Report - lysyfyj.com/http:/lysyfyj.com/X

Report Overview

Visited public
2023-12-08 01:37:15
Tags
URL
lysyfyj.com/http:/lysyfyj.com/X
Finishing URL
ww1.lysyfyj.com/
IP / ASN
95.211.219.65
#60781 LeaseWeb Netherlands B.V.
Title
ww1.lysyfyj.com/

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.consentmanager.net	29447	2018-05-02	2021-02-08 23:33:57	2023-12-07 05:09:59	2.3 kB	564 kB	185.76.9.21
lysyfyj.com	unknown	2018-09-17	2012-07-24 11:06:35	2023-12-07 16:44:12	1.9 kB	1.5 kB	95.211.219.65
ww1.lysyfyj.com	unknown	2018-09-17	2018-09-30 00:18:01	2023-12-06 17:27:27	11 kB	248 kB	208.91.196.145
a.delivery.consentmanager.net	128991	2018-05-02	2021-07-25 18:26:32	2023-12-06 18:53:36	4.7 kB	18 kB	87.230.98.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed
2023-12-07	medium	lysyfyj.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	ww1.lysyfyj.com/px.js?ch=1	ScriptElement	346 B	2023-03-07	2025-05-11
Pretty URL ww1.lysyfyj.com/px.js?ch=1 IP 208.91.196.145 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 09:30 Times Seen8320 Hash f84f931c0dd37448e03f0dabf4e4ca9f 9c2c50edcf576453ccc07bf65668bd23c76e8663 5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584 Loading...

	unknown	EventHandler	0 B	0001-01-01	2025-05-11
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 17:09 Times Seen4656097 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&__cmpfcc=1&id=68884&o=1701999420&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&odw=0&dlt=1&l=en	ScriptElement	46 kB	2023-12-08	2023-12-14
Pretty URL a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&__cmpfcc=1&id=68884&o=1701999420&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&odw=0&dlt=1&l=en IP 87.230.98.74 ASN #61157 PlusServer GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 01:04 Last Seen2023-12-14 23:15 Times Seen16 Hash 51134e1aa016d77d8bf7fcd68cb9e30a 0d76ab4b3e803c9c8ac212a707d0cb8d72d89a5e 0efd131569ca24d501879335f50497153e26dc019f3b94e37e1e15dd235469ac Loading...

	ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1& IP 208.91.196.145 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 17:09 Times Seen4656097 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1701999420&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&odw=0&dlt=1&l=en	ScriptElement	1.3 kB	2023-12-08	2023-12-08
Pretty URL a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1701999420&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&odw=0&dlt=1&l=en IP 87.230.98.74 ASN #61157 PlusServer GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 02:37 Last Seen2023-12-08 02:37 Times Seen1 Hash 585542f63d017491481455074c878719 03b99682197a14d2f7f96df7746f97ea0f54d10e cc5ee0a8a6a215b90d7d6219506b559b672209a64af68a46c56486ef6bf020b3 Loading...

	cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8yNjQxNS54XzI4LnYucC50XzI2NDE1Lnh0XzI4.js	ScriptElement	72 kB	2023-12-04	2023-12-11
Pretty URL cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8yNjQxNS54XzI4LnYucC50XzI2NDE1Lnh0XzI4.js IP 185.76.9.21 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 08:07 Last Seen2023-12-11 09:37 Times Seen125 Hash 7af718961ecbec2fd078dd5b074721e1 8543ac2ae7f4d42c153bb9e91f99c076cba0c0e0 f2e723c03589e0524d5e3a22dc020ad1ea08b1f1b8dad4724421b294fc9a95b7 Loading...

	ww1.lysyfyj.com/__media__/js/min.js?v2.3	ScriptElement	8.4 kB	2023-03-07	2025-05-11
Pretty URL ww1.lysyfyj.com/__media__/js/min.js?v2.3 IP 208.91.196.145 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 13:18 Times Seen7911 Hash c16c3a4c0fad29106f34d00e89f6886e 6e11811ab8a98bb295b0916cdee68b302c33403d 097786d677a859b7bc87e285377b083b76d66a2fc2832a16bcd50b0e99df77ff Loading...

	a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&o=1701999426396	ScriptElement	1.3 kB	2023-12-08	2023-12-08
Pretty URL a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&o=1701999426396 IP 87.230.98.74 ASN #61157 PlusServer GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 02:37 Last Seen2023-12-08 02:37 Times Seen1 Hash b6c41044449426c3d2a04aece86a0c11 7c03cd2cdade8a5f95f177830536e711ba98fd10 cc14751f0f06a0223e393c54c3c93af58ce3972254e336494f143edd20853b88 Loading...

	cdn.consentmanager.net/delivery/js/cmp_en.min.js	ScriptElement	412 kB	2023-12-07	2024-08-20
Pretty URL cdn.consentmanager.net/delivery/js/cmp_en.min.js IP 185.76.9.21 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 12:30 Last Seen2024-08-20 16:28 Times Seen205 Hash ecc28467dba5e202c63d439fe03dfeb6 9b0116244835d8baa5c2b27559a07936d6e4b874 9167386827d13a7d8c11aba215a3f729ea1a30a95fbd6d9a6dc85d896ab0f1ed Loading...

HTTP Transactions (27)

URL IP Response Size

lysyfyj.com/http:/lysyfyj.com/X

95.211.219.65

492 B

URL
lysyfyj.com/http:/lysyfyj.com/X
IP
95.211.219.65:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (492), with no line terminators
Size
492 B (492 bytes)
Hash
508bc993980126b0978fd7bb4801bc06
77f7d0837c0ac0a356afd55f470452cd9852436a
26a073d0cd655065345e76f2ce6017ccbe181c640b7e96e2e0866464691904fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /http:/lysyfyj.com/X HTTP/1.1
Host: lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 492
content-type: text/html; charset=utf-8
date: Fri, 08 Dec 2023 01:36:52 GMT
server: Cowboy
set-cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63; path=/; domain=.lysyfyj.com; expires=Wed, 26 Dec 2091 04:51:00 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

lysyfyj.com/favicon.ico

95.211.219.65

9 B

URL
lysyfyj.com/favicon.ico
IP
95.211.219.65:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lysyfyj.com/http:/lysyfyj.com/X
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Fri, 08 Dec 2023 01:36:52 GMT
server: Cowboy
X-Firefox-Spdy: h2

lysyfyj.com/http:/lysyfyj.com/X?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcwMjAwNjYxMywiaWF0IjoxNzAxOTk5NDEzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydWZiZXNtcWJ1ZW01ZGVma3Mwa3A2MDQiLCJuYmYiOjE3MDE5OTk0MTMsInRzIjoxNzAxOTk5NDEzMTEwNDM2fQ.jDcIveElUZMSCMM56d8evM3WUOl4lvBCSESQwiYvHjY&sid=43c49692-956a-11ee-ad31-23fd30e18c63

95.211.219.65

302 Found

11 B

URL User Request GET HTTP/2
lysyfyj.com/http:/lysyfyj.com/X?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcwMjAwNjYxMywiaWF0IjoxNzAxOTk5NDEzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydWZiZXNtcWJ1ZW01ZGVma3Mwa3A2MDQiLCJuYmYiOjE3MDE5OTk0MTMsInRzIjoxNzAxOTk5NDEzMTEwNDM2fQ.jDcIveElUZMSCMM56d8evM3WUOl4lvBCSESQwiYvHjY&sid=43c49692-956a-11ee-ad31-23fd30e18c63
IP
95.211.219.65:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerLet's Encrypt
Subjectlysyfyj.com
Fingerprint58:BC:5A:C8:CF:1B:61:0F:91:6F:B0:B0:26:E0:AD:2D:91:2D:72:90
ValiditySun, 26 Nov 2023 14:48:50 GMT - Sat, 24 Feb 2024 14:48:49 GMT

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /http:/lysyfyj.com/X?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcwMjAwNjYxMywiaWF0IjoxNzAxOTk5NDEzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydWZiZXNtcWJ1ZW01ZGVma3Mwa3A2MDQiLCJuYmYiOjE3MDE5OTk0MTMsInRzIjoxNzAxOTk5NDEzMTEwNDM2fQ.jDcIveElUZMSCMM56d8evM3WUOl4lvBCSESQwiYvHjY&sid=43c49692-956a-11ee-ad31-23fd30e18c63 HTTP/1.1
Host: lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lysyfyj.com/http:/lysyfyj.com/X
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 08 Dec 2023 01:36:52 GMT
location: http://ww1.lysyfyj.com
server: Cowboy
set-cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63; path=/; domain=.lysyfyj.com; expires=Wed, 26 Dec 2091 04:51:00 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

ww1.lysyfyj.com/

208.91.196.145

200 OK

1.9 kB

URL User Request GET HTTP/1.1
ww1.lysyfyj.com/
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (428), with CRLF line terminators
Size
1.9 kB (1877 bytes)
Hash
6ed7daabc84da18e6e50f1b3f672fa3e
6d2530362b4f7a77bf91626b6f2fbbf5dda35e3f
2575cede5e8b628ae24f8237ad71c0c1f8a6213acdaea876f0a68c3b54e0169e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:36:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1877
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_PtCgwU2LImsDj0h/Z533xZSwUbQbq08hBgjXecmka2jvvBGqHcS93HwpyhfOPzXrOIXHQ7tuqjivKHOgAn6zCg==

ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&

208.91.196.145

200 OK

36 kB

URL GET HTTP/1.1
ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10746), with CRLF, LF line terminators
Size
36 kB (35563 bytes)
Hash
fc4babc573ceada2288accc00d1c09e3
cc222b177c95dbbf8116b7855d3bdab138000c34
129ea9dbfef97b97cd98502dec0baffb4206409ab1082c9160e94cd749ff8a2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1& HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: frame
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:36:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_o0h/jpb++qN2nc5XIln8dzePcFm7L28ypkSppTBBs+EGUfQuIkzE3S54GFEoYbAFIAXpWsiv58w9hbA6+02/WA==

ww1.lysyfyj.com/px.js?ch=1

208.91.196.145

200 OK

346 B

URL GET HTTP/1.1
ww1.lysyfyj.com/px.js?ch=1
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (346), with no line terminators
Size
346 B (346 bytes)
Hash
f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /px.js?ch=1 HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:36:59 GMT
Content-Type: application/javascript
Content-Length: 346
Connection: keep-alive
Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
ETag: "15a-5b952a63b81f1"
Accept-Ranges: bytes

ww1.lysyfyj.com/favicon.ico

208.91.196.145

404 Not Found

10 B

URL GET HTTP/1.1
ww1.lysyfyj.com/favicon.ico
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
10 B (10 bytes)
Hash
6608dd3e21ca3beabd4bdfa625a0b221
e926d0f8694a4bc4013308afaca7af51e4c9fd9f
c75eb01138771bfb2a5517aeae882356733782767c4560cc9601c34d2591ca75

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: openresty
Date: Fri, 08 Dec 2023 01:36:59 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 10
Connection: keep-alive

ww1.lysyfyj.com/__media__/js/min.js?v2.3

208.91.196.145

200 OK

8.4 kB

URL GET HTTP/1.1
ww1.lysyfyj.com/__media__/js/min.js?v2.3
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (8349), with CRLF line terminators
Size
8.4 kB (8435 bytes)
Hash
c16c3a4c0fad29106f34d00e89f6886e
6e11811ab8a98bb295b0916cdee68b302c33403d
097786d677a859b7bc87e285377b083b76d66a2fc2832a16bcd50b0e99df77ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /__media__/js/min.js?v2.3 HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:37:00 GMT
Content-Type: application/javascript
Content-Length: 8435
Connection: keep-alive
Last-Modified: Thu, 16 Feb 2023 20:41:55 GMT
ETag: "20f3-5f4d73a3687b7"
Accept-Ranges: bytes

ww1.lysyfyj.com/px.js?ch=2

208.91.196.145

200 OK

346 B

URL GET HTTP/1.1
ww1.lysyfyj.com/px.js?ch=2
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (346), with no line terminators
Size
346 B (346 bytes)
Hash
f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /px.js?ch=2 HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:37:00 GMT
Content-Type: application/javascript
Content-Length: 346
Connection: keep-alive
Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
ETag: "15a-5b952a63b81f1"
Accept-Ranges: bytes

a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&o=1701999426396

87.230.98.74

200 OK

889 B

URL GET HTTP/1.1
a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&o=1701999426396
IP
87.230.98.74:443
ASN
#61157 PlusServer GmbH

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint44:49:A8:C0:AF:F7:D9:6E:D0:B5:35:77:3B:05:89:CC:80:9A:8D:50
ValidityWed, 15 Nov 2023 00:31:04 GMT - Tue, 13 Feb 2024 00:31:03 GMT

File type
ASCII text, with very long lines (616), with CRLF line terminators
Size
889 B (889 bytes)
Hash
b6c41044449426c3d2a04aece86a0c11
7c03cd2cdade8a5f95f177830536e711ba98fd10
cc14751f0f06a0223e393c54c3c93af58ce3972254e336494f143edd20853b88

HTTP Headers

GET /delivery/cmp.php?&cdid=21fdca2281833&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&o=1701999426396 HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 08 Dec 2023 01:37:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Edge-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
X-XSS-Protection: 0
Last-Modified: Fri, 08 Dec 2023 01:37:00 GMT
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Content-Encoding: gzip

ww1.lysyfyj.com/__media__/pics/28905/arrrow.png

208.91.196.145

200 OK

283 B

URL GET HTTP/1.1
ww1.lysyfyj.com/__media__/pics/28905/arrrow.png
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
PNG image data, 17 x 27, 8-bit colormap, non-interlaced\012- data
Size
283 B (283 bytes)
Hash
80d42c82a6c37da90210fd60a2f36128
554ba7c84d2a27ecf3b1f29d03e62101936b54d8
a1626e2d9160a0890a0a8d6e3af9e7095d68a24f9fb5ac8a166000c9a2581e10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /__media__/pics/28905/arrrow.png HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:37:00 GMT
Content-Type: image/png
Content-Length: 283
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 14:44:27 GMT
ETag: "11b-5d4c2ac970ed9"
Accept-Ranges: bytes

ww1.lysyfyj.com/__media__/pics/29590/bg1.png

208.91.196.145

200 OK

18 kB

URL GET HTTP/1.1
ww1.lysyfyj.com/__media__/pics/29590/bg1.png
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
PNG image data, 1730 x 988, 4-bit colormap, non-interlaced\012- data
Size
18 kB (17986 bytes)
Hash
825ccd29ac102fcadaf92b2343d5917b
24472e766cfac5b82a73b219796556a0a3702bd6
0878fb2875c0ad852de8fb3e8f443afdf3064890f1443b3feccc274382f913cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /__media__/pics/29590/bg1.png HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:37:00 GMT
Content-Type: image/png
Content-Length: 17986
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 12:16:35 GMT
ETag: "4642-5ee4a7e31c9c9"
Accept-Ranges: bytes

a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1701999420&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&odw=0&dlt=1&l=en

87.230.98.74

200 OK

891 B

URL GET HTTP/1.1
a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1701999420&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&odw=0&dlt=1&l=en
IP
87.230.98.74:443
ASN
#61157 PlusServer GmbH

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint44:49:A8:C0:AF:F7:D9:6E:D0:B5:35:77:3B:05:89:CC:80:9A:8D:50
ValidityWed, 15 Nov 2023 00:31:04 GMT - Tue, 13 Feb 2024 00:31:03 GMT

File type
ASCII text, with very long lines (616), with CRLF line terminators
Size
891 B (891 bytes)
Hash
585542f63d017491481455074c878719
03b99682197a14d2f7f96df7746f97ea0f54d10e
cc5ee0a8a6a215b90d7d6219506b559b672209a64af68a46c56486ef6bf020b3

HTTP Headers

GET /delivery/cmp.php?__cmpcc=1&id=68884&o=1701999420&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&odw=0&dlt=1&l=en HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 08 Dec 2023 01:37:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Edge-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
X-XSS-Protection: 0
Last-Modified: Fri, 08 Dec 2023 01:37:00 GMT
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Content-Encoding: gzip

ww1.lysyfyj.com/__media__/fonts/montserrat-regular/montserrat-regular.woff

208.91.196.145

200 OK

17 kB

URL GET HTTP/1.1
ww1.lysyfyj.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 17264, version 2.1\012- data
Size
17 kB (17264 bytes)
Hash
a43b107861b42ce1335e41e43d4e4d00
99bdb1cec4a68ebe29249c46fefefb6880d009e5
a6542dc92d71eb412bac89d8fb06c70f15be74a64b1b4ef1633288b78f4f2ff2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /__media__/fonts/montserrat-regular/montserrat-regular.woff HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:37:00 GMT
Content-Type: font/woff
Content-Length: 17264
Connection: keep-alive
Last-Modified: Wed, 20 Jan 2021 10:45:11 GMT
ETag: "4370-5b952a63d1833"
Accept-Ranges: bytes

ww1.lysyfyj.com/__media__/fonts/montserrat-bold/montserrat-bold.woff

208.91.196.145

200 OK

17 kB

URL GET HTTP/1.1
ww1.lysyfyj.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 17312, version 2.1\012- data
Size
17 kB (17312 bytes)
Hash
bebe201d813feaad85a3e66607d0da3a
28b049502afa8e9db5340c1a92400591b39870e8
58bb75322beb862803b0d156e1a1d01fb1e7fde82ee93c929b08bf5aea9fc55b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /__media__/fonts/montserrat-bold/montserrat-bold.woff HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Cookie: sid=43c49692-956a-11ee-ad31-23fd30e18c63
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:37:00 GMT
Content-Type: font/woff
Content-Length: 17312
Connection: keep-alive
Last-Modified: Wed, 20 Jan 2021 10:45:11 GMT
ETag: "43a0-5b952a63ce953"
Accept-Ranges: bytes

a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&__cmpfcc=1&id=68884&o=1701999420&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&odw=0&dlt=1&l=en

87.230.98.74

200 OK

14 kB

URL GET HTTP/1.1
a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&__cmpfcc=1&id=68884&o=1701999420&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&odw=0&dlt=1&l=en
IP
87.230.98.74:443
ASN
#61157 PlusServer GmbH

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint44:49:A8:C0:AF:F7:D9:6E:D0:B5:35:77:3B:05:89:CC:80:9A:8D:50
ValidityWed, 15 Nov 2023 00:31:04 GMT - Tue, 13 Feb 2024 00:31:03 GMT

File type
ASCII text, with very long lines (45545), with CRLF, LF line terminators
Size
14 kB (14211 bytes)
Hash
51134e1aa016d77d8bf7fcd68cb9e30a
0d76ab4b3e803c9c8ac212a707d0cb8d72d89a5e
0efd131569ca24d501879335f50497153e26dc019f3b94e37e1e15dd235469ac

HTTP Headers

GET /delivery/cmp.php?__cmpcc=2&__cmpfcc=1&id=68884&o=1701999420&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&&l=en&odw=0&dlt=1&l=en HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 08 Dec 2023 01:37:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Edge-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
X-XSS-Protection: 0
Last-Modified: Fri, 08 Dec 2023 01:37:00 GMT
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Content-Encoding: gzip

a.delivery.consentmanager.net/delivery/info/?id=68884&did=1&cfdid=1&t=pv.d_ncs.d_ancs.d_bncs&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&o=1701999427660&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=16&dv=28&

87.230.98.74

200 OK

43 B

URL GET HTTP/1.1
a.delivery.consentmanager.net/delivery/info/?id=68884&did=1&cfdid=1&t=pv.d_ncs.d_ancs.d_bncs&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&o=1701999427660&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=16&dv=28&
IP
87.230.98.74:443
ASN
#61157 PlusServer GmbH

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint44:49:A8:C0:AF:F7:D9:6E:D0:B5:35:77:3B:05:89:CC:80:9A:8D:50
ValidityWed, 15 Nov 2023 00:31:04 GMT - Tue, 13 Feb 2024 00:31:03 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6f81c41597d3f5a336f458822cc0c32a
8cd77a54b38f1fb376b45af2eaab8f5982523b8d
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

HTTP Headers

GET /delivery/info/?id=68884&did=1&cfdid=1&t=pv.d_ncs.d_ancs.d_bncs&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&o=1701999427660&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=16&dv=28& HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 08 Dec 2023 01:37:01 GMT
Cache-Control: no-store, no-cache, must-revalidate
Edge-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
X-XSS-Protection: 0
Last-Modified: Fri, 08 Dec 2023 01:37:01 GMT
Content-Length: 43
Content-Type: image/gif

a.delivery.consentmanager.net/delivery/info/?id=68884&did=1&cfdid=1&t=cv&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&o=1701999428428&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=16&dv=28&

87.230.98.74

200 OK

43 B

URL GET HTTP/1.1
a.delivery.consentmanager.net/delivery/info/?id=68884&did=1&cfdid=1&t=cv&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&o=1701999428428&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=16&dv=28&
IP
87.230.98.74:443
ASN
#61157 PlusServer GmbH

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint44:49:A8:C0:AF:F7:D9:6E:D0:B5:35:77:3B:05:89:CC:80:9A:8D:50
ValidityWed, 15 Nov 2023 00:31:04 GMT - Tue, 13 Feb 2024 00:31:03 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6f81c41597d3f5a336f458822cc0c32a
8cd77a54b38f1fb376b45af2eaab8f5982523b8d
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

HTTP Headers

GET /delivery/info/?id=68884&did=1&cfdid=1&t=cv&h=https%3A%2F%2Fww1.lysyfyj.com%2F%3Ffp%3DZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%252BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%252FEZU37Hzhud2U3%252BcGbWD1NzM319HD%252B6ICUf6w6eRCQraDK%252BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%252FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%252BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%253D%253D%26poru%3Dj3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%253D%26_opnslfp%3D1%26&o=1701999428428&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=16&dv=28& HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 08 Dec 2023 01:37:01 GMT
Cache-Control: no-store, no-cache, must-revalidate
Edge-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
X-XSS-Protection: 0
Last-Modified: Fri, 08 Dec 2023 01:37:01 GMT
Content-Length: 43
Content-Type: image/gif

cdn.consentmanager.net/delivery/whitelabel/cmplogo.svg

185.76.9.21

200 OK

41 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/whitelabel/cmplogo.svg
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint40:27:9C:9D:30:35:40:79:7E:8D:6A:C2:06:C0:6F:B7:C6:8E:6A:2F
ValidityMon, 13 Nov 2023 17:00:32 GMT - Sun, 11 Feb 2024 17:00:31 GMT

File type
gzip compressed data, from Unix\012- data
Size
41 kB (41363 bytes)
Hash
4e469fbfdd4e9d30960996c7121f1d63
36e013313ae355299c6d0cfdbc7db86c35013e9c
24d38b90e390f18c611160cb6e3d66e6246a43616a66f9fac5f9c87e49b3444f

HTTP Headers

GET /delivery/whitelabel/cmplogo.svg HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww1.lysyfyj.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 08 Dec 2023 01:37:03 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Wed, 03 May 2023 16:01:17 GMT
etag: W/"104c-5facc2a822d40"
cache-control: max-age=31536000
expires: Wed, 04 Dec 2024 11:22:52 GMT
edge-control: max-age=2592000
x-77-nzt: EwwBuUwJFAH3J2sDAAwBuUwKAQH3BwAAAAwB1GY4CQH3BQAAAA
x-77-nzt-ray: af58563018be1b643f737265c2ba8308
x-accel-expires: @1733311372
x-accel-date: 1701775384
x-77-cache: HIT
x-77-age: 224051
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT, HIT
x-age-lb: 7, 224039
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

208.91.196.145

200 OK

35 kB

URL GET HTTP/1.1
ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10746), with CRLF, LF line terminators
Size
35 kB (34911 bytes)
Hash
64585f82cc06abbdb15e533e3dfe3ac8
945dec3d09270948ad9ce24f2235f9aa9ad7cacc
981fd9442b9e237d1d2afa438f9a25c382c5540f233719f542c1108970ead699

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1& HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:37:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_o0h/jpb++qN2nc5XIln8dzePcFm7L28ypkSppTBBs+EGUfQuIkzE3S54GFEoYbAFIAXpWsiv58w9hbA6+02/WA==

208.91.196.145

200 OK

35 kB

URL GET HTTP/1.1
ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10746), with CRLF, LF line terminators
Size
35 kB (34853 bytes)
Hash
b0fd25cc30468ade4492b8785e753f48
7d7b24a14abd62698d182bea15e11f8cfd6c510e
5c722fbed0b8c5ef7536818d6cead4cbcf00a5cfe748c4dec304ee65af06b022

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1& HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:37:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_o0h/jpb++qN2nc5XIln8dzePcFm7L28ypkSppTBBs+EGUfQuIkzE3S54GFEoYbAFIAXpWsiv58w9hbA6+02/WA==

208.91.196.145

200 OK

35 kB

URL GET HTTP/1.1
ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10746), with CRLF, LF line terminators
Size
35 kB (34923 bytes)
Hash
d4fd628531851978d0f0b3cc8571e901
1c83fc4bdcb79ff9d8694c43765b84e500290c2d
8c1aa643bd9effd369a7db19f0bf267517fd678fbc45f827d3afe1da30f89564

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1& HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:37:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_o0h/jpb++qN2nc5XIln8dzePcFm7L28ypkSppTBBs+EGUfQuIkzE3S54GFEoYbAFIAXpWsiv58w9hbA6+02/WA==

208.91.196.145

200 OK

40 kB

URL GET HTTP/1.1
ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
IP
208.91.196.145:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://ww1.lysyfyj.com/
Certificate
IssuerZeroSSL
Subjectww1.lysyfyj.com
FingerprintE5:75:1E:1F:19:52:A2:8E:9A:B9:BD:E8:1D:75:B7:8C:AD:2E:55:90
ValidityWed, 20 Sep 2023 00:00:00 GMT - Tue, 19 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10746), with CRLF, LF line terminators
Size
40 kB (39802 bytes)
Hash
2379fda9821f08858d48ef0c3c95b5a5
96f0252de584294bbed6ed9680543d33618909e2
291e7439a3892229da34ab9af1978e7d8066252ac156746cb3652bf1c10459cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1& HTTP/1.1
Host: ww1.lysyfyj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 08 Dec 2023 01:37:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_o0h/jpb++qN2nc5XIln8dzePcFm7L28ypkSppTBBs+EGUfQuIkzE3S54GFEoYbAFIAXpWsiv58w9hbA6+02/WA==

cdn.consentmanager.net/delivery/js/cmp_en.min.js

185.76.9.21

200 OK

412 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/js/cmp_en.min.js
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint40:27:9C:9D:30:35:40:79:7E:8D:6A:C2:06:C0:6F:B7:C6:8E:6A:2F
ValidityMon, 13 Nov 2023 17:00:32 GMT - Sun, 11 Feb 2024 17:00:31 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
412 kB (411779 bytes)
Hash
ecc28467dba5e202c63d439fe03dfeb6
9b0116244835d8baa5c2b27559a07936d6e4b874
9167386827d13a7d8c11aba215a3f729ea1a30a95fbd6d9a6dc85d896ab0f1ed

HTTP Headers

GET /delivery/js/cmp_en.min.js HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 08 Dec 2023 01:37:00 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 07 Dec 2023 11:01:39 GMT
etag: W/"64883-60be964576ac0"
cache-control: max-age=86400
expires: Fri, 08 Dec 2023 11:21:05 GMT
edge-control: max-age=86400
x-77-nzt: EwwBuUwJFAH3m8gAAAgBuUwKAQFhCAHUZjiZAWE
x-77-nzt-ray: af58563018be1b643c737265b6b2540a
x-77-cache: HIT
content-encoding: gzip
server: CDN77-Turbo
x-accel-expires: @1702034465
x-accel-date: 1701948065
x-cache-lb: MISS, HIT
x-age-lb: 51355
x-77-pop: stockholmSE
x-77-age: 51355
X-Firefox-Spdy: h2

cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8yNjQxNS54XzI4LnYucC50XzI2NDE1Lnh0XzI4.js

185.76.9.21

200 OK

72 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8yNjQxNS54XzI4LnYucC50XzI2NDE1Lnh0XzI4.js
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint40:27:9C:9D:30:35:40:79:7E:8D:6A:C2:06:C0:6F:B7:C6:8E:6A:2F
ValidityMon, 13 Nov 2023 17:00:32 GMT - Sun, 11 Feb 2024 17:00:31 GMT

File type
ASCII text, with very long lines (41766)
Size
72 kB (71721 bytes)
Hash
7af718961ecbec2fd078dd5b074721e1
8543ac2ae7f4d42c153bb9e91f99c076cba0c0e0
f2e723c03589e0524d5e3a22dc020ad1ea08b1f1b8dad4724421b294fc9a95b7

HTTP Headers

GET /delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8yNjQxNS54XzI4LnYucC50XzI2NDE1Lnh0XzI4.js HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 08 Dec 2023 01:37:00 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-xss-protection: 0
expires: Fri, 08 Dec 2023 01:55:28 GMT
cache-control: public, max-age=1800
edge-control: public, max-age=1800
last-modified: Fri, 08 Dec 2023 01:25:28 GMT
x-77-nzt: EwwBuUwJFAH3pQIAAAwBuUwKCQH3DwAAAAwB1GY4AQGzCQcAAA
x-77-nzt-ray: af58563018be1b643c7372654ecafc26
x-accel-expires: @1702000528
x-accel-date: 1701998743
x-77-cache: HIT
x-77-age: 2493
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT, HIT
x-age-lb: 15, 677
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

cdn.consentmanager.net/delivery/recall/logos/68884

185.76.9.21

301 Moved Permanently

4.2 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/recall/logos/68884
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint40:27:9C:9D:30:35:40:79:7E:8D:6A:C2:06:C0:6F:B7:C6:8E:6A:2F
ValidityMon, 13 Nov 2023 17:00:32 GMT - Sun, 11 Feb 2024 17:00:31 GMT

File type

Size
4.2 kB (4172 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /delivery/recall/logos/68884 HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 08 Dec 2023 01:37:00 GMT
content-type: text/javascript; charset=utf-8
expires: Fri, 08 Dec 2023 11:23:03 GMT
cache-control: public, max-age=86400
location: /delivery/whitelabel/cmplogo.svg
edge-control: public, max-age=86400, max-age=2592000
x-77-nzt: EwwBuUwJFAH3F8gAAAwBuUwKAQH3DQAAAAgB1GY4CQFh
x-77-nzt-ray: af58563018be1b643c73726544394e38
x-77-cache: HIT
x-accel-expires: @1702034584
x-accel-date: 1701948197
x-77-age: 51236
server: CDN77-Turbo
x-cache-lb: HIT, HIT
x-age-lb: 13, 51223
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

cdn.consentmanager.net/delivery/flags-square/en.svg

185.76.9.21

200 OK

32 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/flags-square/en.svg
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
https://ww1.lysyfyj.com/?fp=ZbSrv2i18YnNfPNSqSsC6n0jQLvcDPBy65hKrYcVeZdCtpEU5SHB2uP%2BwXsBr26jsoALMdWZ1Nf7bLwmWB1jwDLmTWIC7slt11QbrfbHHCvx56IDEW4SmX7qqPMZi%2FEZU37Hzhud2U3%2BcGbWD1NzM319HD%2B6ICUf6w6eRCQraDK%2BZWj6uuHNjngNbOnRUs2epbABvJXKH4YPOD%2FyF35RdK18pJ6WKBHlK6F5ECCs8DuuU7gn%2BiWXiqthBSj5W2D9LBPVJ7UoMzsZbGNzXspW8A%3D%3D&poru=j3WSD2Ib0fWF8yxh2a0CB3TOgPtAigqMVsJXSgMr4Bg%3D&_opnslfp=1&
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint40:27:9C:9D:30:35:40:79:7E:8D:6A:C2:06:C0:6F:B7:C6:8E:6A:2F
ValidityMon, 13 Nov 2023 17:00:32 GMT - Sun, 11 Feb 2024 17:00:31 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
32 kB (31529 bytes)
Hash
10c6e579553a382bfb4abf6f074e9e68
bc02899da9a57b21c584bcf75799fa1c9bcf68f4
36a01c14fbed3d5f50c6a103ac487e2b173e2025d74fbfdf4c443b0e87b4dfe0

HTTP Headers

GET /delivery/flags-square/en.svg HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.lysyfyj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 08 Dec 2023 01:37:02 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Fri, 15 Jul 2022 22:28:50 GMT
etag: W/"7b29-5e3df8ad54c80"
cache-control: max-age=31536000
expires: Wed, 27 Nov 2024 20:14:21 GMT
x-77-nzt: EwwBuUwJFAH3OmoDAAwBuUwKCQH37AAAAAwB1GY4nAHX+70IAA
x-77-nzt-ray: af58563018be1b643e737265dff6d908
x-accel-expires: @1732738461
x-accel-date: 1701775620
x-77-cache: HIT
x-77-age: 796961
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT, HIT
x-age-lb: 236, 223802
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (27)

URL

IP

ASN

File type

Size

Hash