Report - web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB

Report Overview

Submitted URL
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8
ASN
#0
Submitted
2024-05-10 07:28:02
Access
public
Website Title
Checking your browser before accessing. Just a moment...
Final URL
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
72

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
web-amanda.com	unknown	2024-03-17	2024-03-17	2024-04-18	29 kB	88 kB	91.108.123.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed
2024-05-10	medium	web-amanda.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	unknown	37 B	2023-04-11	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31:25 Last Seen2024-05-20 22:50:23 Times Seen238909 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	unknown	79 B	2023-04-11	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38:58 Last Seen2024-05-20 22:50:23 Times Seen126821 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941	3.8 kB	2023-11-12	2024-05-20
Pretty URL web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 IP 91.108.123.8 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-12 02:47:25 Last Seen2024-05-20 22:50:23 Times Seen154 Hash 51e189f3bed2b8fd301208bf717f8c64 79f795884dbd9d843435bd03fc6ef3b8cfd581cd fa2fabde1d6234d341a131ca74541c707cca4eea376ddcba3f8d34de934d18a4 Loading...

	web-amanda.com/hcdn-cgi/jschallenge	350 B	2024-05-10	2024-05-10
Pretty URL web-amanda.com/hcdn-cgi/jschallenge IP 91.108.123.8 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 09:28:02 Last Seen2024-05-10 09:28:03 Times Seen8 Hash 23028c598b519b226f8bebb18f288b82 816f4b55656de2b66dadd5f71fd665f784b99384 503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d Loading...

HTTP Transactions (36)

URL IP Response Size

web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

91.108.123.8

403 Forbidden

2.2 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:37 GMT
content-type: text/html
content-length: 2193
vary: Accept-Encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 7742c412f6281f6670df8aae0b4b481e-bnk-edge2
X-Firefox-Spdy: h2

91.108.123.8

403 Forbidden

2.4 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:37 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 3fc49c32158df650e513fada22bdf546-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge

91.108.123.8

200 OK

278 B

URL GET HTTP/1.1
web-amanda.com/hcdn-cgi/jschallenge
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
ASCII text
Size
278 B (278 bytes)
Hash
23028c598b519b226f8bebb18f288b82
816f4b55656de2b66dadd5f71fd665f784b99384
503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 6cf866484656c9d9f93d2e4df16fd47c-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

web-amanda.com/favicon.ico

91.108.123.8

403 Forbidden

2.4 kB

URL GET HTTP/1.1
web-amanda.com/favicon.ico
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:37 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f1acd80fb95b9a7196c01c2380bf932e-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge-validate

91.108.123.8

0 B

URL
web-amanda.com/hcdn-cgi/jschallenge-validate
IP
91.108.123.8:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:40 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 1a436f24044faf97db251af1149a7a90-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

91.108.123.8

403 Forbidden

2.2 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:40 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: d0f9eb1f0439d2924f093e4ed7df89bb-bnk-edge2

91.108.123.8

403 Forbidden

2.4 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:40 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8ecec6766da7e4f260da9528adfc05f2-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge

91.108.123.8

200 OK

278 B

URL GET HTTP/1.1
web-amanda.com/hcdn-cgi/jschallenge
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
ASCII text
Size
278 B (278 bytes)
Hash
23028c598b519b226f8bebb18f288b82
816f4b55656de2b66dadd5f71fd665f784b99384
503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 192912dfb31a13e15b09a2f73921c86d-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

web-amanda.com/favicon.ico

91.108.123.8

403 Forbidden

2.4 kB

URL GET HTTP/1.1
web-amanda.com/favicon.ico
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:40 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 1876c5b3e22495ce03af9b3ef1905980-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge-validate

91.108.123.8

0 B

URL
web-amanda.com/hcdn-cgi/jschallenge-validate
IP
91.108.123.8:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA1p5jqV5Mr1vQZ1rWswGSviybsl8a7zCwmzFgEDXC-NVszD1mAAAAAADOAADdY32npVIinmcVQ4o1QtptAAAAr56IOANrDq5sbGqvlHjAcA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:43 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8a37081230ec8a25f07315f378598094-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

91.108.123.8

403 Forbidden

2.2 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:44 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 387a02ded81eb351fb748a29829088a9-bnk-edge2

91.108.123.8

403 Forbidden

2.4 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:44 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: b2fa5dca86cbc825d3a63dd16b4d2940-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge

91.108.123.8

200 OK

278 B

URL GET HTTP/1.1
web-amanda.com/hcdn-cgi/jschallenge
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
ASCII text
Size
278 B (278 bytes)
Hash
23028c598b519b226f8bebb18f288b82
816f4b55656de2b66dadd5f71fd665f784b99384
503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: d1a1ae28cbf7c36751988d1eec36e6f5-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

web-amanda.com/favicon.ico

91.108.123.8

403 Forbidden

2.4 kB

URL GET HTTP/1.1
web-amanda.com/favicon.ico
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:44 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 76d1641fc5fa09acb1a9ecf6797696cf-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge-validate

91.108.123.8

0 B

URL
web-amanda.com/hcdn-cgi/jschallenge-validate
IP
91.108.123.8:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA34Uy4y2QlvF3hW3JR-Bt9KrtAPZTA643Jg9WGSL0L7hszD1mAAMAAADnAABl_IS8RB681KW6bXCeuuoqAAAAc7TX6Bvc32cr21D6ZlG0DQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:47 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 22830ee0314d71dac9bc5f426966d785-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

91.108.123.8

403 Forbidden

2.2 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:47 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: aa79fd63554ea210988fee1891df29a0-bnk-edge2

91.108.123.8

403 Forbidden

2.4 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:47 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f7618efb8175d10db1143e90b17e6374-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge

91.108.123.8

200 OK

278 B

URL GET HTTP/1.1
web-amanda.com/hcdn-cgi/jschallenge
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
ASCII text
Size
278 B (278 bytes)
Hash
23028c598b519b226f8bebb18f288b82
816f4b55656de2b66dadd5f71fd665f784b99384
503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8d41bcceecd5286c9d6d392cc8295f53-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

web-amanda.com/favicon.ico

91.108.123.8

403 Forbidden

2.4 kB

URL GET HTTP/1.1
web-amanda.com/favicon.ico
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:47 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 7aff0b1182800ee6c91bdaf9fb198918-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge-validate

91.108.123.8

0 B

URL
web-amanda.com/hcdn-cgi/jschallenge-validate
IP
91.108.123.8:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAoueqy0yeLf2rp4MPzOJObmHb6NBOwx6aOjHMjVrPRI9szD1mAAcAAADnAAAZFzXCVLLyySeq-ALq_fxPAAAATVLSfdb19REMMTYZ_BZPnQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:50 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: fd866e477462d7aab266bca444cc7cca-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

91.108.123.8

403 Forbidden

2.2 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:50 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: aae51a7e39f7ebb87deb7be9cbe4c483-bnk-edge2

91.108.123.8

403 Forbidden

2.4 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:50 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 26fd2e6e42466c1992ddd7be056d1df4-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge

91.108.123.8

200 OK

278 B

URL GET HTTP/1.1
web-amanda.com/hcdn-cgi/jschallenge
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
ASCII text
Size
278 B (278 bytes)
Hash
23028c598b519b226f8bebb18f288b82
816f4b55656de2b66dadd5f71fd665f784b99384
503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: d9e1a9665d37c5e18be3b5bb55a91e74-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

web-amanda.com/favicon.ico

91.108.123.8

403 Forbidden

2.4 kB

URL GET HTTP/1.1
web-amanda.com/favicon.ico
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:50 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 702858a4f5e8c979b00a1c6a1df22b67-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge-validate

91.108.123.8

0 B

URL
web-amanda.com/hcdn-cgi/jschallenge-validate
IP
91.108.123.8:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAOyvk1Pb45PF4Mr7R2DM5q4Sr5rrodTBMriIHjcE16HVszD1mAAoAAADnAAC30wwOnK7IzhbCVoBjgv4QAAAABmcTRo3rtE_0nFAXsuA3KA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:53 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: bf66d4308da4f2b383a91592710803a6-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

91.108.123.8

403 Forbidden

2.2 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:53 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 9f66f46f082a7bb86515a8ce44b688ad-bnk-edge2

91.108.123.8

403 Forbidden

2.4 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:53 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 3157baddb826296faea77a251a34ce47-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge

91.108.123.8

200 OK

278 B

URL GET HTTP/1.1
web-amanda.com/hcdn-cgi/jschallenge
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
ASCII text
Size
278 B (278 bytes)
Hash
23028c598b519b226f8bebb18f288b82
816f4b55656de2b66dadd5f71fd665f784b99384
503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 433a0d0a7533cead30a1561f537fcedf-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

web-amanda.com/favicon.ico

91.108.123.8

403 Forbidden

2.4 kB

URL GET HTTP/1.1
web-amanda.com/favicon.ico
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:53 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: ed604a7f4f2c77de948c6a1107c7231c-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge-validate

91.108.123.8

0 B

URL
web-amanda.com/hcdn-cgi/jschallenge-validate
IP
91.108.123.8:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA8jOY8w7fuYWAFWG3Q9XYkqvTLb7HZYahq1LWHs8pq2dszD1mAA0AAADnAABAo7uvOdhC7FK_JS2EP5IkAAAA0E1NqDyjfeceF_r1-0V4MQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:56 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8de62aa3255dc7e4e1847dbba4a3f380-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

91.108.123.8

403 Forbidden

2.2 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:56 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 291ac617ba047df5a705b9a2c246b975-bnk-edge2

91.108.123.8

403 Forbidden

2.4 kB

URL User Request GET HTTP/1.1
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:80
ASN
#0

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:57 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 7e38c04381cfea1ef4d64a4c97b5fcdb-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge

91.108.123.8

200 OK

278 B

URL GET HTTP/1.1
web-amanda.com/hcdn-cgi/jschallenge
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
ASCII text
Size
278 B (278 bytes)
Hash
23028c598b519b226f8bebb18f288b82
816f4b55656de2b66dadd5f71fd665f784b99384
503802c2298d23cf296f5568ec33eb83b87c30a55a7c2770fcf8a3ac1ca7ea5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:27:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 2ceee0579a0eeb986a33e2ddb9cedea5-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

web-amanda.com/favicon.ico

91.108.123.8

403 Forbidden

2.4 kB

URL GET HTTP/1.1
web-amanda.com/favicon.ico
IP
91.108.123.8:80
ASN
#0

Requested by
http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 07:27:57 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: c0ae49cb276be9d4974b21bd0ac7f653-bnk-edge1

web-amanda.com/hcdn-cgi/jschallenge-validate

91.108.123.8

0 B

URL
web-amanda.com/hcdn-cgi/jschallenge-validate
IP
91.108.123.8:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://web-amanda.com
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 07:28:00 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEATZNWlkYdhNvcByZxJdqTFhJbM7RekFVWDpKSHz5eZ5pszD1mABQAAADnAABfIek12yas-soEsu_Ukek8AAAABnOpuG6FCZM5pSuvxUv8Rg; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 545895469d2bf6050659bc28f9e15689-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

91.108.123.8

403 Forbidden

4.8 kB

URL User Request GET HTTP/3
web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
IP
91.108.123.8:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectweb-amanda.com
Fingerprint81:A9:F9:52:25:31:FF:F5:4E:B6:D9:64:E9:D0:19:CC:D8:FD:3F:38
ValiditySun, 17 Mar 2024 09:12:50 GMT - Sat, 15 Jun 2024 09:12:49 GMT

File type
HTML document, ASCII text, with very long lines (4820), with no line terminators
Size
4.8 kB (4792 bytes)
Hash
e8340922ffd5ebc1a0a067aefd1a7e38
530c63f5b8f33524acb69a4bd75183fdcf576199
82c7beca14b794091bbf6672788aef2b6e8dc28d9b1fc051ef0c71e87f8e63c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941 HTTP/1.1
Host: web-amanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://web-amanda.com/antivirus/totalproduct/totalav/totaladblock2.html?bemobdata=c=9cd26d06-2a53-4230-9385-a32aacfc7ab1..l=0cc5622e-8f70-4aa2-92e7-651b69bee8c2..a=0..b=0..r=http://www~BEMOB_DOT~web-amanda~BEMOB_DOT~com..ts=1715261450941
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAnT_NxszYL27aHpByGDVL9CcnCV354dWvT1sEL1I42TlszD1mABAAAADnAAAUhbbH1ej2L_tSzdLWoHl3AAAAksV57R7jysgB4O6d1i7APA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 07:27:56 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 291ac617ba047df5a705b9a2c246b975-bnk-edge2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (36)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size