| tomhsbombs.sa.com/cgi-bin/file/agRHOQ/bWF4aW1lLmtvZ2dlQG9kZG8tYmhmLmNvbQ==?$3p=e_et&_branch_match_id=1208767724603693018 | 45.33.30.197 | | 798 B |
URL tomhsbombs.sa.com/cgi-bin/file/agRHOQ/bWF4aW1lLmtvZ2dlQG9kZG8tYmhmLmNvbQ==?$3p=e_et&_branch_match_id=1208767724603693018 IP45.33.30.197:0 ASN#63949 Akamai Connected Cloud
File typeHTML document, ASCII text, with very long lines (718) Hashf21127229ee3096b5feac9468b34bf90 20bd78e747c3b8ef3d3b34578c639350eae49e24 0804fb936cdcdc85348c417a2c6fc3b71277222bb99ce5da348b68f2a1710184
GET /cgi-bin/file/agRHOQ/bWF4aW1lLmtvZ2dlQG9kZG8tYmhmLmNvbQ==?$3p=e_et&_branch_match_id=1208767724603693018 HTTP/1.1
Host: tomhsbombs.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Fri, 29 Mar 2024 04:55:52 GMT
content-type: text/html
transfer-encoding: chunked
content-encoding: gzip
connection: close
|
| tomhsbombs.sa.com/cgi-bin/file/agRHOQ/%E5%9D%A2%E3%91%86%E5%9D%A1%E6%B0%B1%E6%B5%8C%E7%99%B4%E3%89%9A%E6%B1%A4%E4%9D%91%E6%AC%B9%E4%9D%9A%E7%90%B8%E6%B5%99%E6%B5%A8%E6%B5%8C%E7%99%8E%E5%85%A2%E3%B4%BD?gp=1&js=1&uuid=1711688152.0033619114&other_args=eyJ1cmkiOiAiL2NnaS1iaW4vZmlsZS9hZ1JIT1EvXHU1NzYyXHUzNDQ2XHU1NzYxXHU2YzMxXHU2ZDRjXHU3Njc0XHUzMjVhXHU2YzY0XHU0NzUxXHU2YjM5XHU0NzVhXHU3NDM4XHU2ZDU5XHU2ZDY4XHU2ZDRjXHU3NjRlXHU1MTYyXHUzZDNkIiwgImFyZ3MiOiAiJDNwPWVfZXQmX2JyYW5jaF9tYXRjaF9pZD0xMjA4NzY3NzI0NjAzNjkzMDE4IiwgInJlZmVyZXIiOiAiIiwgImFjY2VwdCI6ICJ0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsKi8qO3E9MC44In0= | 45.33.20.235 | 302 Found | 0 B |
URL User Request GET HTTP/1.1tomhsbombs.sa.com/cgi-bin/file/agRHOQ/%E5%9D%A2%E3%91%86%E5%9D%A1%E6%B0%B1%E6%B5%8C%E7%99%B4%E3%89%9A%E6%B1%A4%E4%9D%91%E6%AC%B9%E4%9D%9A%E7%90%B8%E6%B5%99%E6%B5%A8%E6%B5%8C%E7%99%8E%E5%85%A2%E3%B4%BD?gp=1&js=1&uuid=1711688152.0033619114&other_args=eyJ1cmkiOiAiL2NnaS1iaW4vZmlsZS9hZ1JIT1EvXHU1NzYyXHUzNDQ2XHU1NzYxXHU2YzMxXHU2ZDRjXHU3Njc0XHUzMjVhXHU2YzY0XHU0NzUxXHU2YjM5XHU0NzVhXHU3NDM4XHU2ZDU5XHU2ZDY4XHU2ZDRjXHU3NjRlXHU1MTYyXHUzZDNkIiwgImFyZ3MiOiAiJDNwPWVfZXQmX2JyYW5jaF9tYXRjaF9pZD0xMjA4NzY3NzI0NjAzNjkzMDE4IiwgInJlZmVyZXIiOiAiIiwgImFjY2VwdCI6ICJ0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsKi8qO3E9MC44In0= IP45.33.20.235:80 ASN#63949 Akamai Connected Cloud
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cgi-bin/file/agRHOQ/%E5%9D%A2%E3%91%86%E5%9D%A1%E6%B0%B1%E6%B5%8C%E7%99%B4%E3%89%9A%E6%B1%A4%E4%9D%91%E6%AC%B9%E4%9D%9A%E7%90%B8%E6%B5%99%E6%B5%A8%E6%B5%8C%E7%99%8E%E5%85%A2%E3%B4%BD?gp=1&js=1&uuid=1711688152.0033619114&other_args=eyJ1cmkiOiAiL2NnaS1iaW4vZmlsZS9hZ1JIT1EvXHU1NzYyXHUzNDQ2XHU1NzYxXHU2YzMxXHU2ZDRjXHU3Njc0XHUzMjVhXHU2YzY0XHU0NzUxXHU2YjM5XHU0NzVhXHU3NDM4XHU2ZDU5XHU2ZDY4XHU2ZDRjXHU3NjRlXHU1MTYyXHUzZDNkIiwgImFyZ3MiOiAiJDNwPWVfZXQmX2JyYW5jaF9tYXRjaF9pZD0xMjA4NzY3NzI0NjAzNjkzMDE4IiwgInJlZmVyZXIiOiAiIiwgImFjY2VwdCI6ICJ0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsKi8qO3E9MC44In0= HTTP/1.1
Host: tomhsbombs.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://tomhsbombs.sa.com/cgi-bin/file/agRHOQ/bWF4aW1lLmtvZ2dlQG9kZG8tYmhmLmNvbQ==?$3p=e_et&_branch_match_id=1208767724603693018
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
server: openresty/1.13.6.1
date: Fri, 29 Mar 2024 04:55:53 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: http://www14.sa.com/?tdfs=1&uid=1711688153.0489810000&sbox=0&kwl=Personal%20Loans%7CCredit%20Cards%7CCar%20Insurance%7C%7C%7C%7C%7C%7C%7C%7C
referrer-policy: no-referrer
x-mtm-path: 0
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJ0b21oc2JvbWJzLnNhLmNvbSIsImh0dHA6Ly93d3cxNC5zYS5jb20vP3RkZnM9MSZ1aWQ9MTcxMTY4ODE1My4wNDg5ODEwMDAwJnNib3g9MCZrd2w9UGVyc29uYWwlMjBMb2Fuc3xDcmVkaXQlMjBDYXJkc3xDYXIlMjBJbnN1cmFuY2V8fHx8fHx8fCIsMiwiMjAyNC0wMy0yOSAwNDo1NTo1MyIsMSwiMTcxMTY4ODE1My4wNDg5ODEwMDAwIiwxNTEsbnVsbCxudWxsXQ:1rq4HR:JvRKG2oBPaFGhbg6c8wNfgnsoJc; expires=Fri, 29-Mar-2024 05:55:53 GMT; Max-Age=3600; Path=/
connection: close
|
| www14.sa.com/?tdfs=1&uid=1711688153.0489810000&sbox=0&kwl=Personal%20Loans%7CCredit%20Cards%7CCar%20Insurance%7C%7C%7C%7C%7C%7C%7C%7C | 0.0.0.0 | | 0 B |
URL User Request GET www14.sa.com/?tdfs=1&uid=1711688153.0489810000&sbox=0&kwl=Personal%20Loans%7CCredit%20Cards%7CCar%20Insurance%7C%7C%7C%7C%7C%7C%7C%7C IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?tdfs=1&uid=1711688153.0489810000&sbox=0&kwl=Personal%20Loans%7CCredit%20Cards%7CCar%20Insurance%7C%7C%7C%7C%7C%7C%7C%7C HTTP/1.1
Host: www14.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|