Report - ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc

Report Overview

Visitedpublic

2024-09-05 04:25:38

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ww25.lyxynyx.com	unknown	2023-12-14	2023-12-15 10:16:18	2023-12-15 10:16:50	2.3 kB	43 kB	199.59.243.226
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-09-04 18:12:03	2.0 kB	4.2 kB	142.250.74.131
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2024-09-03 18:22:12	429 B	57 kB	142.250.74.132
syndicatedsearch.goog	unknown	2023-04-14	2023-09-25 11:30:59	2024-09-04 22:28:53	2.8 kB	4.9 kB	142.250.74.142
afs.googleusercontent.com	12123	2008-11-17	2013-05-06 21:11:00	2024-09-04 21:48:41	991 B	2.1 kB	142.250.74.97
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-04 18:12:06	1.3 kB	3.6 kB	23.36.77.32
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-04 18:12:09	654 B	1.8 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-04	medium	lyxynyx.com	Sinkholed
2024-09-04	medium	lyxynyx.com	Sinkholed
2024-09-04	medium	lyxynyx.com	Sinkholed
2024-09-04	medium	lyxynyx.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc	ScriptElement	435 B	2024-09-19	2024-09-19
URL ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc IP / ASN 199.59.243.226 #16509 AMAZON-02 Introduced by ScriptElement Embedded true Resource Info First Seen 2024-09-19 Last Seen 2024-09-19 Times Seen 1 Size 435 B (435 bytes) MD5 23666ff62ca28ad5b02cf31a94fe9ea6 SHA1 bf7bc4730203fb6fedd4cdbb1a55b746651cafce SHA256 9bea42c15fe3604129001e5f04a8b408fe1099f9f3eb8746b3b112787756cab5 Format Code Loading...

	ww25.lyxynyx.com/bMsvPQGAI.js	ScriptElement	34 kB	2024-08-28	2024-10-11
URL ww25.lyxynyx.com/bMsvPQGAI.js IP / ASN 199.59.243.226 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-28 Last Seen 2024-10-11 Times Seen 8910 Size 34 kB (34193 bytes) MD5 e2ec36d427fa4a992d76c0ee5e8dfd4d SHA1 47ec4ace4851c6c3a4fe23ad2c842885f6d973f2 SHA256 36488e81afcbc4d7018b8764c18032b10be21aa45521c9671fde0cc77f70b2d8 Format Code Loading...

	www.google.com/adsense/domains/caf.js?abp=1&bodis=true	ScriptElement	154 kB	2024-08-28	2024-09-20
URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP / ASN 142.250.74.132 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-28 Last Seen 2024-09-20 Times Seen 501 Size 154 kB (153704 bytes) MD5 b6ec886f8f407ff5b76a75b87256b138 SHA1 1b04979c1d931edba51394aeb438031e28f4b236 SHA256 6580f0bec7a8001f3d721721111f36820df7e5749a18aad9b3ca428b26358e20 Format Code Loading...

	syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol417%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol215&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240905-1424-4615-91e7-3ddaa11e08cc&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=1791725510314143&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1725510314145&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=667606770&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240905-1424-4615-91e7-3ddaa11e08cc	ScriptElement	633 B	2024-09-19	2024-09-19
URL syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol417%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol215&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240905-1424-4615-91e7-3ddaa11e08cc&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=1791725510314143&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1725510314145&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=667606770&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240905-1424-4615-91e7-3ddaa11e08cc IP / ASN 142.250.74.142 #15169 GOOGLE Introduced by ScriptElement Embedded true Resource Info First Seen 2024-09-19 Last Seen 2024-09-19 Times Seen 1 Size 633 B (633 bytes) MD5 11cad013ec1f3bb456b7b50b21be453e SHA1 c98b87f8d0708ccec7ab3b8c4b387309c9394711 SHA256 b9439ee96f92d14fd3a9b473d4b8b72909d4321a0708e855178b0fb40e3dec8d Format Code Loading...

	syndicatedsearch.goog/adsense/domains/caf.js	ScriptElement	154 kB	2024-08-28	2024-09-20
URL syndicatedsearch.goog/adsense/domains/caf.js IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-28 Last Seen 2024-09-20 Times Seen 964 Size 154 kB (153711 bytes) MD5 bbccc6d098dec97d9157842b8fef7dd2 SHA1 499675aa9bfa0d2d4468adfd617343c415c99426 SHA256 67cbf4b68df6e1e0b914a115762223c9c3056ec23e1d059e60707350b058834a Format Code Loading...

HTTP Transactions (22)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-03

Last Seen2024-09-19

Times Seen28107

Size504 B (504 bytes)

MD58d2e6150f7d0845dc26f5bd5cd6f28dd

SHA16aad5091620585a5f76065c1888456ee70b88257

SHA256ed538ea400323f4c987f91c0b0afc79a8526b62f7aa317dd62bd107cb37850a2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "ED538EA400323F4C987F91C0B0AFC79A8526B62F7AA317DD62BD107CB37850A2"
Last-Modified: Tue, 03 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4978
Expires: Thu, 05 Sep 2024 05:48:10 GMT
Date: Thu, 05 Sep 2024 04:25:12 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen35846

Size504 B (504 bytes)

MD566fbf7f95cb55f388373a20d4b1a736e

SHA1afc34259758a563362367848629ff7639982e1fb

SHA25641c00088afc20571f6a0c6998324d9517346256ac33696dc706192ec606fe7a7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "41C00088AFC20571F6A0C6998324D9517346256AC33696DC706192EC606FE7A7"
Last-Modified: Mon, 02 Sep 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3617
Expires: Thu, 05 Sep 2024 05:25:29 GMT
Date: Thu, 05 Sep 2024 04:25:12 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-03

Last Seen2024-09-19

Times Seen17078

Size504 B (504 bytes)

MD51f0091b166a0138433eabf08a4530e4a

SHA1769d1eeaefb4987198c821ea98e06ea8ba0de215

SHA2562eff28e3e6829bf2cfcbc417fd76313d5b5e8ba8a3f0f0de6a5b5cdc2888e7e5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2EFF28E3E6829BF2CFCBC417FD76313D5B5E8BA8A3F0F0DE6A5B5CDC2888E7E5"
Last-Modified: Mon, 02 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11716
Expires: Thu, 05 Sep 2024 07:40:28 GMT
Date: Thu, 05 Sep 2024 04:25:12 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen22244

Size504 B (504 bytes)

MD5cabaaa7c3e6a621cc5836be05eee4924

SHA1c4bc6288aed0597ff7ae2dbc5aea340b6c9636b8

SHA2562b2a41201a3881bd029ab7161be291b23128d5952e5959092607b98c951fa18c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2B2A41201A3881BD029AB7161BE291B23128D5952E5959092607B98C951FA18C"
Last-Modified: Mon, 02 Sep 2024 14:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13550
Expires: Thu, 05 Sep 2024 08:11:02 GMT
Date: Thu, 05 Sep 2024 04:25:12 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-05

Last Seen2024-09-19

Times Seen80

Size504 B (504 bytes)

MD5d162637a890a120ea9fe0bf684ef3ac6

SHA1b3a7125b1ee77b5530fa4bf0cb5b02d48112e4bf

SHA25652f4405623a5c3ee5f112869fa781af221a380c7a29a02b20db65d251b385ffe

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "52F4405623A5C3EE5F112869FA781AF221A380C7A29A02B20DB65D251B385FFE"
Last-Modified: Wed, 04 Sep 2024 22:49:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10509
Expires: Thu, 05 Sep 2024 07:20:22 GMT
Date: Thu, 05 Sep 2024 04:25:13 GMT
Connection: keep-alive

ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc

199.59.243.226

1.2 kB

URL HTTPS

ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc

IP / ASN

199.59.243.226

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (450)

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size1.2 kB (1182 bytes)

MD529c02bcb892a7a9eb93414240caeb66e

SHA1023a37e41fdb22fcfaa57b23a54b27c708b9cbf8

SHA256072f0ea25e8b919dee33ee3b49ab409ce7cf64c6363788d0abede65720059b0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 05 Sep 2024 04:25:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1182
X-Request-Id: 31d7511b-908a-4b5e-8eb5-61ffe57a3e7d
Cache-Control: no-store, max-age=0
Accept-Ch: sec-ch-prefers-color-scheme
Critical-Ch: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ZirXC6kfFI+E62vGSU9OcVVL9hRv+sqgmPkM/cUNYVP0D2SkcM/5yeNsy4iKKioc63yBEMfK1X16uzvTO8Mt+Q==
Set-Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d; expires=Thu, 05 Sep 2024 04:40:13 GMT; path=/
Connection: close

GET ww25.lyxynyx.com/bMsvPQGAI.js

199.59.243.226

200 OK

34 kB

URL GET HTTPS

ww25.lyxynyx.com/bMsvPQGAI.js

IP / ASN

199.59.243.226

#16509 AMAZON-02

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (34190)

First Seen2024-08-28

Last Seen2024-10-11

Times Seen8910

Size34 kB (34193 bytes)

MD5e2ec36d427fa4a992d76c0ee5e8dfd4d

SHA147ec4ace4851c6c3a4fe23ad2c842885f6d973f2

SHA25636488e81afcbc4d7018b8764c18032b10be21aa45521c9671fde0cc77f70b2d8

Certificate Info

IssuerLet's Encrypt

Subjectww25.lyxynyx.com

FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA

ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bMsvPQGAI.js HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc
Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 05 Sep 2024 04:25:13 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 34193
X-Request-Id: f838b5d0-e31a-4d64-ad25-410a07d25f0f
Set-Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d; expires=Thu, 05 Sep 2024 04:40:13 GMT
Connection: close

POST ww25.lyxynyx.com/_fd?subid1=20240905-1424-4615-91e7-3ddaa11e08cc

199.59.243.226

200 OK

5.7 kB

URL POST HTTPS

ww25.lyxynyx.com/_fd?subid1=20240905-1424-4615-91e7-3ddaa11e08cc

IP / ASN

199.59.243.226

#16509 AMAZON-02

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc

Resource Info

File typeASCII text, with very long lines (5653), with no line terminators

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size5.7 kB (5653 bytes)

MD5d168877d13aa37eccd1216b73d03bdaf

SHA1d460f7d20929f1f55e97056fa0544f6d2e00da19

SHA256ae32b931128bc5ebef7fb9cd29267d1fdb9268f1b6e240270ef6b11232408dc1

Certificate Info

IssuerLet's Encrypt

Subjectww25.lyxynyx.com

FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA

ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?subid1=20240905-1424-4615-91e7-3ddaa11e08cc HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc
Content-Type: application/json
Origin: https://ww25.lyxynyx.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Date: Thu, 05 Sep 2024 04:25:13 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 5653
X-Request-Id: 995c9282-db78-42a1-a03e-90e2252f5368
Set-Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d; expires=Thu, 05 Sep 2024 04:40:13 GMT
Connection: close

o.pki.goog/wr2

142.250.74.131

471 B

URL HTTP

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-09-04

Last Seen2024-09-19

Times Seen1161

Size471 B (471 bytes)

MD5d6875ab4d1f40fdd82800bb2916ffdaa

SHA108e6c7376a94fff8a2f866e618ccf0e3c77ec95f

SHA25693239f8b1fa17d7455695a59fb32d1b65245bd4977a603f51bd99081d9875068

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.132

56 kB

URL HTTP

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

IP / ASN

142.250.74.132

#15169 GOOGLE

Requested byN/A

Resource Info

File typegzip compressed data, max compression

First Seen2024-09-05

Last Seen2024-09-19

Times Seen22

Size56 kB (55769 bytes)

MD5e694a89fdeff7ee1ea325d368f49919c

SHA109c209be049d4d8fc7265fa136a9b4cbbe4e97ac

SHA2562735fdff2a71b5963ab35b58fc20043ba551b3f3147a8d9db58b6676b2feeefa

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 05 Sep 2024 04:25:13 GMT
expires: Thu, 05 Sep 2024 04:25:13 GMT
cache-control: private, max-age=3600
etag: "17889763783089991210"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL HTTP

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-09-04

Last Seen2024-09-19

Times Seen491

Size472 B (472 bytes)

MD51ac1d5b146c70db6ae03ff6462c6f44d

SHA1259beab043004a9c549375a59c6e15e5d06b64b2

SHA256937adb716430d12600166e69ec70e202be5f7ab83319452de4e9a94af2aaedb9

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol417%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol215&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240905-1424-4615-91e7-3ddaa11e08cc&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=1791725510314143&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1725510314145&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=667606770&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240905-1424-4615-91e7-3ddaa11e08cc

142.250.74.142

2.8 kB

URL HTTPS

IP / ASN

142.250.74.142

#15169 GOOGLE

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (13233)

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size2.8 kB (2765 bytes)

MD5fa0f658ea3eb601989867c6e67c4b994

SHA162090d33532521251767bd9780a3b1401f615145

SHA25650908cc789e05f94fbe63d1bccad05708380f3eec70e18fcf1d5584197e0ede6

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol417%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol215&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240905-1424-4615-91e7-3ddaa11e08cc&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=1791725510314143&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1725510314145&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=667606770&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240905-1424-4615-91e7-3ddaa11e08cc HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Thu, 05 Sep 2024 04:25:14 GMT
expires: Thu, 05 Sep 2024 04:25:14 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-3u3eRHAbRck1YjDm9ziFdw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2765
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL HTTP

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-09-04

Last Seen2024-09-19

Times Seen491

Size472 B (472 bytes)

MD51ac1d5b146c70db6ae03ff6462c6f44d

SHA1259beab043004a9c549375a59c6e15e5d06b64b2

SHA256937adb716430d12600166e69ec70e202be5f7ab83319452de4e9a94af2aaedb9

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.131

472 B

URL HTTP

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-09-04

Last Seen2024-09-19

Times Seen738

Size472 B (472 bytes)

MD507b513c36c651c31e209c138dc2e2df4

SHA1ad48d12abf234e45aabb676048f3f95f9439ff92

SHA256552ce487b838e981ca1e2cbccaf0da79dc8525776fb1cea4a64d29c47af6696a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTPS

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

IP / ASN

142.250.74.97

#15169 GOOGLE

Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol417%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol215&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240905-1424-4615-91e7-3ddaa11e08cc&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=1791725510314143&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1725510314145&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=667606770&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240905-1424-4615-91e7-3ddaa11e08cc

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-07

Last Seen2025-08-04

Times Seen65968

Size278 B (278 bytes)

MD5fe7dd8c3c629cc6e9cd6d3e4d3cbe905

SHA159ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18

SHA2565455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

Certificate Info

IssuerGoogle Trust Services

Subject*.googleusercontent.com

Fingerprint6C:DD:E8:38:9C:56:23:58:B5:BF:84:3B:D0:2B:24:C7:10:3E:89:C3

ValidityMon, 05 Aug 2024 07:15:31 GMT - Mon, 28 Oct 2024 07:15:30 GMT

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Sep 2024 07:30:22 GMT
expires: Thu, 05 Sep 2024 06:30:22 GMT
cache-control: public, max-age=82800
age: 75292
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL HTTP

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-09-04

Last Seen2024-09-19

Times Seen738

Size472 B (472 bytes)

MD507b513c36c651c31e209c138dc2e2df4

SHA1ad48d12abf234e45aabb676048f3f95f9439ff92

SHA256552ce487b838e981ca1e2cbccaf0da79dc8525776fb1cea4a64d29c47af6696a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

POST ww25.lyxynyx.com/_tr

199.59.243.226

200 OK

2 B

URL POST HTTPS

ww25.lyxynyx.com/_tr

IP / ASN

199.59.243.226

#16509 AMAZON-02

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-08

Last Seen2025-08-06

Times Seen195928

Size2 B (2 bytes)

MD5444bcb3a3fcf8389296c49467f27e1d6

SHA17a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

SHA2562689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Certificate Info

IssuerLet's Encrypt

Subjectww25.lyxynyx.com

FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA

ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc
Content-Type: application/json
Content-Length: 1945
Origin: https://ww25.lyxynyx.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 05 Sep 2024 04:25:13 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
X-Request-Id: 9606438b-e906-4283-bdf0-d2821778751e
Set-Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d; expires=Thu, 05 Sep 2024 04:40:14 GMT
Connection: close

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

174 B

URL GET HTTPS

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

IP / ASN

142.250.74.97

#15169 GOOGLE

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-07

Last Seen2025-08-05

Times Seen78362

Size174 B (174 bytes)

MD5d47125b2ba92be53dcff07ba322ce1de

SHA1e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28

SHA2565a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

Certificate Info

IssuerGoogle Trust Services

Subject*.googleusercontent.com

Fingerprint6C:DD:E8:38:9C:56:23:58:B5:BF:84:3B:D0:2B:24:C7:10:3E:89:C3

ValidityMon, 05 Aug 2024 07:15:31 GMT - Mon, 28 Oct 2024 07:15:30 GMT

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Sep 2024 12:03:33 GMT
expires: Thu, 05 Sep 2024 11:03:33 GMT
cache-control: public, max-age=82800
age: 58901
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL HTTP

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-09-04

Last Seen2024-09-19

Times Seen738

Size472 B (472 bytes)

MD507b513c36c651c31e209c138dc2e2df4

SHA1ad48d12abf234e45aabb676048f3f95f9439ff92

SHA256552ce487b838e981ca1e2cbccaf0da79dc8525776fb1cea4a64d29c47af6696a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r11.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen21388

Size504 B (504 bytes)

MD5c96a4972e341191f93e963880196f8e1

SHA18318aa6dcbdababe8728023ec9ef3aaac10917a9

SHA256dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A"
Last-Modified: Mon, 02 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7518
Expires: Thu, 05 Sep 2024 06:30:33 GMT
Date: Thu, 05 Sep 2024 04:25:15 GMT
Connection: keep-alive

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=sd64trfmx5kx&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0

142.250.74.142

204 No Content

0 B

URL GET HTTPS

syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=sd64trfmx5kx&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0

IP / ASN

142.250.74.142

#15169 GOOGLE

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5689501

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectsyndicatedsearch.goog

FingerprintDE:8D:5C:FE:24:EB:DA:BC:82:53:9F:0F:0E:84:76:6B:17:A1:29:52

ValidityMon, 05 Aug 2024 07:28:52 GMT - Mon, 28 Oct 2024 07:28:51 GMT

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=sd64trfmx5kx&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-KGm7z_s62XKL3ZAwALRgVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Thu, 05 Sep 2024 04:25:16 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=7h7wsixbwaw3&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0

142.250.74.142

204 No Content

0 B

URL GET HTTPS

syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=7h7wsixbwaw3&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0

IP / ASN

142.250.74.142

#15169 GOOGLE

Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5689501

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectsyndicatedsearch.goog

FingerprintDE:8D:5C:FE:24:EB:DA:BC:82:53:9F:0F:0E:84:76:6B:17:A1:29:52

ValidityMon, 05 Aug 2024 07:28:52 GMT - Mon, 28 Oct 2024 07:28:51 GMT

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=7h7wsixbwaw3&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-rphD4J9uF7tbMpREInllKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Thu, 05 Sep 2024 04:25:16 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000