Report - ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50

Report Overview

Visited public
2024-10-01 19:17:24
Tags
Submit Tags
URL
ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Finishing URL
ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
IP / ASN
199.59.243.227
#16509 AMAZON-02
Title
lyxynyx.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2024-09-30 04:32:43	429 B	68 kB	142.250.74.164
syndicatedsearch.goog	unknown	2023-04-14	2023-09-25 11:30:59	2024-10-01 06:31:50	3.2 kB	61 kB	172.217.21.174
afs.googleusercontent.com	12123	2008-11-17	2013-05-06 21:11:00	2024-10-01 07:32:48	991 B	2.1 kB	142.250.74.97
aus5.mozilla.org	2548	1998-01-24	2015-10-27 08:06:24	2024-09-30 18:12:37	512 B	1.2 kB	35.244.181.201
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-30 18:12:04	1.6 kB	4.4 kB	23.33.119.27
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-30 18:12:17	1.3 kB	3.5 kB	23.33.119.57
ww25.lyxynyx.com	unknown	2023-12-14	2023-12-15 10:16:18	2024-09-26 19:08:09	2.3 kB	43 kB	199.59.243.227
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-09-30 18:17:06	2.0 kB	4.2 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-01	medium	lyxynyx.com	Sinkholed
2024-10-01	medium	lyxynyx.com	Sinkholed
2024-10-01	medium	lyxynyx.com	Sinkholed
2024-10-01	medium	lyxynyx.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	www.google.com/adsense/domains/caf.js?abp=1&bodis=true	ScriptElement	153 kB	2024-09-26	2024-10-04
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-26 22:18 Last Seen2024-10-04 11:29 Times Seen235 Hash b8e117e57b074305a5be0f970cfc15d7 90cfe97f30817be47aff8c418c29745dd871cd72 20ad61ebb112173ada6ac94516a8902133fb1c59a3aa5c5c886fabfbbc005e85 Loading...

	syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol477%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241002-0459-4368-8262-86ad75c14a50&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=1241727810220071&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1727810220073&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=678245571&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241002-0459-4368-8262-86ad75c14a50	ScriptElement	633 B	2024-10-04	2024-10-04
Pretty URL syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol477%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241002-0459-4368-8262-86ad75c14a50&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=1241727810220071&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1727810220073&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=678245571&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241002-0459-4368-8262-86ad75c14a50 IP 172.217.21.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-04 10:45 Last Seen2024-10-04 10:45 Times Seen1 Hash 38790b9856cc042d4da379d48ec7b601 18b5a61d0236155b0aedc940674639d496a29f22 53bb47b39653fc74a1326e8d0afa96fab8f337c2749bbce8fc5994fec616fb93 Loading...

	syndicatedsearch.goog/adsense/domains/caf.js	ScriptElement	153 kB	2024-09-27	2024-10-04
Pretty URL syndicatedsearch.goog/adsense/domains/caf.js IP 172.217.21.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-27 03:07 Last Seen2024-10-04 11:27 Times Seen231 Hash 04699b09746829d152a63302f9f5e337 93d6ed46dab19c874bca83201d11b21666aa1ffd 723a981ef7482d5299ea2fd6449ab1a3af57f0f593617df9e87962419e3b6b6f Loading...

	ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50	ScriptElement	435 B	2024-10-04	2024-10-04
Pretty URL ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50 IP 199.59.243.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-04 10:45 Last Seen2024-10-04 10:45 Times Seen1 Hash 7f8a541cf328eb792ffa6ec90895e0c0 e9e0d3f73b0ffa66dd29a7c41364ed54b048b4f7 f6405f61d9ec0b004effc40b0149f74d91c6f630dcaf50ccd7a5332145f80b6e Loading...

	ww25.lyxynyx.com/bYQRsykAs.js	ScriptElement	34 kB	2024-08-28	2024-10-11
Pretty URL ww25.lyxynyx.com/bYQRsykAs.js IP 199.59.243.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-28 21:05 Last Seen2024-10-11 09:19 Times Seen8910 Hash e2ec36d427fa4a992d76c0ee5e8dfd4d 47ec4ace4851c6c3a4fe23ad2c842885f6d973f2 36488e81afcbc4d7018b8764c18032b10be21aa45521c9671fde0cc77f70b2d8 Loading...

HTTP Transactions (27)

URL IP Response Size

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
30b3296d8601a98376f1d8d787e38d85
b0d3b4fd48e65b90925a60eaece214d4323d990d
600789f1a63878cf615548db70ebc5454666f4ccadd004c8b2c7b9cc75bff5e2

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "600789F1A63878CF615548DB70EBC5454666F4CCADD004C8B2C7B9CC75BFF5E2"
Last-Modified: Mon, 30 Sep 2024 15:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2673
Expires: Tue, 01 Oct 2024 20:01:31 GMT
Date: Tue, 01 Oct 2024 19:16:58 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9e96f1dff1bb5e6784958d21556e4a06
d4cb719b5fe9714d59866434ca13c389776a09f3
01b80c0b028333e119cbc3799424875028f0548b6e95d94e7738874c59883c00

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "01B80C0B028333E119CBC3799424875028F0548B6E95D94E7738874C59883C00"
Last-Modified: Mon, 30 Sep 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9640
Expires: Tue, 01 Oct 2024 21:57:38 GMT
Date: Tue, 01 Oct 2024 19:16:58 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a8901baef26e06d1c6a8d84e9cc7c99d
45039e57582ddc5f8ca1332f81326182633c5e39
a7d111d2a198a732c3607681e4045192bcbcff213cee531c0a90d349605d5306

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A7D111D2A198A732C3607681E4045192BCBCFF213CEE531C0A90D349605D5306"
Last-Modified: Mon, 30 Sep 2024 16:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9728
Expires: Tue, 01 Oct 2024 21:59:06 GMT
Date: Tue, 01 Oct 2024 19:16:58 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
280abd583680094ddddb480769f3f61b
26caab6dbbf50ba7442d0e3bd1c4a81b5e6d9236
8fc210d2f8ca54ae085b92a142cce3621730daf7a76e83076630e20d18f789cd

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8FC210D2F8CA54AE085B92A142CCE3621730DAF7A76E83076630E20D18F789CD"
Last-Modified: Tue, 01 Oct 2024 04:04:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5962
Expires: Tue, 01 Oct 2024 20:56:20 GMT
Date: Tue, 01 Oct 2024 19:16:58 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e94a29d79f60626a0c04bf5adecf2258
8b38a8959331a21f4c202c3d54139034eee6cb17
8b81e61732d078c1bc884788c489b7dc87984cd9079ce381046200eb1701f6e3

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B81E61732D078C1BC884788C489B7DC87984CD9079CE381046200EB1701F6E3"
Last-Modified: Mon, 30 Sep 2024 17:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13258
Expires: Tue, 01 Oct 2024 22:57:57 GMT
Date: Tue, 01 Oct 2024 19:16:59 GMT
Connection: keep-alive

GET ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50

199.59.243.227

200 OK

1.2 kB

URL User Request GET HTTP/1.1
ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
IP
199.59.243.227:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectww25.lyxynyx.com
FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA
ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

File type
HTML document, ASCII text, with very long lines (450)
Size
1.2 kB (1182 bytes)
Hash
1a00306a1fd6956db96c4350ad3f85aa
f4ea4dc59081e3df69e495ed4196fa9814cc9a40
4164aea2fec785b387a16fac7fd7e244fe93c6620c95278eda24915cbc95fe4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php?subid1=20241002-0459-4368-8262-86ad75c14a50 HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 01 Oct 2024 19:16:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1182
X-Request-Id: 29aaca56-58c7-4528-bf53-ef0f9f7fb5bc
Cache-Control: no-store, max-age=0
Accept-Ch: sec-ch-prefers-color-scheme
Critical-Ch: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnjUuuCH3VvZe7+K/uRla3ESu5FdzRpFiFPs71esiaZ9sdLJFUrHCbPgYnqXHcR1DhAfG4jx7RmimVFcacLJIQ==
Set-Cookie: parking_session=29aaca56-58c7-4528-bf53-ef0f9f7fb5bc; expires=Tue, 01 Oct 2024 19:31:59 GMT; path=/
Connection: close

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e02ce96999916d86ffd410fc876753f5
cb6bc34ba06c7f4c1f16e3519d23ccfdda8b3f8d
5ab6784e90ad72c024966d75a07a444ae7f880ae487be611925826dc71901d38

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5AB6784E90AD72C024966D75A07A444AE7F880AE487BE611925826DC71901D38"
Last-Modified: Mon, 30 Sep 2024 15:54:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4203
Expires: Tue, 01 Oct 2024 20:27:02 GMT
Date: Tue, 01 Oct 2024 19:16:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5e3f6fc68f86be07d377aea0e7496870
9d1005d0782906dfdfe4217125b907b86a22b530
c6309b6effe12dabaacc99df66e13fba72de8198e5bccf67198400576e3158da

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C6309B6EFFE12DABAACC99DF66E13FBA72DE8198E5BCCF67198400576E3158DA"
Last-Modified: Mon, 30 Sep 2024 16:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15005
Expires: Tue, 01 Oct 2024 23:27:04 GMT
Date: Tue, 01 Oct 2024 19:16:59 GMT
Connection: keep-alive

GET ww25.lyxynyx.com/bYQRsykAs.js

199.59.243.227

200 OK

34 kB

URL GET HTTP/1.1
ww25.lyxynyx.com/bYQRsykAs.js
IP
199.59.243.227:443
ASN
#16509 AMAZON-02

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Certificate
IssuerLet's Encrypt
Subjectww25.lyxynyx.com
FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA
ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (34190)
Size
34 kB (34193 bytes)
Hash
e2ec36d427fa4a992d76c0ee5e8dfd4d
47ec4ace4851c6c3a4fe23ad2c842885f6d973f2
36488e81afcbc4d7018b8764c18032b10be21aa45521c9671fde0cc77f70b2d8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bYQRsykAs.js HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Cookie: parking_session=29aaca56-58c7-4528-bf53-ef0f9f7fb5bc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 01 Oct 2024 19:16:59 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 34193
X-Request-Id: 9f5027d0-e29b-4bc1-8b61-a5c69fc80ec4
Set-Cookie: parking_session=29aaca56-58c7-4528-bf53-ef0f9f7fb5bc; expires=Tue, 01 Oct 2024 19:31:59 GMT
Connection: close

POST ww25.lyxynyx.com/_fd?subid1=20241002-0459-4368-8262-86ad75c14a50

199.59.243.227

200 OK

5.7 kB

URL POST HTTP/1.1
ww25.lyxynyx.com/_fd?subid1=20241002-0459-4368-8262-86ad75c14a50
IP
199.59.243.227:443
ASN
#16509 AMAZON-02

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Certificate
IssuerLet's Encrypt
Subjectww25.lyxynyx.com
FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA
ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

File type
ASCII text, with very long lines (5693), with no line terminators
Size
5.7 kB (5693 bytes)
Hash
8279ef77329b186ef35df8f8e9027b8c
95e60329cbbc7d38b694e7e1faf8a38285cab6b0
0cd2353e02c3ae73007ce22113bf242c602019b66a6cd2ea0f11effbafa4ce2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?subid1=20241002-0459-4368-8262-86ad75c14a50 HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Content-Type: application/json
Origin: https://ww25.lyxynyx.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=29aaca56-58c7-4528-bf53-ef0f9f7fb5bc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Date: Tue, 01 Oct 2024 19:16:59 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 5693
X-Request-Id: 5a5b4bc1-e06e-40db-a6bc-91764f72e287
Set-Cookie: parking_session=29aaca56-58c7-4528-bf53-ef0f9f7fb5bc; expires=Tue, 01 Oct 2024 19:31:59 GMT
Connection: close

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5bf2137247d2379eff75842658f0d939
a6958d374a4eab188f1f1334b4a33514d75fdf8e
fd88b824c176afac0d0410a5839ec76e85de47eedd7fdc3c4a9c06c2ae3a485b

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 01 Oct 2024 19:16:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.164

200 OK

67 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
FingerprintA9:76:72:D7:78:A8:1B:25:A7:A2:91:29:BE:43:C3:76:64:C8:3C:67
ValidityMon, 26 Aug 2024 07:15:49 GMT - Mon, 18 Nov 2024 07:15:48 GMT

File type
gzip compressed data, max compression
Size
67 kB (66686 bytes)
Hash
eaa0e543c00c592b7cbb3c91e831cde7
f5d9623b455169e730ea19f0f3d52c9ebce105ff
90312097a52b0ea8971192566e7d94e40227fd0935b257dc779f0b5c56cd7efc

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Tue, 01 Oct 2024 19:16:59 GMT
expires: Tue, 01 Oct 2024 19:16:59 GMT
cache-control: private, max-age=3600
etag: "15659848927289336678"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2363956bdd7c6f2daf6c07f424af9a0b
95012e2aa8fb41a34bca8bb00d9da0de84f056e9
c49d3f4aa2f3c3839216788c84d8cb40d187d9a1cf49712f59d68263191fa4de

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 01 Oct 2024 19:17:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0ff9b275ac544a84792117f0ff55daac
550688d56fa990cdd05d9a999e3784516c3fdc3c
d0a06176c0ec257d5d868c8c33bd6ad26405475c5747afad22053c1474aa2e2b

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 01 Oct 2024 19:17:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a89a3804008b9a8783344786e440c111
110f4d546bc339058fcf635a1b517cba6f6852c5
593fff197167891acdadab9e893fe1d07cdeb60b09d6ae5e96123a2818d1d4a0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "593FFF197167891ACDADAB9E893FE1D07CDEB60B09D6AE5E96123A2818D1D4A0"
Last-Modified: Mon, 30 Sep 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8563
Expires: Tue, 01 Oct 2024 21:39:43 GMT
Date: Tue, 01 Oct 2024 19:17:00 GMT
Connection: keep-alive

GET syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol477%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241002-0459-4368-8262-86ad75c14a50&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=1241727810220071&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1727810220073&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=678245571&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241002-0459-4368-8262-86ad75c14a50

172.217.21.174

200 OK

2.8 kB

URL GET HTTP/2
syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol477%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241002-0459-4368-8262-86ad75c14a50&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=1241727810220071&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1727810220073&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=678245571&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241002-0459-4368-8262-86ad75c14a50
IP
172.217.21.174:443
ASN
#15169 GOOGLE

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
FingerprintDC:F4:EB:19:22:2A:6E:6B:EF:C2:61:EF:BE:1F:23:CF:7F:69:F5:B2
ValidityMon, 26 Aug 2024 07:24:40 GMT - Mon, 18 Nov 2024 07:24:39 GMT

File type
HTML document, ASCII text, with very long lines (13195)
Size
2.8 kB (2754 bytes)
Hash
75673a4468063cf0fa77fdacbcf5b44c
bfdcf12aeea3c904e7323864b642b8a8c3d1bb03
3a84c98fd50fc880ae1caea0ce693e4a5254f18c0dbb45fd7181540e93e42557

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol477%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241002-0459-4368-8262-86ad75c14a50&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=1241727810220071&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1727810220073&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=678245571&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241002-0459-4368-8262-86ad75c14a50 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Tue, 01 Oct 2024 19:17:00 GMT
expires: Tue, 01 Oct 2024 19:17:00 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-XzWxnXglyK3V96FqpHgLhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2754
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0ff9b275ac544a84792117f0ff55daac
550688d56fa990cdd05d9a999e3784516c3fdc3c
d0a06176c0ec257d5d868c8c33bd6ad26405475c5747afad22053c1474aa2e2b

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 01 Oct 2024 19:17:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
71b3577a6975159c240233c31375d689
45158107ebeed19e88e29304af8f16e13f2fa55d
8c40b282a30cd3d4e847d04374e318d8607b9b8662f7050d30313ccc7f679bc2

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 01 Oct 2024 19:17:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol477%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241002-0459-4368-8262-86ad75c14a50&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=1241727810220071&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1727810220073&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=678245571&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241002-0459-4368-8262-86ad75c14a50
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
Fingerprint3F:8C:C0:AD:01:C9:F8:FA:75:FE:BA:A4:43:75:E4:C9:60:2C:CF:A6
ValidityMon, 26 Aug 2024 07:12:09 GMT - Mon, 18 Nov 2024 07:12:08 GMT

File type
SVG Scalable Vector Graphics image
Size
174 B (174 bytes)
Hash
d47125b2ba92be53dcff07ba322ce1de
e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Oct 2024 08:05:55 GMT
expires: Wed, 02 Oct 2024 07:05:55 GMT
cache-control: public, max-age=82800
age: 40265
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET syndicatedsearch.goog/adsense/domains/caf.js

172.217.21.174

200 OK

56 kB

URL GET HTTP/3
syndicatedsearch.goog/adsense/domains/caf.js
IP
172.217.21.174:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol477%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241002-0459-4368-8262-86ad75c14a50&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=1241727810220071&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1727810220073&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=678245571&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241002-0459-4368-8262-86ad75c14a50
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
FingerprintDC:F4:EB:19:22:2A:6E:6B:EF:C2:61:EF:BE:1F:23:CF:7F:69:F5:B2
ValidityMon, 26 Aug 2024 07:24:40 GMT - Mon, 18 Nov 2024 07:24:39 GMT

File type
gzip compressed data, max compression
Size
56 kB (55747 bytes)
Hash
86241e32682b9f56d5d41e03e39fcd9b
6753f44b0a11144698d41f66bb4db73940489b0e
a3ccdf65b05a78199b955b6d1b69d2753fcee3e18cf07de6ade371b7064b5b38

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Tue, 01 Oct 2024 19:17:00 GMT
expires: Tue, 01 Oct 2024 19:17:00 GMT
cache-control: private, max-age=3600
etag: "8562013625026226936"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST ww25.lyxynyx.com/_tr

199.59.243.227

200 OK

2 B

URL POST HTTP/1.1
ww25.lyxynyx.com/_tr
IP
199.59.243.227:443
ASN
#16509 AMAZON-02

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Certificate
IssuerLet's Encrypt
Subjectww25.lyxynyx.com
FingerprintF8:AC:18:51:95:57:B6:60:0A:6A:F7:48:90:04:59:2E:34:C2:2A:EA
ValidityWed, 31 Jul 2024 15:00:58 GMT - Tue, 29 Oct 2024 15:00:57 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww25.lyxynyx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Content-Type: application/json
Content-Length: 1945
Origin: https://ww25.lyxynyx.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=29aaca56-58c7-4528-bf53-ef0f9f7fb5bc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 01 Oct 2024 19:17:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
X-Request-Id: 201f6dcd-3d82-4212-886f-d67f622c8300
Set-Cookie: parking_session=29aaca56-58c7-4528-bf53-ef0f9f7fb5bc; expires=Tue, 01 Oct 2024 19:32:00 GMT
Connection: close

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol477%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol164&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww25.lyxynyx.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241002-0459-4368-8262-86ad75c14a50&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3&nocache=1241727810220071&num=0&output=afd_ads&domain_name=ww25.lyxynyx.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1727810220073&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=678245571&rurl=https%3A%2F%2Fww25.lyxynyx.com%2Flogin.php%3Fsubid1%3D20241002-0459-4368-8262-86ad75c14a50
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
Fingerprint3F:8C:C0:AD:01:C9:F8:FA:75:FE:BA:A4:43:75:E4:C9:60:2C:CF:A6
ValidityMon, 26 Aug 2024 07:12:09 GMT - Mon, 18 Nov 2024 07:12:08 GMT

File type
SVG Scalable Vector Graphics image
Size
278 B (278 bytes)
Hash
fe7dd8c3c629cc6e9cd6d3e4d3cbe905
59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Oct 2024 05:34:32 GMT
expires: Wed, 02 Oct 2024 04:34:32 GMT
cache-control: public, max-age=82800
age: 49348
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
71b3577a6975159c240233c31375d689
45158107ebeed19e88e29304af8f16e13f2fa55d
8c40b282a30cd3d4e847d04374e318d8607b9b8662f7050d30313ccc7f679bc2

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 01 Oct 2024 19:17:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
8effaf713ecfaf968a658e5727aa9938
2229078c48d23c1b17803a1e501bf6410c3522c9
672455d99075a4581ae850704b23720ba3b94691e1038b939a5165a3b274d7f9

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "672455D99075A4581AE850704B23720BA3B94691E1038B939A5165A3B274D7F9"
Last-Modified: Mon, 30 Sep 2024 15:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12097
Expires: Tue, 01 Oct 2024 22:38:38 GMT
Date: Tue, 01 Oct 2024 19:17:01 GMT
Connection: keep-alive

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=72kakxh7xgdo&aqid=rEr8ZtKZDsGtxdwP85HI4A0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=678245571&csala=5%7C0%7C374%7C67%7C13&lle=0&ifv=1&hpt=0

172.217.21.174

204 No Content

0 B

URL GET HTTP/3
syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=72kakxh7xgdo&aqid=rEr8ZtKZDsGtxdwP85HI4A0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=678245571&csala=5%7C0%7C374%7C67%7C13&lle=0&ifv=1&hpt=0
IP
172.217.21.174:443
ASN
#15169 GOOGLE

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
FingerprintDC:F4:EB:19:22:2A:6E:6B:EF:C2:61:EF:BE:1F:23:CF:7F:69:F5:B2
ValidityMon, 26 Aug 2024 07:24:40 GMT - Mon, 18 Nov 2024 07:24:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=72kakxh7xgdo&aqid=rEr8ZtKZDsGtxdwP85HI4A0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=678245571&csala=5%7C0%7C374%7C67%7C13&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-njJnnIn_1OIylT49eQxa8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Tue, 01 Oct 2024 19:17:02 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=2bv5rtfajbyc&aqid=rEr8ZtKZDsGtxdwP85HI4A0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=678245571&csala=5%7C0%7C374%7C67%7C13&lle=0&ifv=1&hpt=0

172.217.21.174

204 No Content

0 B

URL GET HTTP/3
syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=2bv5rtfajbyc&aqid=rEr8ZtKZDsGtxdwP85HI4A0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=678245571&csala=5%7C0%7C374%7C67%7C13&lle=0&ifv=1&hpt=0
IP
172.217.21.174:443
ASN
#15169 GOOGLE

Requested by
https://ww25.lyxynyx.com/login.php?subid1=20241002-0459-4368-8262-86ad75c14a50
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
FingerprintDC:F4:EB:19:22:2A:6E:6B:EF:C2:61:EF:BE:1F:23:CF:7F:69:F5:B2
ValidityMon, 26 Aug 2024 07:24:40 GMT - Mon, 18 Nov 2024 07:24:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=2bv5rtfajbyc&aqid=rEr8ZtKZDsGtxdwP85HI4A0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=678245571&csala=5%7C0%7C374%7C67%7C13&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww25.lyxynyx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-TDpab4EkzxjGcXAsxB_S8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Tue, 01 Oct 2024 19:17:02 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-11-02-12-44-24.chain; p384ecdsa=Z0T6F7DJhXZgf08XOZi2xNByERijrtvhf26i7kR_fQfGgkU725r9-WEvAXCxlmb5XnhIcpf2Y2oYZspQUUt64waU9j2spRfqbJJ0M5GhSLRb5dbetXDs4kT89KAfAxxH
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Tue, 01 Oct 2024 19:17:10 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 8
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (27)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN