| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash8d2e6150f7d0845dc26f5bd5cd6f28dd 6aad5091620585a5f76065c1888456ee70b88257 ed538ea400323f4c987f91c0b0afc79a8526b62f7aa317dd62bd107cb37850a2
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "ED538EA400323F4C987F91C0B0AFC79A8526B62F7AA317DD62BD107CB37850A2"
Last-Modified: Tue, 03 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4978
Expires: Thu, 05 Sep 2024 05:48:10 GMT
Date: Thu, 05 Sep 2024 04:25:12 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash66fbf7f95cb55f388373a20d4b1a736e afc34259758a563362367848629ff7639982e1fb 41c00088afc20571f6a0c6998324d9517346256ac33696dc706192ec606fe7a7
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "41C00088AFC20571F6A0C6998324D9517346256AC33696DC706192EC606FE7A7"
Last-Modified: Mon, 02 Sep 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3617
Expires: Thu, 05 Sep 2024 05:25:29 GMT
Date: Thu, 05 Sep 2024 04:25:12 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash1f0091b166a0138433eabf08a4530e4a 769d1eeaefb4987198c821ea98e06ea8ba0de215 2eff28e3e6829bf2cfcbc417fd76313d5b5e8ba8a3f0f0de6a5b5cdc2888e7e5
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2EFF28E3E6829BF2CFCBC417FD76313D5B5E8BA8A3F0F0DE6A5B5CDC2888E7E5"
Last-Modified: Mon, 02 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11716
Expires: Thu, 05 Sep 2024 07:40:28 GMT
Date: Thu, 05 Sep 2024 04:25:12 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashcabaaa7c3e6a621cc5836be05eee4924 c4bc6288aed0597ff7ae2dbc5aea340b6c9636b8 2b2a41201a3881bd029ab7161be291b23128d5952e5959092607b98c951fa18c
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2B2A41201A3881BD029AB7161BE291B23128D5952E5959092607B98C951FA18C"
Last-Modified: Mon, 02 Sep 2024 14:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13550
Expires: Thu, 05 Sep 2024 08:11:02 GMT
Date: Thu, 05 Sep 2024 04:25:12 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashd162637a890a120ea9fe0bf684ef3ac6 b3a7125b1ee77b5530fa4bf0cb5b02d48112e4bf 52f4405623a5c3ee5f112869fa781af221a380c7a29a02b20db65d251b385ffe
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "52F4405623A5C3EE5F112869FA781AF221A380C7A29A02B20DB65D251B385FFE"
Last-Modified: Wed, 04 Sep 2024 22:49:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10509
Expires: Thu, 05 Sep 2024 07:20:22 GMT
Date: Thu, 05 Sep 2024 04:25:13 GMT
Connection: keep-alive
|
|
| ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc | 199.59.243.226 | | 1.2 kB |
URL ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc IP199.59.243.226:0
File typeHTML document, ASCII text, with very long lines (450) Hash29c02bcb892a7a9eb93414240caeb66e 023a37e41fdb22fcfaa57b23a54b27c708b9cbf8 072f0ea25e8b919dee33ee3b49ab409ce7cf64c6363788d0abede65720059b0f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 05 Sep 2024 04:25:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1182
X-Request-Id: 31d7511b-908a-4b5e-8eb5-61ffe57a3e7d
Cache-Control: no-store, max-age=0
Accept-Ch: sec-ch-prefers-color-scheme
Critical-Ch: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ZirXC6kfFI+E62vGSU9OcVVL9hRv+sqgmPkM/cUNYVP0D2SkcM/5yeNsy4iKKioc63yBEMfK1X16uzvTO8Mt+Q==
Set-Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d; expires=Thu, 05 Sep 2024 04:40:13 GMT; path=/
Connection: close
|
|
| ww25.lyxynyx.com/bMsvPQGAI.js | 199.59.243.226 | 200 OK | 34 kB |
URL GET HTTP/1.1ww25.lyxynyx.com/bMsvPQGAI.js IP199.59.243.226:443
Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc CertificateIssuerLet's Encrypt Subjectww25.lyxynyx.com FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (34190) Hashe2ec36d427fa4a992d76c0ee5e8dfd4d 47ec4ace4851c6c3a4fe23ad2c842885f6d973f2 36488e81afcbc4d7018b8764c18032b10be21aa45521c9671fde0cc77f70b2d8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bMsvPQGAI.js HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc
Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 05 Sep 2024 04:25:13 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 34193
X-Request-Id: f838b5d0-e31a-4d64-ad25-410a07d25f0f
Set-Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d; expires=Thu, 05 Sep 2024 04:40:13 GMT
Connection: close
|
|
| ww25.lyxynyx.com/_fd?subid1=20240905-1424-4615-91e7-3ddaa11e08cc | 199.59.243.226 | 200 OK | 5.7 kB |
URL POST HTTP/1.1ww25.lyxynyx.com/_fd?subid1=20240905-1424-4615-91e7-3ddaa11e08cc IP199.59.243.226:443
Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc CertificateIssuerLet's Encrypt Subjectww25.lyxynyx.com FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT
File typeASCII text, with very long lines (5653), with no line terminators Hashd168877d13aa37eccd1216b73d03bdaf d460f7d20929f1f55e97056fa0544f6d2e00da19 ae32b931128bc5ebef7fb9cd29267d1fdb9268f1b6e240270ef6b11232408dc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /_fd?subid1=20240905-1424-4615-91e7-3ddaa11e08cc HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc
Content-Type: application/json
Origin: https://ww25.lyxynyx.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Date: Thu, 05 Sep 2024 04:25:13 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 5653
X-Request-Id: 995c9282-db78-42a1-a03e-90e2252f5368
Set-Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d; expires=Thu, 05 Sep 2024 04:40:13 GMT
Connection: close
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hashd6875ab4d1f40fdd82800bb2916ffdaa 08e6c7376a94fff8a2f866e618ccf0e3c77ec95f 93239f8b1fa17d7455695a59fb32d1b65245bd4977a603f51bd99081d9875068
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.google.com/adsense/domains/caf.js?abp=1&bodis=true | 142.250.74.132 | | 56 kB |
URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP142.250.74.132:0
File typegzip compressed data, max compression Hashe694a89fdeff7ee1ea325d368f49919c 09c209be049d4d8fc7265fa136a9b4cbbe4e97ac 2735fdff2a71b5963ab35b58fc20043ba551b3f3147a8d9db58b6676b2feeefa
GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 05 Sep 2024 04:25:13 GMT
expires: Thu, 05 Sep 2024 04:25:13 GMT
cache-control: private, max-age=3600
etag: "17889763783089991210"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hash1ac1d5b146c70db6ae03ff6462c6f44d 259beab043004a9c549375a59c6e15e5d06b64b2 937adb716430d12600166e69ec70e202be5f7ab83319452de4e9a94af2aaedb9
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol417%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol215&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240905-1424-4615-91e7-3ddaa11e08cc&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=1791725510314143&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1725510314145&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=667606770&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240905-1424-4615-91e7-3ddaa11e08cc | 142.250.74.142 | | 2.8 kB |
URL syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol417%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol215&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240905-1424-4615-91e7-3ddaa11e08cc&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=1791725510314143&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1725510314145&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=667606770&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240905-1424-4615-91e7-3ddaa11e08cc IP142.250.74.142:0
File typeHTML document, ASCII text, with very long lines (13233) Hashfa0f658ea3eb601989867c6e67c4b994 62090d33532521251767bd9780a3b1401f615145 50908cc789e05f94fbe63d1bccad05708380f3eec70e18fcf1d5584197e0ede6
GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol417%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol215&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240905-1424-4615-91e7-3ddaa11e08cc&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=1791725510314143&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1725510314145&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=667606770&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240905-1424-4615-91e7-3ddaa11e08cc HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Thu, 05 Sep 2024 04:25:14 GMT
expires: Thu, 05 Sep 2024 04:25:14 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-3u3eRHAbRck1YjDm9ziFdw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2765
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hash1ac1d5b146c70db6ae03ff6462c6f44d 259beab043004a9c549375a59c6e15e5d06b64b2 937adb716430d12600166e69ec70e202be5f7ab83319452de4e9a94af2aaedb9
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hash07b513c36c651c31e209c138dc2e2df4 ad48d12abf234e45aabb676048f3f95f9439ff92 552ce487b838e981ca1e2cbccaf0da79dc8525776fb1cea4a64d29c47af6696a
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff | 142.250.74.97 | 200 OK | 278 B |
URL GET HTTP/2afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff IP142.250.74.97:443
Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol417%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol215&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240905-1424-4615-91e7-3ddaa11e08cc&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=1791725510314143&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1725510314145&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=667606770&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240905-1424-4615-91e7-3ddaa11e08cc CertificateIssuerGoogle Trust Services Subject*.googleusercontent.com Fingerprint6C:DD:E8:38:9C:56:23:58:B5:BF:84:3B:D0:2B:24:C7:10:3E:89:C3 ValidityMon, 05 Aug 2024 07:15:31 GMT - Mon, 28 Oct 2024 07:15:30 GMT
File typeSVG Scalable Vector Graphics image Hashfe7dd8c3c629cc6e9cd6d3e4d3cbe905 59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18 5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e
GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Sep 2024 07:30:22 GMT
expires: Thu, 05 Sep 2024 06:30:22 GMT
cache-control: public, max-age=82800
age: 75292
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hash07b513c36c651c31e209c138dc2e2df4 ad48d12abf234e45aabb676048f3f95f9439ff92 552ce487b838e981ca1e2cbccaf0da79dc8525776fb1cea4a64d29c47af6696a
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ww25.lyxynyx.com/_tr | 199.59.243.226 | 200 OK | 2 B |
IP199.59.243.226:443
Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc CertificateIssuerLet's Encrypt Subjectww25.lyxynyx.com FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /_tr HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc
Content-Type: application/json
Content-Length: 1945
Origin: https://ww25.lyxynyx.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 05 Sep 2024 04:25:13 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
X-Request-Id: 9606438b-e906-4283-bdf0-d2821778751e
Set-Cookie: parking_session=31d7511b-908a-4b5e-8eb5-61ffe57a3e7d; expires=Thu, 05 Sep 2024 04:40:14 GMT
Connection: close
|
|
| afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b | 142.250.74.97 | 200 OK | 174 B |
URL GET HTTP/2afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b IP142.250.74.97:443
Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol417%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol215&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20240905-1424-4615-91e7-3ddaa11e08cc&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3&nocache=1791725510314143&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1725510314145&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=667606770&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20240905-1424-4615-91e7-3ddaa11e08cc CertificateIssuerGoogle Trust Services Subject*.googleusercontent.com Fingerprint6C:DD:E8:38:9C:56:23:58:B5:BF:84:3B:D0:2B:24:C7:10:3E:89:C3 ValidityMon, 05 Aug 2024 07:15:31 GMT - Mon, 28 Oct 2024 07:15:30 GMT
File typeSVG Scalable Vector Graphics image Hashd47125b2ba92be53dcff07ba322ce1de e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28 5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Sep 2024 12:03:33 GMT
expires: Thu, 05 Sep 2024 11:03:33 GMT
cache-control: public, max-age=82800
age: 58901
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hash07b513c36c651c31e209c138dc2e2df4 ad48d12abf234e45aabb676048f3f95f9439ff92 552ce487b838e981ca1e2cbccaf0da79dc8525776fb1cea4a64d29c47af6696a
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Sep 2024 04:25:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashc96a4972e341191f93e963880196f8e1 8318aa6dcbdababe8728023ec9ef3aaac10917a9 dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A"
Last-Modified: Mon, 02 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7518
Expires: Thu, 05 Sep 2024 06:30:33 GMT
Date: Thu, 05 Sep 2024 04:25:15 GMT
Connection: keep-alive
|
|
| syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=sd64trfmx5kx&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0 | 142.250.74.142 | 204 No Content | 0 B |
URL GET HTTP/3syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=sd64trfmx5kx&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0 IP142.250.74.142:443
Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc CertificateIssuerGoogle Trust Services Subjectsyndicatedsearch.goog FingerprintDE:8D:5C:FE:24:EB:DA:BC:82:53:9F:0F:0E:84:76:6B:17:A1:29:52 ValidityMon, 05 Aug 2024 07:28:52 GMT - Mon, 28 Oct 2024 07:28:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=sd64trfmx5kx&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-KGm7z_s62XKL3ZAwALRgVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Thu, 05 Sep 2024 04:25:16 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=7h7wsixbwaw3&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0 | 142.250.74.142 | 204 No Content | 0 B |
URL GET HTTP/3syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=7h7wsixbwaw3&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0 IP142.250.74.142:443
Requested byhttps://ww25.lyxynyx.com/login.php?subid1=20240905-1424-4615-91e7-3ddaa11e08cc CertificateIssuerGoogle Trust Services Subjectsyndicatedsearch.goog FingerprintDE:8D:5C:FE:24:EB:DA:BC:82:53:9F:0F:0E:84:76:6B:17:A1:29:52 ValidityMon, 05 Aug 2024 07:28:52 GMT - Mon, 28 Oct 2024 07:28:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=7h7wsixbwaw3&aqid=qjLZZq2yD4zQxdwP-fWH-AE&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=667606770&csala=6%7C0%7C297%7C86%7C23&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-rphD4J9uF7tbMpREInllKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Thu, 05 Sep 2024 04:25:16 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|