Report - ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee

Report Overview

Visited public
2024-10-09 02:54:55
Tags
Submit Tags
URL
ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Finishing URL
ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
IP / ASN
199.59.243.227
#16509 AMAZON-02
Title
lyxynyx.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2024-09-30 04:32:43	429 B	56 kB	142.250.74.164
syndicatedsearch.goog	unknown	2023-04-14	2023-09-25 11:30:59	2024-10-08 11:03:17	3.2 kB	159 kB	172.217.21.174
afs.googleusercontent.com	12123	2008-11-17	2013-05-06 21:11:00	2024-10-07 19:37:56	991 B	2.1 kB	142.250.74.129
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-07 19:37:44	1.3 kB	3.5 kB	23.36.76.226
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-10-07 19:37:45	1.3 kB	3.5 kB	23.36.76.226
ww25.lyxynyx.com	unknown	2023-12-14	2023-12-15 10:16:18	2024-10-07 19:44:39	2.3 kB	43 kB	199.59.243.227
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-10-07 19:37:47	2.0 kB	4.2 kB	216.58.207.195

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-08	medium	lyxynyx.com	Sinkholed
2024-10-08	medium	lyxynyx.com	Sinkholed
2024-10-08	medium	lyxynyx.com	Sinkholed
2024-10-08	medium	lyxynyx.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee	ScriptElement	435 B	2024-10-11	2024-10-11
Pretty URL ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee IP 199.59.243.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-11 08:43 Last Seen2024-10-11 08:43 Times Seen1 Hash 576a3af7a32312f6f95a286c0076adc2 1a304bc677bd7501d81fa8fe5ae81a502e2cefaa d22f295cf93f0fa9f9e61a6ab5b2ac635282583522489d182df916da6c8d8b90 Loading...

	ww25.lyxynyx.com/bgsmdaLEt.js	ScriptElement	34 kB	2024-10-08	2024-10-21
Pretty URL ww25.lyxynyx.com/bgsmdaLEt.js IP 199.59.243.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-08 17:35 Last Seen2024-10-21 15:31 Times Seen1787 Hash 285520bc859a840449187cc43864a1cb 3d85ac9801d3cc9a3577bc6f6ef3c754d2677dff ac8e37a73437f2c13789726ea053c21fcdfd485896aabd6498702064968e34da Loading...

	www.google.com/adsense/domains/caf.js?abp=1&bodis=true	ScriptElement	153 kB	2024-10-03	2024-10-11
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-03 22:22 Last Seen2024-10-11 09:19 Times Seen266 Hash 587c1061d1d329400d4bbc83796c4a9f 787a4b1ca23caf8c30ef1efe613ad7dff4d731ee 839e802c4c5881b68a56a5373c5d2358a6dcfc00fa3a4c6a359c70fdef910a45 Loading...

	syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol411%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241009-1349-3360-b735-7283be0e0fee&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=7261728442470243&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1728442470244&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=681010707&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241009-1349-3360-b735-7283be0e0fee	ScriptElement	645 B	2024-10-11	2024-10-11
Pretty URL syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol411%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241009-1349-3360-b735-7283be0e0fee&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=7261728442470243&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1728442470244&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=681010707&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241009-1349-3360-b735-7283be0e0fee IP 172.217.21.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-11 08:43 Last Seen2024-10-11 08:43 Times Seen1 Hash 6b4d28107a38ad33dc74f28224312c7b ecf78ce0ac6114a4d3d81ea06e29b831795b058d 95b9e9fc86526093dfdab0caf5947982ec4563088abe172d0e4ba59d124a14a7 Loading...

	syndicatedsearch.goog/adsense/domains/caf.js	ScriptElement	153 kB	2024-10-02	2024-10-11
Pretty URL syndicatedsearch.goog/adsense/domains/caf.js IP 172.217.21.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-02 16:05 Last Seen2024-10-11 09:19 Times Seen350 Hash 4c7edc182344882216d6d4d7dc46231f 4b981e96e6b665ede4426a89d121d4ae878a76da 6570292e68a16b7f4a51f9672e5f1028112066252c27273ede1f061bb104bb5e Loading...

HTTP Transactions (25)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
94a2d5e693f71770bd013db51ee0fbbe
2f5b5bd658d11088f0599e5f244740d0d8667bea
a4b45c1833f63c69b1847216d9dd0bbfc4f95f33501d88e7dc5555648f019595

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A4B45C1833F63C69B1847216D9DD0BBFC4F95F33501D88E7DC5555648F019595"
Last-Modified: Tue, 08 Oct 2024 12:10:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20294
Expires: Wed, 09 Oct 2024 08:32:42 GMT
Date: Wed, 09 Oct 2024 02:54:28 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b5fba3de48fd6c409033029700670f78
0e348372969c771ca1d5f0ae6a944eb21c7ede05
86d583a273489c4b3d93bc10e3fa9718746ba439c1d88533f0177dec4c7183ce

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "86D583A273489C4B3D93BC10E3FA9718746BA439C1D88533F0177DEC4C7183CE"
Last-Modified: Tue, 08 Oct 2024 22:04:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4696
Expires: Wed, 09 Oct 2024 04:12:44 GMT
Date: Wed, 09 Oct 2024 02:54:28 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
33985775df7b619cb33f4050d88c5fb9
cf0b2ff92cd2f7e12ce788a164a73d75dea5da83
b6db380f5eeb73aa56abf90afa43b52cc9f51b01f33ad1eefeccc473a41ffb86

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B6DB380F5EEB73AA56ABF90AFA43B52CC9F51B01F33AD1EEFECCC473A41FFB86"
Last-Modified: Tue, 08 Oct 2024 11:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4640
Expires: Wed, 09 Oct 2024 04:11:49 GMT
Date: Wed, 09 Oct 2024 02:54:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ee8a3075e7c2e453a0e7ecb6d0ffb710
8207b3beb4c30142e41563a15cc410ecab5f61a8
af0c2421d7af6507eb62dfa55b8dd2c1f969ca02692e89d3bf841cb42430ebe1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "AF0C2421D7AF6507EB62DFA55B8DD2C1F969CA02692E89D3BF841CB42430EBE1"
Last-Modified: Tue, 08 Oct 2024 12:40:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3123
Expires: Wed, 09 Oct 2024 03:46:32 GMT
Date: Wed, 09 Oct 2024 02:54:29 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
04e7b52fe69581d72b615be7a96ad674
db6393ee51323791b569d0cbc6b52a93deb320ec
267ea43e57c90f3134bdda6457fe31e2ebd7de99974a596c6d2313a03f4ef62b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "267EA43E57C90F3134BDDA6457FE31E2EBD7DE99974A596C6D2313A03F4EF62B"
Last-Modified: Wed, 09 Oct 2024 00:41:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18542
Expires: Wed, 09 Oct 2024 08:03:31 GMT
Date: Wed, 09 Oct 2024 02:54:29 GMT
Connection: keep-alive

GET ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee

199.59.243.227

200 OK

1.2 kB

URL User Request GET HTTP/1.1
ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
IP
199.59.243.227:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectww25.lyxynyx.com
FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA
ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

File type
HTML document, ASCII text, with very long lines (450)
Size
1.2 kB (1182 bytes)
Hash
8c4a5f55e78ba334ae280a53166d05e4
743340d3c4901eb022354a07ad4c3340aa617680
b762ff23407a39f0020c22b60ba274082114202ad1f8131d3ba5dd71a5dd2fce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php?subid1=20241009-1349-3360-b735-7283be0e0fee HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 09 Oct 2024 02:54:29 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1182
X-Request-Id: f1808c73-7e86-467b-b7ef-d46a218a6c1f
Cache-Control: no-store, max-age=0
Accept-Ch: sec-ch-prefers-color-scheme
Critical-Ch: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_dNRVTt/+H2ZuCZSSat3cFLTxrEqGrB5UehKrQsx5sTxxOMQ3oNimLup/TklHndDhvNOFuMDNVNLj7+VANbh26w==
Set-Cookie: parking_session=f1808c73-7e86-467b-b7ef-d46a218a6c1f; expires=Wed, 09 Oct 2024 03:09:29 GMT; path=/
Connection: close

GET ww25.lyxynyx.com/bgsmdaLEt.js

199.59.243.227

200 OK

34 kB

URL GET HTTP/1.1
ww25.lyxynyx.com/bgsmdaLEt.js
IP
199.59.243.227:443
ASN
#16509 AMAZON-02

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Certificate
IssuerLet's Encrypt
Subjectww25.lyxynyx.com
FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA
ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (34190)
Size
34 kB (34193 bytes)
Hash
285520bc859a840449187cc43864a1cb
3d85ac9801d3cc9a3577bc6f6ef3c754d2677dff
ac8e37a73437f2c13789726ea053c21fcdfd485896aabd6498702064968e34da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bgsmdaLEt.js HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Cookie: parking_session=f1808c73-7e86-467b-b7ef-d46a218a6c1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 09 Oct 2024 02:54:29 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 34193
X-Request-Id: 10b97919-fb61-4d32-aafe-abfb9b93b469
Set-Cookie: parking_session=f1808c73-7e86-467b-b7ef-d46a218a6c1f; expires=Wed, 09 Oct 2024 03:09:29 GMT
Connection: close

POST ww25.lyxynyx.com/_fd?subid1=20241009-1349-3360-b735-7283be0e0fee

199.59.243.227

200 OK

5.7 kB

URL POST HTTP/1.1
ww25.lyxynyx.com/_fd?subid1=20241009-1349-3360-b735-7283be0e0fee
IP
199.59.243.227:443
ASN
#16509 AMAZON-02

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Certificate
IssuerLet's Encrypt
Subjectww25.lyxynyx.com
FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA
ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

File type
ASCII text, with very long lines (5693), with no line terminators
Size
5.7 kB (5693 bytes)
Hash
a867c7ac9e75b32064255222d3326952
d26e9ab4d1064ab02c8eb9ec83e43971273ad7a0
9322b76e29145e9bb6a4d121a0d81742b7594cd8e25841fda6f2d5d562b970a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?subid1=20241009-1349-3360-b735-7283be0e0fee HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Content-Type: application/json
Origin: https://ww25.lyxynyx.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=f1808c73-7e86-467b-b7ef-d46a218a6c1f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Date: Wed, 09 Oct 2024 02:54:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 5693
X-Request-Id: 16294a6f-5e1c-4c3a-8f7a-b8e38647230c
Set-Cookie: parking_session=f1808c73-7e86-467b-b7ef-d46a218a6c1f; expires=Wed, 09 Oct 2024 03:09:29 GMT
Connection: close

o.pki.goog/wr2

216.58.207.195

472 B

URL
o.pki.goog/wr2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
33d4f5a6cef58799a568093402d12541
171fc7e74d9cbc6cc9e1fcb4e55e08ffd6e10ba3
f7d3da2b57c0872412a74ef15f84376a15bdb6ec765b3ae9cd81028b768a0979

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Oct 2024 02:54:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.164

200 OK

56 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
FingerprintAD:02:8F:37:49:83:F2:82:0C:84:E9:B4:A4:19:E5:DC:D0:D6:62:C9
ValidityMon, 16 Sep 2024 09:36:05 GMT - Mon, 09 Dec 2024 09:36:04 GMT

File type
gzip compressed data, max compression
Size
56 kB (55678 bytes)
Hash
139522dc8bdca1a5864cb8d4d5bfae84
ef133d63f5e38832655712fefbba03745ec206c8
bf123abf48feda298505c8bf7252f23f19a350eb654e2a77e0874d9b697fa8a6

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 09 Oct 2024 02:54:30 GMT
expires: Wed, 09 Oct 2024 02:54:30 GMT
cache-control: private, max-age=3600
etag: "8945396596493691360"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

216.58.207.195

471 B

URL
o.pki.goog/wr2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4ff7208fb83a9edda9cd21a0b0f43105
1a237e612a2ee98ce04708bc03664381d6dccfcc
3f5188545a1f2ac0d20b4d455098d7ce36ecec2de350a183b77b6f2512e08a6b

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Oct 2024 02:54:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol411%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241009-1349-3360-b735-7283be0e0fee&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=7261728442470243&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1728442470244&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=681010707&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241009-1349-3360-b735-7283be0e0fee

172.217.21.174

200 OK

2.7 kB

URL GET HTTP/2
syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol411%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241009-1349-3360-b735-7283be0e0fee&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=7261728442470243&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1728442470244&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=681010707&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241009-1349-3360-b735-7283be0e0fee
IP
172.217.21.174:443
ASN
#15169 GOOGLE

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint98:0A:EA:B7:A9:BE:F2:9D:18:4B:E6:C0:20:FA:9A:7A:D3:E3:73:A5
ValidityMon, 16 Sep 2024 09:44:00 GMT - Mon, 09 Dec 2024 09:43:59 GMT

File type
HTML document, ASCII text, with very long lines (13176)
Size
2.7 kB (2733 bytes)
Hash
eee73e15ef44639f3d5beca8d2c6f908
73eafd851be56a6e39e6f448e471af1d9f56052d
3e94cfc476320233a9c397126d95cf2325d181c7e9f138b52eab51c7811d5c63

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol411%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241009-1349-3360-b735-7283be0e0fee&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=7261728442470243&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1728442470244&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=681010707&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241009-1349-3360-b735-7283be0e0fee HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 09 Oct 2024 02:54:30 GMT
expires: Wed, 09 Oct 2024 02:54:30 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-hxivDkcypRC8wU8Wrg2k7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2733
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

216.58.207.195

471 B

URL
o.pki.goog/wr2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4ff7208fb83a9edda9cd21a0b0f43105
1a237e612a2ee98ce04708bc03664381d6dccfcc
3f5188545a1f2ac0d20b4d455098d7ce36ecec2de350a183b77b6f2512e08a6b

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Oct 2024 02:54:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

216.58.207.195

471 B

URL
o.pki.goog/wr2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
34fb1e08eebd7a54261f4f4875429675
4115c69280c91fabb624134d33c90c8a1d6a7ba3
cc63f81cfe774e57ee37083d43357f19fbcbdbd6e874bde1fc793074428d5c2b

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Oct 2024 02:54:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

216.58.207.195

471 B

URL
o.pki.goog/wr2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
34fb1e08eebd7a54261f4f4875429675
4115c69280c91fabb624134d33c90c8a1d6a7ba3
cc63f81cfe774e57ee37083d43357f19fbcbdbd6e874bde1fc793074428d5c2b

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Oct 2024 02:54:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.129

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.129:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol411%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241009-1349-3360-b735-7283be0e0fee&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=7261728442470243&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1728442470244&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=681010707&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241009-1349-3360-b735-7283be0e0fee
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintE4:70:0D:EE:EF:A5:22:F8:E0:2D:F4:88:B6:12:68:A2:DB:32:85:38
ValidityMon, 16 Sep 2024 09:32:18 GMT - Mon, 09 Dec 2024 09:32:17 GMT

File type
SVG Scalable Vector Graphics image
Size
174 B (174 bytes)
Hash
d47125b2ba92be53dcff07ba322ce1de
e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Oct 2024 00:06:47 GMT
expires: Wed, 09 Oct 2024 23:06:47 GMT
cache-control: public, max-age=82800
age: 10063
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.129

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.129:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol411%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241009-1349-3360-b735-7283be0e0fee&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=7261728442470243&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1728442470244&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=681010707&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241009-1349-3360-b735-7283be0e0fee
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintE4:70:0D:EE:EF:A5:22:F8:E0:2D:F4:88:B6:12:68:A2:DB:32:85:38
ValidityMon, 16 Sep 2024 09:32:18 GMT - Mon, 09 Dec 2024 09:32:17 GMT

File type
SVG Scalable Vector Graphics image
Size
278 B (278 bytes)
Hash
fe7dd8c3c629cc6e9cd6d3e4d3cbe905
59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Oct 2024 00:34:19 GMT
expires: Wed, 09 Oct 2024 23:34:19 GMT
cache-control: public, max-age=82800
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 8411
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST ww25.lyxynyx.com/_tr

199.59.243.227

200 OK

2 B

URL POST HTTP/1.1
ww25.lyxynyx.com/_tr
IP
199.59.243.227:443
ASN
#16509 AMAZON-02

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Certificate
IssuerLet's Encrypt
Subjectww25.lyxynyx.com
FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA
ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Content-Type: application/json
Content-Length: 1945
Origin: https://ww25.lyxynyx.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=f1808c73-7e86-467b-b7ef-d46a218a6c1f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 09 Oct 2024 02:54:30 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
X-Request-Id: bd53160d-5b91-4f7b-adc7-531d2759ea1e
Set-Cookie: parking_session=f1808c73-7e86-467b-b7ef-d46a218a6c1f; expires=Wed, 09 Oct 2024 03:09:30 GMT
Connection: close

o.pki.goog/wr2

216.58.207.195

471 B

URL
o.pki.goog/wr2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
34fb1e08eebd7a54261f4f4875429675
4115c69280c91fabb624134d33c90c8a1d6a7ba3
cc63f81cfe774e57ee37083d43357f19fbcbdbd6e874bde1fc793074428d5c2b

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Oct 2024 02:54:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
aa746f2452828a39148ef2ed129c14f6
aab2904047696ac367e2bfc0ffb1ba44c9c84256
5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7"
Last-Modified: Tue, 08 Oct 2024 04:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9281
Expires: Wed, 09 Oct 2024 05:29:12 GMT
Date: Wed, 09 Oct 2024 02:54:31 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
aa746f2452828a39148ef2ed129c14f6
aab2904047696ac367e2bfc0ffb1ba44c9c84256
5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7"
Last-Modified: Tue, 08 Oct 2024 04:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9281
Expires: Wed, 09 Oct 2024 05:29:12 GMT
Date: Wed, 09 Oct 2024 02:54:31 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
aa746f2452828a39148ef2ed129c14f6
aab2904047696ac367e2bfc0ffb1ba44c9c84256
5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7"
Last-Modified: Tue, 08 Oct 2024 04:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9281
Expires: Wed, 09 Oct 2024 05:29:12 GMT
Date: Wed, 09 Oct 2024 02:54:31 GMT
Connection: keep-alive

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=gp1u8yluf9tf&aqid=ZvAFZ-6QFtKziM0PsOT2iA0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=681010707&csala=5%7C0%7C279%7C83%7C23&lle=0&ifv=1&hpt=0

172.217.21.174

204 No Content

0 B

URL GET HTTP/3
syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=gp1u8yluf9tf&aqid=ZvAFZ-6QFtKziM0PsOT2iA0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=681010707&csala=5%7C0%7C279%7C83%7C23&lle=0&ifv=1&hpt=0
IP
172.217.21.174:443
ASN
#15169 GOOGLE

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint98:0A:EA:B7:A9:BE:F2:9D:18:4B:E6:C0:20:FA:9A:7A:D3:E3:73:A5
ValidityMon, 16 Sep 2024 09:44:00 GMT - Mon, 09 Dec 2024 09:43:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=gp1u8yluf9tf&aqid=ZvAFZ-6QFtKziM0PsOT2iA0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=681010707&csala=5%7C0%7C279%7C83%7C23&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-UsiDDpjgrIm_DTPX_NuAJw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Wed, 09 Oct 2024 02:54:32 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=fkmkpf9ss6zw&aqid=ZvAFZ-6QFtKziM0PsOT2iA0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=681010707&csala=5%7C0%7C279%7C83%7C23&lle=0&ifv=1&hpt=0

172.217.21.174

204 No Content

0 B

URL GET HTTP/3
syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=fkmkpf9ss6zw&aqid=ZvAFZ-6QFtKziM0PsOT2iA0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=681010707&csala=5%7C0%7C279%7C83%7C23&lle=0&ifv=1&hpt=0
IP
172.217.21.174:443
ASN
#15169 GOOGLE

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241009-1349-3360-b735-7283be0e0fee
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint98:0A:EA:B7:A9:BE:F2:9D:18:4B:E6:C0:20:FA:9A:7A:D3:E3:73:A5
ValidityMon, 16 Sep 2024 09:44:00 GMT - Mon, 09 Dec 2024 09:43:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=fkmkpf9ss6zw&aqid=ZvAFZ-6QFtKziM0PsOT2iA0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=681010707&csala=5%7C0%7C279%7C83%7C23&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-CqU7ls7iri9DwUEmM5o_9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Wed, 09 Oct 2024 02:54:32 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET syndicatedsearch.goog/adsense/domains/caf.js

172.217.21.174

200 OK

153 kB

URL GET HTTP/3
syndicatedsearch.goog/adsense/domains/caf.js
IP
172.217.21.174:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol102%2Cpid-bodis-gcontrol411%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241009-1349-3360-b735-7283be0e0fee&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=7261728442470243&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1728442470244&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=681010707&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241009-1349-3360-b735-7283be0e0fee
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint98:0A:EA:B7:A9:BE:F2:9D:18:4B:E6:C0:20:FA:9A:7A:D3:E3:73:A5
ValidityMon, 16 Sep 2024 09:44:00 GMT - Mon, 09 Dec 2024 09:43:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1879)
Size
153 kB (153131 bytes)
Hash
4c7edc182344882216d6d4d7dc46231f
4b981e96e6b665ede4426a89d121d4ae878a76da
6570292e68a16b7f4a51f9672e5f1028112066252c27273ede1f061bb104bb5e

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 09 Oct 2024 02:54:30 GMT
expires: Wed, 09 Oct 2024 02:54:30 GMT
cache-control: private, max-age=3600
etag: "15838387115246319480"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (25)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN