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.131

471 B

URL

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-08-01

Last Seen2024-08-19

Times Seen1370

Size471 B (471 bytes)

MD544f474e2945b199186aba87c686257a3

SHA1867e87463b28f808df1512b911e18775fd4e751a

SHA2561488ca60f3e1001319b2793561d480ffae73e3389c618a91725fc1272cbbceff

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Aug 2024 17:32:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.131

472 B

URL

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-08-01

Last Seen2024-08-19

Times Seen852

Size472 B (472 bytes)

MD5190beaeab2feb286aef80836631a3be4

SHA1f3d54a7b79b6fcbd58efb8ac1616e06933cabb39

SHA2561b27a9a7622422b8220575d33e4ea1014240fda3cc1381c3617c167432ef9f85

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Aug 2024 17:32:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol317%2Cpid-bodis-gcontrol470%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=5501722533533041&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1722533533042&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=657227691&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86

216.58.207.206

200 OK

2.8 kB

URL

syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol317%2Cpid-bodis-gcontrol470%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=5501722533533041&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1722533533042&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=657227691&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86

IP / ASN

216.58.207.206

#15169 GOOGLE

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

Resource Info

File typeHTML document, ASCII text, with very long lines (13233)

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size2.8 kB (2776 bytes)

MD551833a9255366cf2697f4e709e1332fd

SHA15d9f2d8149910b77578dc2882b52ec8d0324b2f7

SHA256f70dab5619fe8b29ce337f52258f5ea6cd9eecee83a2d5278e02cb600f4259cd

Certificate Info

IssuerGoogle Trust Services

Subjectsyndicatedsearch.goog

FingerprintC0:13:68:7E:4C:B8:86:2A:AD:FE:9B:2F:EB:17:6F:94:F1:76:26:28

ValidityTue, 30 Jul 2024 12:54:31 GMT - Tue, 22 Oct 2024 12:54:30 GMT

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol317%2Cpid-bodis-gcontrol470%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=5501722533533041&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1722533533042&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=657227691&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Thu, 01 Aug 2024 17:32:13 GMT
expires: Thu, 01 Aug 2024 17:32:13 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-pnyr5wAYOkOwnJ0wTsdxvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2776
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-07-31

Last Seen2024-08-19

Times Seen624

Size472 B (472 bytes)

MD50cf21321f37b30565492d668a130f3a6

SHA1b17e50e165f401a646c7e4d2ba9e24b882bc99d5

SHA2569904de9a3e0e1dadae468afae638d5948a7ff5ce8e4600bbb8aa28930da775ff

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Aug 2024 17:32:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.131

471 B

URL

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-07-31

Last Seen2024-08-19

Times Seen842

Size471 B (471 bytes)

MD53c06b2e40fb13ff1fff9b28b331a0e18

SHA1662a3f5be9f1f4feb9d2c2f49f076315fb790f0f

SHA256209c82de0b9e67b0aaf257dde4fa76e0edbfbf8bd8ed746d16f188688e84f111

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Aug 2024 17:32:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.161

200 OK

278 B

URL

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

IP / ASN

142.250.74.161

#15169 GOOGLE

Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol317%2Cpid-bodis-gcontrol470%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=5501722533533041&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1722533533042&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=657227691&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240802-0317-11b5-a45d-c8d3d4ebea86

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-07

Last Seen2025-08-01

Times Seen65959

Size278 B (278 bytes)

MD5fe7dd8c3c629cc6e9cd6d3e4d3cbe905

SHA159ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18

SHA2565455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

Certificate Info

IssuerGoogle Trust Services

Subject*.googleusercontent.com

FingerprintA6:0A:39:C6:7C:75:70:95:1C:CC:6E:1F:5D:AF:3C:FD:47:BB:4D:A0

ValidityTue, 30 Jul 2024 12:49:08 GMT - Tue, 22 Oct 2024 12:49:07 GMT

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Aug 2024 00:02:47 GMT
expires: Thu, 01 Aug 2024 23:02:47 GMT
cache-control: public, max-age=82800
age: 62966
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.164

200 OK

56 kB

URL

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

IP / ASN

142.250.74.164

#15169 GOOGLE

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

Resource Info

File typeJavaScript source, ASCII text, with very long lines (2250)

First Seen2024-08-01

Last Seen2024-08-19

Times Seen11

Size56 kB (55841 bytes)

MD57d53a7ac4a70aafdddc43a85e2f6ea1d

SHA1f440f93ecd9fcf8d38073b182d61b9cd29dcfaa8

SHA256e8546872da7c05e696cfe9b4bc46bd6caf76f5bf900961045ddd3be03d91838d

Certificate Info

IssuerGoogle Trust Services

Subjectwww.google.com

Fingerprint78:90:10:00:62:E9:32:D2:E2:99:72:73:B5:44:27:CB:98:2E:AD:29

ValidityTue, 30 Jul 2024 12:50:13 GMT - Tue, 22 Oct 2024 12:50:12 GMT

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 01 Aug 2024 17:32:12 GMT
expires: Thu, 01 Aug 2024 17:32:12 GMT
cache-control: private, max-age=3600
etag: "18275354867309770271"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST ww25.lyxynyx.com/_tr

199.59.243.226

200 OK

2 B

URL

ww25.lyxynyx.com/_tr

IP / ASN

199.59.243.226

#16509 AMAZON-02

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-08

Last Seen2025-08-02

Times Seen192545

Size2 B (2 bytes)

MD5444bcb3a3fcf8389296c49467f27e1d6

SHA17a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

SHA2562689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Certificate Info

IssuerLet's Encrypt

Subjectww25.lyxynyx.com

FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA

ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86
Content-Type: application/json
Content-Length: 1941
Origin: https://ww25.lyxynyx.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=138d3872-79d0-46f6-ae08-98960ba5bd0e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Aug 2024 17:32:12 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
X-Request-Id: afbebd89-ad0c-47e2-8007-c2fa4d5c3894
Set-Cookie: parking_session=138d3872-79d0-46f6-ae08-98960ba5bd0e; expires=Thu, 01 Aug 2024 17:47:13 GMT
Connection: close

o.pki.goog/wr2

142.250.74.131

471 B

URL

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-07-31

Last Seen2024-08-19

Times Seen842

Size471 B (471 bytes)

MD53c06b2e40fb13ff1fff9b28b331a0e18

SHA1662a3f5be9f1f4feb9d2c2f49f076315fb790f0f

SHA256209c82de0b9e67b0aaf257dde4fa76e0edbfbf8bd8ed746d16f188688e84f111

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Aug 2024 17:32:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-01

Last Seen2024-08-19

Times Seen30862

Size504 B (504 bytes)

MD5086417994a199f2bbee25bd5c76ce9d7

SHA16de33407c60c52a9ed18403c3d0edebefec7c48a

SHA2560998db04ec6e07ad3a0ac6fb2410cd5d1c9ab6ea0b036c89c79f51f024e3a1f8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0998DB04EC6E07AD3A0AC6FB2410CD5D1C9AB6EA0B036C89C79F51F024E3A1F8"
Last-Modified: Thu, 01 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3352
Expires: Thu, 01 Aug 2024 18:28:06 GMT
Date: Thu, 01 Aug 2024 17:32:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-01

Last Seen2024-08-19

Times Seen30862

Size504 B (504 bytes)

MD5086417994a199f2bbee25bd5c76ce9d7

SHA16de33407c60c52a9ed18403c3d0edebefec7c48a

SHA2560998db04ec6e07ad3a0ac6fb2410cd5d1c9ab6ea0b036c89c79f51f024e3a1f8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0998DB04EC6E07AD3A0AC6FB2410CD5D1C9AB6EA0B036C89C79F51F024E3A1F8"
Last-Modified: Thu, 01 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3352
Expires: Thu, 01 Aug 2024 18:28:06 GMT
Date: Thu, 01 Aug 2024 17:32:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-01

Last Seen2024-08-19

Times Seen30862

Size504 B (504 bytes)

MD5086417994a199f2bbee25bd5c76ce9d7

SHA16de33407c60c52a9ed18403c3d0edebefec7c48a

SHA2560998db04ec6e07ad3a0ac6fb2410cd5d1c9ab6ea0b036c89c79f51f024e3a1f8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0998DB04EC6E07AD3A0AC6FB2410CD5D1C9AB6EA0B036C89C79F51F024E3A1F8"
Last-Modified: Thu, 01 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3352
Expires: Thu, 01 Aug 2024 18:28:06 GMT
Date: Thu, 01 Aug 2024 17:32:14 GMT
Connection: keep-alive

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=trkf23fw8vvb&aqid=ncarZorHCLOviM0PtoqZaA&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=657227691&csala=5%7C0%7C231%7C61%7C10&lle=0&ifv=1&hpt=0

216.58.207.206

204 No Content

0 B

URL

syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=trkf23fw8vvb&aqid=ncarZorHCLOviM0PtoqZaA&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=657227691&csala=5%7C0%7C231%7C61%7C10&lle=0&ifv=1&hpt=0

IP / ASN

216.58.207.206

#15169 GOOGLE

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606025

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectsyndicatedsearch.goog

FingerprintC0:13:68:7E:4C:B8:86:2A:AD:FE:9B:2F:EB:17:6F:94:F1:76:26:28

ValidityTue, 30 Jul 2024 12:54:31 GMT - Tue, 22 Oct 2024 12:54:30 GMT

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=trkf23fw8vvb&aqid=ncarZorHCLOviM0PtoqZaA&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=657227691&csala=5%7C0%7C231%7C61%7C10&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-1l8TKgKqmIVY2Dk9DrEZjg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Thu, 01 Aug 2024 17:32:14 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=pxpu9jqenli6&aqid=ncarZorHCLOviM0PtoqZaA&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=657227691&csala=5%7C0%7C231%7C61%7C10&lle=0&ifv=1&hpt=0

216.58.207.206

204 No Content

0 B

URL

syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=pxpu9jqenli6&aqid=ncarZorHCLOviM0PtoqZaA&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=657227691&csala=5%7C0%7C231%7C61%7C10&lle=0&ifv=1&hpt=0

IP / ASN

216.58.207.206

#15169 GOOGLE

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240802-0317-11b5-a45d-c8d3d4ebea86

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606025

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectsyndicatedsearch.goog

FingerprintC0:13:68:7E:4C:B8:86:2A:AD:FE:9B:2F:EB:17:6F:94:F1:76:26:28

ValidityTue, 30 Jul 2024 12:54:31 GMT - Tue, 22 Oct 2024 12:54:30 GMT

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=pxpu9jqenli6&aqid=ncarZorHCLOviM0PtoqZaA&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=657227691&csala=5%7C0%7C231%7C61%7C10&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-xXeYkVxAiF6CY3JQcwmXUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Thu, 01 Aug 2024 17:32:15 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.161

200 OK

200 B

URL

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

IP / ASN

142.250.74.161

#15169 GOOGLE

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-30

Last Seen2025-04-06

Times Seen9176

Size200 B (200 bytes)

MD5e81eb30a6c5589e7f39436e40b400822

SHA1ca2513ede010b3db00099335b809ca693c2cd65c

SHA256055ae1fef3be182534069c718e2dc0ab07d7464bcc3ded19553da07d37333657

Certificate Info

IssuerGoogle Trust Services

Subject*.googleusercontent.com

FingerprintA6:0A:39:C6:7C:75:70:95:1C:CC:6E:1F:5D:AF:3C:FD:47:BB:4D:A0

ValidityTue, 30 Jul 2024 12:49:08 GMT - Tue, 22 Oct 2024 12:49:07 GMT

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Jul 2024 21:02:22 GMT
expires: Thu, 01 Aug 2024 20:02:22 GMT
cache-control: public, max-age=82800
age: 73791
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET syndicatedsearch.goog/adsense/domains/caf.js

216.58.207.206

200 OK

155 kB

URL

syndicatedsearch.goog/adsense/domains/caf.js

IP / ASN

216.58.207.206

#15169 GOOGLE

Resource Info

File typeJavaScript source, ASCII text, with very long lines (2250)

First Seen2024-08-01

Last Seen2024-08-19

Times Seen1915

Size155 kB (154810 bytes)

MD53e2474be0dadb8295553f29076cd335f

SHA1fc2fb17420d679a6ed089209a1163efb4a8d19ab

SHA256465ff8dfe4cbf2e9f0a6447d64bbadf59bb5a3ab29212dea4f8b015c5fe33513

Certificate Info

IssuerGoogle Trust Services

Subjectsyndicatedsearch.goog

FingerprintC0:13:68:7E:4C:B8:86:2A:AD:FE:9B:2F:EB:17:6F:94:F1:76:26:28

ValidityTue, 30 Jul 2024 12:54:31 GMT - Tue, 22 Oct 2024 12:54:30 GMT

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 01 Aug 2024 17:32:13 GMT
expires: Thu, 01 Aug 2024 17:32:13 GMT
cache-control: private, max-age=3600
etag: "14799857262609901756"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2