| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:37 GMT
content-type: text/html
content-length: 2193
vary: Accept-Encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 7742c412f6281f6670df8aae0b4b481e-bnk-edge2
X-Firefox-Spdy: h2
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:37 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 3fc49c32158df650e513fada22bdf546-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge | 91.108.123.8 | 200 OK | 278 B |
URL GET HTTP/1.1web-amanda.com/hcdn-cgi/jschallenge IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Hash23028c598b519b226f8bebb18f288b82 816f4b55656de2b66dadd5f71fd665f784b99384 503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 6cf866484656c9d9f93d2e4df16fd47c-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| web-amanda.com/favicon.ico | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL GET HTTP/1.1web-amanda.com/favicon.ico IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:37 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f1acd80fb95b9a7196c01c2380bf932e-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge-validate | 91.108.123.8 | | 0 B |
URL web-amanda.com/hcdn-cgi/jschallenge-validate IP91.108.123.8:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:40 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 1a436f24044faf97db251af1149a7a90-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:40 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: d0f9eb1f0439d2924f093e4ed7df89bb-bnk-edge2
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:40 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8ecec6766da7e4f260da9528adfc05f2-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge | 91.108.123.8 | 200 OK | 278 B |
URL GET HTTP/1.1web-amanda.com/hcdn-cgi/jschallenge IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Hash23028c598b519b226f8bebb18f288b82 816f4b55656de2b66dadd5f71fd665f784b99384 503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 192912dfb31a13e15b09a2f73921c86d-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| web-amanda.com/favicon.ico | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL GET HTTP/1.1web-amanda.com/favicon.ico IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:40 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 1876c5b3e22495ce03af9b3ef1905980-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge-validate | 91.108.123.8 | | 0 B |
URL web-amanda.com/hcdn-cgi/jschallenge-validate IP91.108.123.8:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:43 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8a37081230ec8a25f07315f378598094-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:44 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 387a02ded81eb351fb748a29829088a9-bnk-edge2
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:44 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: b2fa5dca86cbc825d3a63dd16b4d2940-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge | 91.108.123.8 | 200 OK | 278 B |
URL GET HTTP/1.1web-amanda.com/hcdn-cgi/jschallenge IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Hash23028c598b519b226f8bebb18f288b82 816f4b55656de2b66dadd5f71fd665f784b99384 503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: d1a1ae28cbf7c36751988d1eec36e6f5-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| web-amanda.com/favicon.ico | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL GET HTTP/1.1web-amanda.com/favicon.ico IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:44 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 76d1641fc5fa09acb1a9ecf6797696cf-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge-validate | 91.108.123.8 | | 0 B |
URL web-amanda.com/hcdn-cgi/jschallenge-validate IP91.108.123.8:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:47 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 22830ee0314d71dac9bc5f426966d785-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:47 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: aa79fd63554ea210988fee1891df29a0-bnk-edge2
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:47 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f7618efb8175d10db1143e90b17e6374-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge | 91.108.123.8 | 200 OK | 278 B |
URL GET HTTP/1.1web-amanda.com/hcdn-cgi/jschallenge IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Hash23028c598b519b226f8bebb18f288b82 816f4b55656de2b66dadd5f71fd665f784b99384 503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8d41bcceecd5286c9d6d392cc8295f53-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| web-amanda.com/favicon.ico | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL GET HTTP/1.1web-amanda.com/favicon.ico IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:47 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 7aff0b1182800ee6c91bdaf9fb198918-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge-validate | 91.108.123.8 | | 0 B |
URL web-amanda.com/hcdn-cgi/jschallenge-validate IP91.108.123.8:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:50 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: fd866e477462d7aab266bca444cc7cca-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:50 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: aae51a7e39f7ebb87deb7be9cbe4c483-bnk-edge2
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:50 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 26fd2e6e42466c1992ddd7be056d1df4-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge | 91.108.123.8 | 200 OK | 278 B |
URL GET HTTP/1.1web-amanda.com/hcdn-cgi/jschallenge IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Hash23028c598b519b226f8bebb18f288b82 816f4b55656de2b66dadd5f71fd665f784b99384 503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: d9e1a9665d37c5e18be3b5bb55a91e74-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| web-amanda.com/favicon.ico | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL GET HTTP/1.1web-amanda.com/favicon.ico IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:50 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 702858a4f5e8c979b00a1c6a1df22b67-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge-validate | 91.108.123.8 | | 0 B |
URL web-amanda.com/hcdn-cgi/jschallenge-validate IP91.108.123.8:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:53 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: bf66d4308da4f2b383a91592710803a6-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:53 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 9f66f46f082a7bb86515a8ce44b688ad-bnk-edge2
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:53 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 3157baddb826296faea77a251a34ce47-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge | 91.108.123.8 | 200 OK | 278 B |
URL GET HTTP/1.1web-amanda.com/hcdn-cgi/jschallenge IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Hash23028c598b519b226f8bebb18f288b82 816f4b55656de2b66dadd5f71fd665f784b99384 503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 433a0d0a7533cead30a1561f537fcedf-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| web-amanda.com/favicon.ico | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL GET HTTP/1.1web-amanda.com/favicon.ico IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:53 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: ed604a7f4f2c77de948c6a1107c7231c-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge-validate | 91.108.123.8 | | 0 B |
URL web-amanda.com/hcdn-cgi/jschallenge-validate IP91.108.123.8:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:56 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8de62aa3255dc7e4e1847dbba4a3f380-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:56 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 291ac617ba047df5a705b9a2c246b975-bnk-edge2
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/1.1web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:80
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:57 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 7e38c04381cfea1ef4d64a4c97b5fcdb-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge | 91.108.123.8 | 200 OK | 278 B |
URL GET HTTP/1.1web-amanda.com/hcdn-cgi/jschallenge IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Hash23028c598b519b226f8bebb18f288b82 816f4b55656de2b66dadd5f71fd665f784b99384 503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 2ceee0579a0eeb986a33e2ddb9cedea5-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| web-amanda.com/favicon.ico | 91.108.123.8 | 403 Forbidden | 2.4 kB |
URL GET HTTP/1.1web-amanda.com/favicon.ico IP91.108.123.8:80
Requested byhttp://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:57 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: c0ae49cb276be9d4974b21bd0ac7f653-bnk-edge1
|
|
| web-amanda.com/hcdn-cgi/jschallenge-validate | 91.108.123.8 | | 0 B |
URL web-amanda.com/hcdn-cgi/jschallenge-validate IP91.108.123.8:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:28:00 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEATZNWlkYdhNvcByZxJdqTFhJbM7RekFVWDpKSHz5eZ5pszD1mABQAAADnAABfIek12yas-soEsu_Ukek8AAAABnOpuG6FCZM5pSuvxUv8Rg; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 545895469d2bf6050659bc28f9e15689-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 | 91.108.123.8 | 403 Forbidden | 4.8 kB |
URL User Request GET HTTP/3web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP91.108.123.8:443
CertificateIssuerLet's Encrypt Subjectweb-amanda.com Fingerprint81:A9:F9:52:25:31:FF:F5:4E:B6:D9:64:E9:D0:19:CC:D8:FD:3F:38 ValiditySun, 17 Mar 2024 09:12:50 GMT - Sat, 15 Jun 2024 09:12:49 GMT
File typeHTML document, ASCII text, with very long lines (4820), with no line terminators Hashe8340922ffd5ebc1a0a067aefd1a7e38 530c63f5b8f33524acb69a4bd75183fdcf576199 82c7beca14b794091bbf6672788aef2b6e8dc28d9b1fc051ef0c71e87f8e63c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:56 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 291ac617ba047df5a705b9a2c246b975-bnk-edge2
|
|