Report - www.amdahost.com/watch_direct.php?id=c7c3a08a8a

Report Overview

Submitted URL
www.amdahost.com/watch_direct.php?id=c7c3a08a8a
IP
104.21.40.89
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 02:20:35
Access
public
Website Title
Video [Clan Without Taboo I Want to Fuck My Stepsisters Delicious Pussy]
Final URL
www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
js.capndr.com	316718	2021-08-30	2021-08-30	2024-05-07	403 B	374 B	45.133.44.53
mpougdusr.com	unknown	unknown	No data	No data	6.1 kB	171 kB	212.117.190.201
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-05-07	496 B	7.5 kB	104.16.80.73
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2024-05-06	2.1 kB	1.6 kB	157.90.84.242
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	3.5 kB	13 kB	142.250.74.106
nereserv.com	40015	2020-12-21	2020-12-21	2024-05-07	2.3 kB	1.3 kB	157.90.84.246
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-06	1.8 kB	13 kB	64.233.165.84
pyknrhm5c.com	unknown	unknown	No data	No data	2.7 kB	105 kB	212.117.190.201
js.mbidpp.com	unknown	2023-02-20	2023-04-22	2024-02-23	420 B	101 kB	45.133.44.53
vjs.zencdn.net	4968	2011-12-27	2012-05-21	2024-05-07	423 B	13 kB	151.101.130.217
32879.2481april2024.com	unknown	unknown	No data	No data	1.8 kB	15 kB	88.208.22.4
bid.mbidtg.com	unknown	2023-03-09	2023-03-09	2024-05-02	446 B	2.9 kB	45.133.44.24
imdn.pics	unknown	2023-09-14	2023-09-14	2024-05-07	1.7 kB	28 kB	45.133.44.24
www.amdahost.com	unknown	2024-03-17	2024-03-21	2024-04-18	7.4 kB	5.2 MB	172.67.183.69
b57dqedu4.com	unknown	unknown	No data	No data	1.9 kB	84 kB	212.117.190.201
cdn.pncloudfl.com	13313	2021-04-20	2021-06-07	2024-05-07	946 B	188 kB	172.67.25.161
p.a64x.com	unknown	2023-07-27	2023-07-27	2024-05-06	3.0 kB	1.4 kB	172.67.185.171
zovidree.com	unknown	2024-02-23	2024-02-24	2024-04-22	400 B	91 kB	172.67.166.14
metricswpsh.com	unknown	2021-10-29	2021-11-02	2024-05-02	825 B	322 B	168.119.25.78
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-07	445 B	18 kB	151.101.65.229
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-07	431 B	31 kB	216.58.207.234
82c39cef22.0a3036d0e7.com	unknown	unknown	No data	No data	833 B	320 B	45.133.44.53
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-06	932 B	745 B	139.45.195.8
js.mbidadm.com	unknown	2023-02-20	2023-02-21	2024-05-01	820 B	112 kB	45.133.44.52
cdn.fluidplayer.com	33284	2016-09-22	2017-08-29	2024-05-06	877 B	118 kB	185.76.9.24
mbddip.com	unknown	2023-04-26	2023-07-14	2024-05-06	607 B	320 B	157.90.84.246
mbdippex.com	unknown	2023-04-26	2023-06-06	2024-03-26	9.1 kB	7.3 kB	157.90.84.246
static.bookmsg.com	47495	2020-09-15	2020-11-24	2024-05-07	1.8 kB	3.0 kB	45.133.44.24
1e7942d985.fff2788093.com	unknown	unknown	No data	No data	8.6 kB	951 B	157.90.84.246
glakaits.net	unknown	unknown	No data	No data	1.1 kB	3.5 kB	139.45.197.242
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20	2024-05-08	429 B	788 B	172.217.21.162
1202bb3601.29972123f3.com	unknown	unknown	No data	No data	1.8 kB	317 kB	45.133.44.53
mcpuwpsh.com	unknown	2022-08-12	2022-08-12	2024-05-05	485 B	5.1 kB	94.130.197.240
storage.mbidstorage.com	unknown	2024-02-27	2024-03-05	2024-04-27	11 kB	13 kB	104.21.65.172
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2024-05-07	528 B	1.6 kB	172.67.174.51
cdn.tailwindcss.com	422202	2017-07-20	2018-07-09	2024-05-07	811 B	480 kB	104.22.20.144
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-07	1.1 kB	29 kB	216.58.207.227
o.pki.goog	unknown	2016-06-13	2024-04-24	2024-05-06	650 B	1.4 kB	142.250.74.99
js.mbidinp.com	unknown	2023-02-20	2023-04-25	2024-05-06	832 B	157 kB	45.133.44.52
zokaukree.net	unknown	unknown	No data	No data	466 B	4.2 kB	139.45.197.245

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	29972123f3.com	Sinkholed
2024-05-08	medium	fff2788093.com	Sinkholed
2024-05-08	medium	fff2788093.com	Sinkholed
2024-05-08	medium	29972123f3.com	Sinkholed
2024-05-08	medium	29972123f3.com	Sinkholed
2024-05-07	medium	zokaukree.net	Sinkholed
2024-05-08	medium	29972123f3.com	Sinkholed
2024-05-08	medium	fff2788093.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (28)

	URL	Size	First Seen	Last Seen
	js.mbidadm.com/static/scripts.js	1.7 kB	2024-04-12	2024-05-18
Pretty URL js.mbidadm.com/static/scripts.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 00:52:21 Last Seen2024-05-18 23:11:41 Times Seen65 Hash 7e14d1597d1dd442175d8ee15cb07f07 de55b2463f332f2096d788047f8a7b07a776e437 cf31e107e8cb091c9477fe99de3a57a65486fe87becf0e8f469846949beff9f3 Loading...

	pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js	91 kB	2024-05-05	2024-05-09
Pretty URL pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 00:39:25 Last Seen2024-05-09 15:53:35 Times Seen26 Hash e0411427d3a21e45aeedb135ad163c3b fa7604ba1e0c74bb7f8ffb0d229ec10677872813 30e20e87ce0312c597365ca972e0e0bc4470a1ac11b6f6c026d5aa342d6576cd Loading...

	mpougdusr.com/bultykh/ipp24/7/bazinga/2020090	158 kB	2024-05-03	2024-05-09
Pretty URL mpougdusr.com/bultykh/ipp24/7/bazinga/2020090 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:40:35 Last Seen2024-05-09 15:53:33 Times Seen37 Hash c6ea5aedb4469e81f7d41b0eec41f409 7d7edc7b87462fb56c5e3c17c86bebad542d1d6f 72ad45cf0dd548c1f9611c35289dec90c22375b45bf1aa33d6a14ac7f896865b Loading...

	pyknrhm5c.com/get/2025683?p=2025683&jp=_cla2x3x88hiogb2imt3yh9&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7993702422673920&eclog=0&im=1&freq=0&uf=0	12 kB	2024-05-08	2024-05-08
Pretty URL pyknrhm5c.com/get/2025683?p=2025683&jp=_cla2x3x88hiogb2imt3yh9&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7993702422673920&eclog=0&im=1&freq=0&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 04:20:43 Last Seen2024-05-08 04:20:45 Times Seen2 Hash faf459db84d09eae33822db0db75d5f5 11679d7fb85e5e76b17c3e5e028607dab2311019 14661a86a03bb9ead278daf4ef17a1c06b9f38c7aad5b46ee10a89a26fd13c43 Loading...

	mpougdusr.com/get/2020090?zoneid=2020090&jp=_clbizx9zsydclu63bx3o8i&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5178952655559168&eclog=0&im=1&freq=0&uf=0	11 kB	2024-05-08	2024-05-08
Pretty URL mpougdusr.com/get/2020090?zoneid=2020090&jp=_clbizx9zsydclu63bx3o8i&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5178952655559168&eclog=0&im=1&freq=0&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 04:20:43 Last Seen2024-05-08 04:20:45 Times Seen2 Hash 0624ac5904b6f0d6a5111265ecac0cf8 3bbbb257402f183573b6d9388c13b9909ede549b 0c9543c3c078ddaa643fae780d0379f1ec9db1585387ada4006d01785c04680a Loading...

	1202bb3601.29972123f3.com/569f22a889f80ae5fb51436365dfe21c.js	101 kB	2024-05-06	2024-05-16
Pretty URL 1202bb3601.29972123f3.com/569f22a889f80ae5fb51436365dfe21c.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-06 11:08:30 Last Seen2024-05-16 07:55:12 Times Seen535 Hash 0cbfae16446f6ff17f3f18758b41e37c fdcba827008b6f52caa67735b295f7fab6f26a04 4f5cece30fb18d801a39950fe09419aa3280c654a323e72733b3204ad11a7a33 Loading...

	b57dqedu4.com/get/2020088?zoneid=2020088&jp=_clpbfgwszbs6w01swh5kzg&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334527725341696&eclog=0&im=1&uf=0	2.9 kB	2024-05-08	2024-05-08
Pretty URL b57dqedu4.com/get/2020088?zoneid=2020088&jp=_clpbfgwszbs6w01swh5kzg&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334527725341696&eclog=0&im=1&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 04:20:44 Last Seen2024-05-08 04:20:44 Times Seen1 Hash 9786a25ae6ab2faf07198357b2acd43b 10a2912dedec1b0d0dec1a23a3e05e090c09f91a 61b70eae9ef62244a3fed142a8a7bf82b0960fa55d543edda4b0116f7ff2917f Loading...

	32879.2481april2024.com/4/js/233169	17 kB	2024-05-08	2024-05-08
Pretty URL 32879.2481april2024.com/4/js/233169 IP 88.208.22.4 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 04:20:44 Last Seen2024-05-08 04:20:44 Times Seen2 Hash 90e3301a885cd353943057045de0e7dc f3e70ecdfa170a5f5516fb4cd30193074c7fd609 8f0d891091ee828e4a15ba9bd2f3c6e7678147a49e8034c027e8d4658930f4c6 Loading...

	www.amdahost.com/watch_direct.php?id=c7c3a08a8a	1.1 kB	2024-05-05	2024-05-09
Pretty URL www.amdahost.com/watch_direct.php?id=c7c3a08a8a IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-05 18:31:32 Last Seen2024-05-09 15:53:32 Times Seen6 Hash 39c54041ee8117304161418adba6f7a4 97670dc581cbd864e84af58d8beafd09a4f729ba 5d66aabc8d6ea5f5356e43abe4be0e7d9cf5f6934373683ed6a9ba7106f0d2e2 Loading...

	js.mbidinp.com/skins/nmain.m.js	470 kB	2024-04-16	2024-05-19
Pretty URL js.mbidinp.com/skins/nmain.m.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:37:10 Last Seen2024-05-19 08:20:42 Times Seen1379 Hash 2902e331e5e735ad63e7510dfc434c5b 8f276d26159f74561fb370144b8cafba8bcc8bd3 26106440376cfc59241a9ef152d26483d436f1c155744bda92a41d3906e60ba2 Loading...

	cdn.tailwindcss.com/	366 kB	2024-03-28	2024-05-19
Pretty URL cdn.tailwindcss.com/ IP 104.22.20.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 05:53:51 Last Seen2024-05-19 17:41:52 Times Seen507 Hash 4bdcdace639cc6c0f08a15c295482172 6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31 d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c Loading...

	1202bb3601.29972123f3.com/2721bcba9600cbbb8e7c3e12932bf7a2.js	109 kB	2024-05-07	2024-05-08
Pretty URL 1202bb3601.29972123f3.com/2721bcba9600cbbb8e7c3e12932bf7a2.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 15:50:14 Last Seen2024-05-08 10:46:12 Times Seen53 Hash a1e224a8e52887d745fa52fef1c2387a a9da064636d2a4af29d63c0667f902ae19417e11 d82282a432e0c5f65df9b379bd3d016d49a936f70c8d831e1dc1756e455888ea Loading...

	www.amdahost.com/watch_direct.php?id=c7c3a08a8a	700 B	2024-05-08	2024-05-08
Pretty URL www.amdahost.com/watch_direct.php?id=c7c3a08a8a IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 04:20:44 Last Seen2024-05-08 04:20:44 Times Seen1 Hash fffeb7d8ff0df84fa0e45dc25c59f3f8 4c589299a5a8be7944c9a708e9738138ae5917b6 146e917b813405a94db8c66406d8fc377dc26bcb56c95e93f7723192fde449d2 Loading...

	www.amdahost.com/watch_direct.php?id=c7c3a08a8a	192 B	2024-05-07	2024-05-09
Pretty URL www.amdahost.com/watch_direct.php?id=c7c3a08a8a IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 06:09:42 Last Seen2024-05-09 03:42:21 Times Seen9 Hash 983cf614c8d893b18d7f62c5f5cf37eb 0dd65aae75b152bf5663aa6eaf2281fa35fbc918 b9fff563451906887c412e545903684bb80c61c369c8b11e5256f5fcbed91647 Loading...

	www.amdahost.com/watch_direct.php?id=c7c3a08a8a	6.4 kB	2024-04-21	2024-05-09
Pretty URL www.amdahost.com/watch_direct.php?id=c7c3a08a8a IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-21 00:00:40 Last Seen2024-05-09 15:53:33 Times Seen38 Hash 729b602ae59da0a8a578c627f0c8e252 55588035e45b31ca4c5066d0155bd092a6fabcda b5ce04d261257f877cfa642ea13d645c29e8c474ef571d0f300c81900d226302 Loading...

	zovidree.com/tag.min.js	90 kB	2024-05-05	2024-05-08
Pretty URL zovidree.com/tag.min.js IP 172.67.166.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 20:08:02 Last Seen2024-05-08 04:20:45 Times Seen75 Hash 7573260aff69fe8406b0115ab4bcefaa f7f5c31f2481bd176a9b79deff1b7c0d4878f87c 280186476a1f8103793e2139d4654b16f61a2a1d393966388f55b8ed795ebba3 Loading...

	storage.multstorage.com/log/count.html	718 B	2023-09-18	2024-05-19
Pretty URL storage.multstorage.com/log/count.html IP 172.67.174.51 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19:52 Last Seen2024-05-19 20:03:50 Times Seen5572 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js	88 kB	2023-08-31	2024-05-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 16:03:19 Last Seen2024-05-19 19:49:58 Times Seen9838 Hash 2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Loading...

	www.amdahost.com/watch_direct.php?id=c7c3a08a8a	1.1 kB	2024-05-08	2024-05-08
Pretty URL www.amdahost.com/watch_direct.php?id=c7c3a08a8a IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 04:20:44 Last Seen2024-05-08 04:20:44 Times Seen1 Hash bf45764fb077596af2923b5602d04e8a 46f2d409cf0534bb3158bfe24337b97085f5948f 5bb13f013253d1367ace5eb208435bc5603700f990721882964d77752477dceb Loading...

	js.mbidadm.com/static/scripts.m.js	109 kB	2024-05-07	2024-05-08
Pretty URL js.mbidadm.com/static/scripts.m.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 23:59:28 Last Seen2024-05-08 04:51:47 Times Seen7 Hash 6a133514aa17f62ade6d637fb2c0693f 30ec6cffa2fd557334979cc58d5054bf04b7d686 814eb324daf8e63b8a19b29985c940a560f9bbcac7bf4ebda621e9e2ec8fc5cd Loading...

	js.capndr.com/advertising.js	0 B	2023-03-07	2024-05-19
Pretty URL js.capndr.com/advertising.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 20:08:45 Times Seen37841081 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	1202bb3601.29972123f3.com/85e8405e316bc191fffad51abaff7a3c.js	169 kB	2024-04-25	2024-05-16
Pretty URL 1202bb3601.29972123f3.com/85e8405e316bc191fffad51abaff7a3c.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:48:27 Last Seen2024-05-16 08:49:21 Times Seen1042 Hash e164f0fc509991890121aa763019689d 16f901a89a57f87c90d6cea80cff9f8bd32756dc fdd439b2c8d28676c5e03847afc19252a3d6d88a670ba48db4ac020866c6b6ec Loading...

	cdn.fluidplayer.com/v3/current/fluidplayer.min.js	233 kB	2024-04-06	2024-05-19
Pretty URL cdn.fluidplayer.com/v3/current/fluidplayer.min.js IP 185.76.9.24 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-06 22:07:12 Last Seen2024-05-19 04:40:27 Times Seen154 Hash 9829e8e730a9125e695789512d85177a e20a0d55ab1722ef3ad13741a2b8975413d43909 7c38ede4727de973827091514a83d24a039bda1d0d4cac219eb20571a2cc3698 Loading...

	static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387	19 kB	2024-04-24	2024-05-19
Pretty URL static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:56:41 Last Seen2024-05-19 19:44:40 Times Seen2541 Hash 4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192 Loading...

	unknown	247 B	2024-05-08	2024-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 04:20:44 Last Seen2024-05-08 04:20:44 Times Seen1 Hash 8d395ba787b3a56f3830e036328a41c3 64d9f909cd5e52da9e7722a754f66d6b3a994ab1 85a7b4bc0e2bfd88a297d5478b96eb6818a0e0a1c0ad7e4a3a732d0cad417158 Loading...

	www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-05-08	2024-05-08
Pretty URL www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 04:20:44 Last Seen2024-05-08 04:20:45 Times Seen2 Hash 456bf3e3dad6f5ede6f71ba681a332ba aca7e19d20a96e158702117fdf51203c1a1404cc 08e0d5aaa5f3972ebb42394c109dc71e7da952974b34389ce35f77f95eb004ef Loading...

	b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js	106 kB	2024-05-03	2024-05-09
Pretty URL b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:40:35 Last Seen2024-05-09 15:53:33 Times Seen34 Hash 5c1245ce45f7e0a8ff772bf695857a27 fad29ae9877616251044562b679427d9450199f7 9eee888953ac3827e3a1951d646e67fd6c34a47c7f4ff861c8b875218889513b Loading...

	www.amdahost.com/watch_direct.php?id=c7c3a08a8a	109 B	2024-01-26	2024-05-09
Pretty URL www.amdahost.com/watch_direct.php?id=c7c3a08a8a IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-26 19:51:30 Last Seen2024-05-09 15:53:33 Times Seen39 Hash abd3eda1d5f4b0fe7f9c99f43eb150b1 284cfcd4d397568f57e7119072af359d0e9690a0 fa9aeea174a0931635c6509c1484d92671e2adbd83146b79ddce59040cc32760 Loading...

HTTP Transactions (116)

URL IP Response Size

www.amdahost.com/media/logo.png

172.67.183.69

200 OK

26 kB

URL GET HTTP/3
www.amdahost.com/media/logo.png
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 382 x 70, 8-bit/color RGBA, non-interlaced
Size
26 kB (25625 bytes)
Hash
9c5c0fe1ed466c1a4801524b31777955
eb7bfae0af480eae554a937a9f64e96a0a4f734a
62b08c1489fff9fb4cf4d33857fb46d4f8298c3f74fc57f92279bdad95472640

HTTP Headers

GET /media/logo.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 02:20:05 GMT
content-type: image/png
content-length: 25625
last-modified: Fri, 15 Mar 2024 19:45:30 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 340
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oyuzPzzjgD8P%2FH0yb7jGkNcE5mbYqg48UQVD53L3qFziH%2Fk4QKs7aGoeJyICYWCk3GRa8CKoo6ctpH7z%2Fr%2BPRa7NmjnX0X5%2Bv%2BT05NLlHonXVrP4Ka1JtYu%2Bcuwz3%2Bt25rEw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f7f7ffb756cb-OSL
alt-svc: h3=":443"; ma=86400

cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css

151.101.65.229

200 OK

17 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
17 kB (16743 bytes)
Hash
373c68d52e3daa5cd7e1ae058fb6bd70
30a01afb8338555278162655e4a8e7ac57774f35
f53b0f6c14c09b5c263713876dfe7185531a3a424a91d192dfee3c5fa03493dd

HTTP Headers

GET /npm/remixicon@4.0.0/fonts/remixicon.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.0.0
x-jsd-version-type: version
etag: W/"200b1-MKAa+4M4VVJ4FiZV5KjnrFd3TzU"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 02:20:05 GMT
age: 5267095
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16743
X-Firefox-Spdy: h2

vjs.zencdn.net/8.10.0/video-js.css

151.101.130.217

200 OK

13 kB

URL GET HTTP/2
vjs.zencdn.net/8.10.0/video-js.css
IP
151.101.130.217:443
ASN
#54113 FASTLY

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGlobalSign nv-sa
Subjectvjs.zencdn.net
Fingerprint6B:3F:11:07:D7:05:FD:AF:4D:46:B4:BA:1C:8A:60:70:95:37:35:17
ValidityWed, 06 Mar 2024 21:50:11 GMT - Mon, 07 Apr 2025 21:50:10 GMT

File type
ASCII text, with very long lines (7288)
Size
13 kB (12695 bytes)
Hash
27818e70d5704691d9264fe0083c5b08
b4dffd90528e8f63d54ad3a859b749344e6e00ad
92e11fbc7753b5be23fd489ba4e09c0d62d0b8c64e466845b4534934c46c85d6

HTTP Headers

GET /8.10.0/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 17 Jan 2024 12:53:07 GMT
etag: "27818e70d5704691d9264fe0083c5b08"
x-amz-server-side-encryption: AES256
content-type: text/css
content-encoding: gzip
date: Wed, 08 May 2024 02:20:05 GMT
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 3
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 12695
X-Firefox-Spdy: h2

32879.2481april2024.com/4/js/233169

88.208.22.4

200 OK

6.6 kB

URL GET HTTP/2
32879.2481april2024.com/4/js/233169
IP
88.208.22.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subject*.2481april2024.com
FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49
ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT

File type
JavaScript source, ASCII text, with very long lines (16647), with no line terminators
Size
6.6 kB (6575 bytes)
Hash
90e3301a885cd353943057045de0e7dc
f3e70ecdfa170a5f5516fb4cd30193074c7fd609
8f0d891091ee828e4a15ba9bd2f3c6e7678147a49e8034c027e8d4658930f4c6

HTTP Headers

GET /4/js/233169 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:05 GMT
content-type: application/javascript; charset=UTF-8
content-length: 6575
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2

cdn.tailwindcss.com/3.4.3

104.22.20.144

200 OK

114 kB

URL GET HTTP/2
cdn.tailwindcss.com/3.4.3
IP
104.22.20.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (52292)
Size
114 kB (113634 bytes)
Hash
4bdcdace639cc6c0f08a15c295482172
6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31
d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c

HTTP Headers

GET /3.4.3 HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:05 GMT
content-type: text/javascript
cache-control: max-age=31536000
content-encoding: br
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::rn74h-1711569125689-ef02b3caf33b
last-modified: Wed, 27 Mar 2024 19:52:06 GMT
cf-cache-status: HIT
age: 626893
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f7f8a98eb4f4-OSL
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js

216.58.207.234

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
30 kB (30462 bytes)
Hash
2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

HTTP Headers

GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30462
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:07:52 GMT
expires: Sat, 03 May 2025 02:07:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 432734
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.amdahost.com/watch_direct.php?id=c7c3a08a8a

172.67.183.69

200 OK

27 kB

URL User Request GET HTTP/2
www.amdahost.com/watch_direct.php?id=c7c3a08a8a
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (6442), with CRLF, LF line terminators
Size
27 kB (27265 bytes)
Hash
bf2edde6087afebbb2e0224acd605a38
77aab234fdd36b27bd84c27025a2c8c80fdf2373
91b78d6fe37bad002a2396f1c756f991f7af8463face6b909fd2e0dd04ad9c1a

HTTP Headers

GET /watch_direct.php?id=c7c3a08a8a HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:05 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af; path=/; domain=.amdahost.com
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FV8FH4YUy7q8Ou%2FudRStBMcRq4H8%2B3LDL5zS51NM6fGPEjnOsPrky%2B31tsBUJCJPtpMgicWkL6iZN5Cla%2FwFaoysvJtBqbKI01dKzYb80wHieYdcPfGSR%2FlLRXd%2F1sVeeV1a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f7f43c3f1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2

216.58.207.227

200 OK

13 kB

URL GET HTTP/2
fonts.gstatic.com/s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13184, version 1.0
Size
13 kB (13184 bytes)
Hash
37b12babb3bd0f9d9587cc8ca89a19b9
49cfe5b31144493cec4f21dc63fb2f1051061b45
73351bb42cb7827d0cd08c5d5832140700139b86eb6dd9a49047017924cb3ed0

HTTP Headers

GET /s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:41:24 GMT
expires: Fri, 02 May 2025 02:41:24 GMT
cache-control: public, max-age=31536000
age: 517122
last-modified: Wed, 27 Sep 2023 15:40:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13820, version 1.0
Size
14 kB (13820 bytes)
Hash
2dd698f2699a5ef991625825011bff90
523ff9357131751e57dd78cb92b218a49a130d1d
02f5dfc0c21e92f3c724260f035833e627513a1b91230cc490a1ea756c95e5e5

HTTP Headers

GET /s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:34:50 GMT
expires: Fri, 02 May 2025 02:34:50 GMT
cache-control: public, max-age=31536000
age: 517516
last-modified: Thu, 24 Aug 2023 21:28:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

b57dqedu4.com/solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334527725341696&eclog=0&im=1

212.117.190.201

200 OK

43 B

URL POST HTTP/2
b57dqedu4.com/solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334527725341696&eclog=0&im=1
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B
ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

POST /solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334527725341696&eclog=0&im=1 HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:06 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: CHCK=1; Path=/; Expires=Wed, 11 Jun 2025 02:20:07 GMT; Secure; SameSite=None
UID=240507212035819e25a87844bfb3c7228af0; Path=/; Expires=Wed, 11 Jun 2025 02:20:07 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.183.69

302 Found

0 B

URL GET HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 08 May 2024 02:20:07 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
cache-control: max-age=300, public
access-control-allow-origin: *
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BrLgSo0311IwIxpOfEXQV4TfmcGVv2QNPi5ANO5ALubgO8DSUComQiBQuFOpLxybI5YVdM1OOLwz3rgMcGQyklah%2FH9e1pZv1VSeSfZRXwq0VfcUwmdw%2F2bnm4cRxWsbAW7u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f8014b5356cb-OSL
alt-svc: h3=":443"; ma=86400

b57dqedu4.com/get/2020088?zoneid=2020088&jp=_clpbfgwszbs6w01swh5kzg&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334527725341696&eclog=0&im=1&uf=0

212.117.190.201

200 OK

41 kB

URL GET HTTP/2
b57dqedu4.com/get/2020088?zoneid=2020088&jp=_clpbfgwszbs6w01swh5kzg&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334527725341696&eclog=0&im=1&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B
ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
gzip compressed data, from Unix
Size
41 kB (41399 bytes)
Hash
da4f692516e9cac34f121225bc171532
996b096b8dbe8c98b8b29bf4b25ebfca533f46dc
5a1f79a8c593a80424cba617664d464ba79d013fd48c6417f4c6fac5c2900e9d

HTTP Headers

GET /get/2020088?zoneid=2020088&jp=_clpbfgwszbs6w01swh5kzg&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334527725341696&eclog=0&im=1&uf=0 HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:06 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Wed, 11 Jun 2025 02:20:07 GMT; Secure; SameSite=None
UID=24050721203674673dfeed493b9ffda0fedd; Path=/; Expires=Wed, 11 Jun 2025 02:20:07 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/082/d6d/41f/082d6d41f9bd3220a660f2a4108986b2b367f0e4.png

172.67.25.161

200 OK

43 kB

URL GET HTTP/2
cdn.pncloudfl.com/pn/082/d6d/41f/082d6d41f9bd3220a660f2a4108986b2b367f0e4.png
IP
172.67.25.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectcdn.pncloudfl.com
Fingerprint50:5F:A0:91:53:C9:C9:E3:5D:EA:53:42:E8:5B:81:FB:DE:7B:1E:2C
ValiditySun, 28 Apr 2024 04:53:51 GMT - Sat, 27 Jul 2024 04:53:50 GMT

File type
RIFF (little-endian) data, Web/P image
Size
43 kB (42912 bytes)
Hash
bec3572ed077c92240ef0dd7dc17231d
e278cd647e65b5f04ba1d582d05f76d5dfafd125
eb304641419d09e779018fe3bf31596d3ed3ad0d4ab05c716ce626152aa417ec

HTTP Headers

GET /pn/082/d6d/41f/082d6d41f9bd3220a660f2a4108986b2b367f0e4.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: image/webp
content-length: 42912
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=66221
content-disposition: inline; filename="082d6d41f9bd3220a660f2a4108986b2b367f0e4.webp"
etag: 20c64ca88091db62ea69001a7382f005
expires: Fri, 10 May 2024 00:45:35 GMT
last-modified: Mon, 23 Dec 2019 08:43:03 GMT
vary: Accept
x-openstack-request-id: tx9d94ab9f187b4137bb135-0061b079d0
x-proxy-cache: HIT
x-timestamp: 1577090582.49776
x-trans-id: tx9d94ab9f187b4137bb135-0061b079d0
cf-cache-status: HIT
age: 5672
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 8805f8029d7b0b3d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/60e/2ff/94b/60e2ff94b54c66aa2f634b00630b994c2fe7936d.gif

172.67.25.161

200 OK

143 kB

URL GET HTTP/2
cdn.pncloudfl.com/pn/60e/2ff/94b/60e2ff94b54c66aa2f634b00630b994c2fe7936d.gif
IP
172.67.25.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectcdn.pncloudfl.com
Fingerprint50:5F:A0:91:53:C9:C9:E3:5D:EA:53:42:E8:5B:81:FB:DE:7B:1E:2C
ValiditySun, 28 Apr 2024 04:53:51 GMT - Sat, 27 Jul 2024 04:53:50 GMT

File type
RIFF (little-endian) data, Web/P image
Size
143 kB (142898 bytes)
Hash
a3ef7f4652e064704fb9063bd2c44761
f83f6204fcc6dd4d51a6f737641961ca5a7ce1b3
ee156c275bc22e471034353c9756885a303aed35c194098a42e017d07b0d40a8

HTTP Headers

GET /pn/60e/2ff/94b/60e2ff94b54c66aa2f634b00630b994c2fe7936d.gif HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: image/webp
content-length: 142898
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=gif, origSize=367393
content-disposition: inline; filename="60e2ff94b54c66aa2f634b00630b994c2fe7936d.webp"
etag: 9fb78950119432648d8d5fb853c3eba4
expires: Fri, 10 May 2024 00:45:22 GMT
last-modified: Tue, 02 May 2023 12:11:05 GMT
vary: Accept
x-openstack-request-id: tx607d5e6bd8c04629a2dab-0064ad512f
x-proxy-cache: HIT
x-timestamp: 1683029464.37580
x-trans-id: tx607d5e6bd8c04629a2dab-0064ad512f
cf-cache-status: HIT
age: 5685
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 8805f802bd830b3d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.amdahost.com/media/apple-touch-icon.png

172.67.183.69

200 OK

40 kB

URL GET HTTP/3
www.amdahost.com/media/apple-touch-icon.png
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
40 kB (40332 bytes)
Hash
3a0b8d799ca52ea360286be206ff8fb3
2dc98f04f62990a7ab58494b8cc4c9d34f88d82b
a18a7554000483027f4297e642dd6ffa175ee4028844be6e7888cd31c165972d

HTTP Headers

GET /media/apple-touch-icon.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: image/png
content-length: 40332
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2810
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EGMeRW2H9nndwcaSl3vOg09HGGHbwZL8WWm%2BUHY7Ls%2BMby4bQ1T4aBAHIac39QjAjnMzNVvnGHA0h8KzAGdec3FT2Qt9ZZYwuvbn8YOExjtsuvemd%2BLbcDUBIq3qJHXvOP61"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f8043c7c56cb-OSL
alt-svc: h3=":443"; ma=86400

www.amdahost.com/media/favicon-16x16.png

172.67.183.69

200 OK

936 B

URL GET HTTP/3
www.amdahost.com/media/favicon-16x16.png
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
936 B (936 bytes)
Hash
ac0cd4d64276fa91e68993406abcd43d
c9af1132645f2bccfb9295a4e45cc95e8e78b7b6
bf852eabb9e0bbeb89b360a2dc4ccc1b86f2ffea3dfa78f0c2bb8747be598382

HTTP Headers

GET /media/favicon-16x16.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: image/png
content-length: 936
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 88
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lPca1BfjusENxrgGK8J%2BPrBTeO5EXK2PaTzH614uCvz3aw7o6Ca65kIeO%2FR%2FYIO4BXcqSUZ9IYSi6D9FVybdV%2Ff1BtNmA76854qv0TCJrWZlRZT%2FJmnTQ7a%2F54gTHb7jbbOg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f8043c7d56cb-OSL
alt-svc: h3=":443"; ma=86400

www.amdahost.com/cdn-cgi/challenge-platform/h/b/jsd/r/8805f7f43c3f1c0e

172.67.183.69

200 OK

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/h/b/jsd/r/8805f7f43c3f1c0e
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8805f7f43c3f1c0e HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12194
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=g._3Nz0ByrvIXGGQDoqna3wNVaM1lzm0sSWV8Si4zIs-1715134807-1.0.1.1-Qbv4ddqzDoxpEWZ6k5247t0bu73axx1cn33w49S_kdtJza8CNMLnWi5u0ICYA2ow4o99RZvNdGmH09C.lEEWyw; path=/; expires=Thu, 08-May-25 02:20:07 GMT; domain=.amdahost.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DUXUokXHtPHEGEROGyr%2B6wFezd1gFXd1wOi9gVAGLQxBV3%2BgumeMSZnKW0oC%2BrqnMkl6zqo0EYmHw%2FV%2B1yBT2xGgihOdNzL%2FK2gFHB4auGD%2FabCE%2FHPPvAmUINltGtPH4%2Fqf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8042c7956cb-OSL
alt-svc: h3=":443"; ma=86400

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

172.217.21.162

200 OK

0 B

URL HEAD HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
172.217.21.162:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B
ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Wed, 08 May 2024 02:20:07 GMT
expires: Wed, 08 May 2024 02:20:07 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 7176774975609922767
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51652
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.capndr.com/advertising.js

45.133.44.53

200 OK

0 B

URL GET HTTP/2
js.capndr.com/advertising.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectjs.capndr.com
Fingerprint0D:30:A1:FB:7E:A0:EC:89:85:17:27:67:37:21:DA:E0:CB:E3:26:06
ValiditySun, 21 Apr 2024 03:00:41 GMT - Sat, 20 Jul 2024 03:00:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Wed, 08 May 2024 02:25:07 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.fluidplayer.com/v3/current/fluidplayer.min.js

185.76.9.24

200 OK

99 kB

URL GET HTTP/2
cdn.fluidplayer.com/v3/current/fluidplayer.min.js
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectfluidplayer.com
Fingerprint46:64:4F:F1:3B:B5:54:D2:21:6F:9B:66:05:DF:D9:AC:7D:3C:8E:D0
ValidityMon, 06 May 2024 08:37:10 GMT - Sun, 04 Aug 2024 08:37:09 GMT

File type
gzip compressed data, from Unix
Size
99 kB (98726 bytes)
Hash
b940977864dff7a21619ebbd9072a341
aeeb9a313a5f8df8c0677a5ac586677240430bbc
40419993742a6852a8e66dcc206289fd82a58b3a48d377398784d564965a2891

HTTP Headers

GET /v3/current/fluidplayer.min.js HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:06 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 13:23:13 GMT
etag: W/"65fc34c1-38ca8"
expires: Fri, 22 Mar 2024 21:42:05 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3+kAAAAwBuUwKDAH3AAAAAAwBJRPCMQH3AAAAAA
x-77-nzt-ray: af585630ef0168a356e13a6697155b04
x-accel-expires: @1715204572
x-accel-date: 1715118172
x-77-cache: HIT
x-77-age: 16634
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 16634
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

bid.mbidtg.com/tags/179977?version_name=d

45.133.44.24

200 OK

2.7 kB

URL GET HTTP/2
bid.mbidtg.com/tags/179977?version_name=d
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectbid.mbidtg.com
Fingerprint62:EA:1B:EE:02:E5:88:CC:26:72:9B:BA:BF:B3:B6:2B:67:14:74:67
ValidityWed, 01 May 2024 03:00:45 GMT - Tue, 30 Jul 2024 03:00:44 GMT

File type
data
Size
2.7 kB (2705 bytes)
Hash
5bed99d5c9dc33e506ee6afe691c854e
4f8f379c6e0f8ae029d0fa8a4e913b2a8a0867c7
85e6ea010962a1e5f2e892e87fc57e2ae2d52449748610426a5e16d8651302c1

HTTP Headers

GET /tags/179977?version_name=d HTTP/1.1
Host: bid.mbidtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: application/json
server: nginx/1.24.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.amdahost.com/videos/1714980022_a387f7b1983164bf.mp4

172.67.183.69

206 Partial Content

5.1 MB

URL GET HTTP/3
www.amdahost.com/videos/1714980022_a387f7b1983164bf.mp4
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
5.1 MB (5073701 bytes)
Hash
d8f9970d3af0f5d071a51f9c73fd83dd
27d80abc95b4e22782f619b789a7f7ac9584d091
73afac19c70cf5d3be316145e4157182f1379dd145d9628fca08fb5da691b9f3

HTTP Headers

GET /videos/1714980022_a387f7b1983164bf.mp4 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Wed, 08 May 2024 02:20:07 GMT
content-type: video/mp4
content-length: 367111875
etag: "15e1aec3-663884b6-458045b;;;"
last-modified: Mon, 06 May 2024 07:20:22 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
content-range: bytes 0-367111874/367111875
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r8i%2B2BPae7mWTSRlcOY0E60uJDR7bdFvt0k%2Bk1PEK7fHSfgRulNzxzrRUC02XcA2ioXCdq8aRle4m9Bvm2dB1my3p6XWUodYgS1Eno9ZEFVmawTP0F4DeyU7AVADquooW6jG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f8003aec56cb-OSL
alt-svc: h3=":443"; ma=86400

1202bb3601.29972123f3.com/2721bcba9600cbbb8e7c3e12932bf7a2.js

45.133.44.53

200 OK

44 kB

URL GET HTTP/2
1202bb3601.29972123f3.com/2721bcba9600cbbb8e7c3e12932bf7a2.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subject1202bb3601.29972123f3.com
Fingerprint75:6B:15:49:55:01:42:44:F7:47:B8:56:B1:92:DE:3D:8F:41:D0:21
ValiditySun, 05 May 2024 02:20:34 GMT - Sat, 03 Aug 2024 02:20:33 GMT

File type
gzip compressed data, from Unix
Size
44 kB (44211 bytes)
Hash
53ee610d86740d67889a5dc128f57c27
7e00c9a1660fa57f44a1a25858b98876c144c67b
31e6c3713c0840717ff3db5cdb603bed6ec6ec7192b19edcec982301b93d7d83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2721bcba9600cbbb8e7c3e12932bf7a2.js HTTP/1.1
Host: 1202bb3601.29972123f3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 07 May 2024 12:02:58 GMT
etag: W/"663a1872-1ab3e"
content-encoding: gzip
expires: Wed, 08 May 2024 02:25:07 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/rum?

172.67.183.69

204 No Content

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/rum?
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1082
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af; cf_clearance=g._3Nz0ByrvIXGGQDoqna3wNVaM1lzm0sSWV8Si4zIs-1715134807-1.0.1.1-Qbv4ddqzDoxpEWZ6k5247t0bu73axx1cn33w49S_kdtJza8CNMLnWi5u0ICYA2ow4o99RZvNdGmH09C.lEEWyw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Wed, 08 May 2024 02:20:09 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8805f80e383d56cb-OSL
x-frame-options: DENY
x-content-type-options: nosniff

mpougdusr.com/chicken.gif?z=2020090&pb=ee275597fdae6f8dc4785cf27148bf7e1715142007&psp=26zbXIJOhqKhsauvXGOUbHV7fcqtDPyvmOoPG_keUry9sCrCZ4azgIWdrxS2Me0QoEVmMwxOsB1bR0Ys17yx3TvBxuKARbska_imXFnbOzihJBYMuWb1liytzRGXPV3vXhPe0Gwl_cTTMFPDEq7V5vst3_e4DK9VlIG-P6MfCtYXfcK-iSETz28RmrkRVBLH2Z1FeF8rMz4aksYeCg3CoFiFHqW-XWT22h5FPHRKpYCrfvZPRO7pieaCKhpXTLQPFsCP7ixWagDGWI3hHjcvUeTntmV_9dujfWxlYv3yHx5h6XU3e16QBFcPgMXPDbaJGBIqvpeZ3mv44tk2lbiHQZ5CTzHPGO9mq_zfKseb8nFE0nkXugUw4b0Z12YLV1eusEa9cPFRVr2mRFs5Thhd3ByBgnocRXJq5qVvTTunEd9a4KTYA23a7cB8WR5rSLhuhDEAZvIxxcc0hdhXkPb5_ACYBASLOcLSkN8DCSEbtHB-HcruE7I5gUR27sYFj8sTY54ahsoRX3rWoe9CsLJKvMLLhbNmavz5CApw_e7RKdPN58I8WFDmlZf4B3Hoz93XFIiEm8KxHBUMqhUY4odir_M1wlETY8metJpLe0LR_bf2D1tSJyf2Aa0xtYO8rEQwrbuCYR0R_46M7jb-yrP4kFi-8DYBwHGz1s3KIsh7aRZI1nUPO08o2TtfvWMJH02Ott8-fYIHWsYRFF70v5KIGrT4h8ORVhYzG8VTOpe7WAonLbgIDkRuvh8-jqixbQW6oBDFboTz395H82p-GzDAJneeHir2IRW_cqJK4KL8QuBKGloOHG7tvnEAm4ZSw_vpWTtZxLocoopBOyLld_0vmafif5fg9xPWNM4caSVNRo7TqpE_8QDwdeQW93YT_qPD9gHgGGI4s7tTV6UjufjF9eehx7FgoYG2fHCmtkaxhYgkIBg4M_qfGk133q5EZ9BlPTT7eDb1uaCVnF2BbudlJl28NOcgnZnGzRphO0OLqhtSFRzvuCktwSB-IQ63TaFypumNkVYB2iEA4oV8Rn4C5_HtgQ0r-R3JLibXx5XQWa4uC0jAlUHPvvyI1f0WZU3MnzcG113Jb4bSHZbuImq3j1FbcnTCFrAYpG9N0Pux-OvpNKQ0oLNJGPT3YqWmVMIrsToxEVOCeN77_PulSp0Oi2v0XFuoGKs4DfDsVq_0n05MU7RZKl0c3j-wPmVOM7PiCYu4ex-G5-4YsXB9MWY1e2m_q4EGsbj-u8tK9Cl-LtHtyJD7r_G81BLiqYxk68DxrB7DL9czyICeGg0tZYE_utuV-GxqoyIZq-hXAgJjm181tCUfYaCSRE5DXymGlL1alpAlW6aDwTLzxFaFCzZKinOULXw8NDnh709NN2Tw91fddGEy_zd4rH41GGka7sd_d_00GCo2vQv8mdTKl_DtkP_RXWs6m7I49-LQlL8Ix3CMDxNx36S_lAqcTWplcEnHH8tLzauhZPARmrBIiVI1OGchp8xatUS_kEHEB5yiiTDgcwr9hsGHdNwZ8mhL7Urm2K-ZCug4hQEfz6PP0T8AtbpzsdhnFdt5OjpS_uYyUh2kuTT_eM73iOTrXXDwOWJE7VgZs11QP86ajoLs2UsYCHb2_vKpNru9O-zkgPf0IIlK4OmGEC2pRday232yrhASaV9-Nbr0NiTffM9TrE37qHwGsIYHvRCpcae6fqJxhlfRDHliMkqF39ECg61orJDaZYLmjcVQITQF-ak-C-7e0Fi9IYR_MkOuPjIAIzKNB5xw7RzyoKjDLDWOlZ8sbLE49GUt2IKI5sXSlYVNEDSh2IaZUpaAZ4VTRcJwnLLQ2meDAE6yCf8dyam2whuA9bdCdRoHXdBE0vgM66JrXRuy6q1PaW4g3ir-CFSGTvHZDFZSOAKXC_PazxnrhwmqKPak_vZ9MhytNN71DQP81itkGnNnrE5t19W4ofXl4jy-cO1-xQVOHYJGiK95TOZPvCTlICXQyufqINiDz4r6mE1t8cscjIlxXGWScmV7DJcab5K8mQN-2OiET9H4hHtV0uETs1r4OGTXdxRf3_qslBCglesvyh7-vG5b43GujlNb5Yi8ZQy83zqdecwcre_i7HmUzBJIoJLuKLmBV0SbUFAo092TzMJmlf0mpvXdgaZMic5zA_qaD6NEywWbnZVebVODQlFZXosuoPdrXvjoR8RYMEAc5EKGIuQ-rEDy02W4pAqfcUNYDvE-iHDyzk9oAShyCZ68XLpx-ndyxWLoo1oy-s_62OJxfxi33peHzpHxoF_jG3V39ckiRrbl9kQ3h0Ts6WOqdDDaileG6Yw_wf8jlPEXKarXtpHsCMvYkiG_jf-7DizK9nAzFde6GNoR4x7KL00Wxkgk-QER4BaX-IsQuLpLdqlkc0mpOKba6lVurqBtF9cW8nmWfYXXeoZ4NL4CxhXkZda28pOxvcVcYmKvJbZndAJPnMe4raJArijKpLptBfYhVdSs0-UipwXA_eqWr2W4N0QGkTDB8qmzSQv2cvZXIp59hDSxjRfNT5PxHSyJr0pA_AkFpDs79HCTIIMy9OmWtIO-qOHEmTdH8epAxBQmVTpBv7qmZupKWOHm7C0bI3CPprMFLbKYKOhiFH8mnC4L14UCgT_OGVvHKWTZ7CXH2glEz7nNOlpDSI-k_QwrlkNunmJnYhgjmloEzChp4Fvd9U24Nzn23wvK9T-qBNkYSXcDj9F42ud0E2atGq9oZpAFaWSlY966D4ChS9MLW2EBaABdkKL7yYM6FJ3D4bHadBvex4Erse5CNqpJCK-z-l5Rr0LN4e_1IJFiw8kVGdL6j2FdhGg3L20GoKofiEBM0v4ucxbw3o4rIi6h7MS450oeDOuFEi1n9ok0MNE4Kfe2huQU65s1AXZnOThHqmo0PwOucoMUuuWkQU_5-kp-HUJbXRZWyQbbrhe6fTlF6YeUCzJJfKyMRv0YN5mh9y22S3GoAKoIbuDxcngz-k2ct4Ytx6J8bqDEqj3BxoIeeVRCvF-Q35ssw3odQWKlw8G3k87kQgO6haKc8ArVsFLp_JAlK4D13IHITTPwh3vgWi8vbJuKZjqUDEUhYzD-ZY01911ZdVejIcBdD2I1WhcgVWqaM91_U2K4Y8ZRTaHP3tw9CjA8J04PWwSzVAJOOAuo-pi54kJ7HOc5x5fqdz5QKmajHcYmgvxFkwx8foGDx6hJX7s7y_kwynzhQqHhpWqrYJMekogWI1qkPWszEjJ-8gSo1XRlP3H67jpBcZk8DG5LnsHX5gwa_u9nxQnVJaCxmdXIAaDHDS2dL0PMBtwjd2X_dNIjaMelBwTo59gKLlHVHG9KnUbydYLMTzwy2UC0jKIig0WYMqtn-TGWLegLQXnuzdAO1z_g-ThM9wPhNq3H5BgDTQ63tsyRX9lY_eZ7nkecTKkMSwuitRHm_lZ_RcHVnd0lvVXz_qZkJXMGkINtXAR4kmGqNyu5PDTxXSbvgUvpYH0BhElbDlJGnJGEwmSClvN6HFoL65SOcF6qpbZqoP8xbIu3HDLw-nbFAzvh-mjO8rFkp6FIjcI6aeroWZB35Tv8k4l8iU3cWum2zr9bFO4G0WNLzBKtu3vH31iAwa-VPri87L1fP_yfoHvFlu3V5rEzq2f9uBrfjy7gBkTBmmOGrcBmTsge43XoXP30njvbbGl7XSeTLZS3zlckkBwDnyVO-HW74pz_MvvybHjVKlj46Xv8RSg3_kH6N3V7qqXJQTy-dJUdkakGNzRC1Bh2fbY7W-IYcTFWLZt_aBVvnuSKvj_WP7uxhAkksCsOTV1Cs3bKpoRCApE_aSjbqvpM6JnIKRddZy9yFMnfjU0IuWCkQ6CcjgpjU_AghgR_LvGzkx-mTtFf77gAIdrMls2Vh5pamfXh5LXwQrIGzd_fjaHVhPkTnhFIWWAkr6jQvzo5nKPUb1djemtoiTcdfobN1OtrvseR7HcwvXeNrnHi_OnZOP_HCiLYSaV8TMCN6Cbp-0BksCuf0UaVWCiae8xqN7HP4Sf4whWWYhjRDBC6FYe01CDE6OVdxERO_RoTnGYIzkwlXa0yqFuzYaLw7b27HDpxxNSUoN1cEIA6inykrtEqBuMr83py2Q==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5178952655559168&eclog=0&im=1

212.117.190.201

200 OK

43 B

URL GET HTTP/2
mpougdusr.com/chicken.gif?z=2020090&pb=ee275597fdae6f8dc4785cf27148bf7e1715142007&psp=26zbXIJOhqKhsauvXGOUbHV7fcqtDPyvmOoPG_keUry9sCrCZ4azgIWdrxS2Me0QoEVmMwxOsB1bR0Ys17yx3TvBxuKARbska_imXFnbOzihJBYMuWb1liytzRGXPV3vXhPe0Gwl_cTTMFPDEq7V5vst3_e4DK9VlIG-P6MfCtYXfcK-iSETz28RmrkRVBLH2Z1FeF8rMz4aksYeCg3CoFiFHqW-XWT22h5FPHRKpYCrfvZPRO7pieaCKhpXTLQPFsCP7ixWagDGWI3hHjcvUeTntmV_9dujfWxlYv3yHx5h6XU3e16QBFcPgMXPDbaJGBIqvpeZ3mv44tk2lbiHQZ5CTzHPGO9mq_zfKseb8nFE0nkXugUw4b0Z12YLV1eusEa9cPFRVr2mRFs5Thhd3ByBgnocRXJq5qVvTTunEd9a4KTYA23a7cB8WR5rSLhuhDEAZvIxxcc0hdhXkPb5_ACYBASLOcLSkN8DCSEbtHB-HcruE7I5gUR27sYFj8sTY54ahsoRX3rWoe9CsLJKvMLLhbNmavz5CApw_e7RKdPN58I8WFDmlZf4B3Hoz93XFIiEm8KxHBUMqhUY4odir_M1wlETY8metJpLe0LR_bf2D1tSJyf2Aa0xtYO8rEQwrbuCYR0R_46M7jb-yrP4kFi-8DYBwHGz1s3KIsh7aRZI1nUPO08o2TtfvWMJH02Ott8-fYIHWsYRFF70v5KIGrT4h8ORVhYzG8VTOpe7WAonLbgIDkRuvh8-jqixbQW6oBDFboTz395H82p-GzDAJneeHir2IRW_cqJK4KL8QuBKGloOHG7tvnEAm4ZSw_vpWTtZxLocoopBOyLld_0vmafif5fg9xPWNM4caSVNRo7TqpE_8QDwdeQW93YT_qPD9gHgGGI4s7tTV6UjufjF9eehx7FgoYG2fHCmtkaxhYgkIBg4M_qfGk133q5EZ9BlPTT7eDb1uaCVnF2BbudlJl28NOcgnZnGzRphO0OLqhtSFRzvuCktwSB-IQ63TaFypumNkVYB2iEA4oV8Rn4C5_HtgQ0r-R3JLibXx5XQWa4uC0jAlUHPvvyI1f0WZU3MnzcG113Jb4bSHZbuImq3j1FbcnTCFrAYpG9N0Pux-OvpNKQ0oLNJGPT3YqWmVMIrsToxEVOCeN77_PulSp0Oi2v0XFuoGKs4DfDsVq_0n05MU7RZKl0c3j-wPmVOM7PiCYu4ex-G5-4YsXB9MWY1e2m_q4EGsbj-u8tK9Cl-LtHtyJD7r_G81BLiqYxk68DxrB7DL9czyICeGg0tZYE_utuV-GxqoyIZq-hXAgJjm181tCUfYaCSRE5DXymGlL1alpAlW6aDwTLzxFaFCzZKinOULXw8NDnh709NN2Tw91fddGEy_zd4rH41GGka7sd_d_00GCo2vQv8mdTKl_DtkP_RXWs6m7I49-LQlL8Ix3CMDxNx36S_lAqcTWplcEnHH8tLzauhZPARmrBIiVI1OGchp8xatUS_kEHEB5yiiTDgcwr9hsGHdNwZ8mhL7Urm2K-ZCug4hQEfz6PP0T8AtbpzsdhnFdt5OjpS_uYyUh2kuTT_eM73iOTrXXDwOWJE7VgZs11QP86ajoLs2UsYCHb2_vKpNru9O-zkgPf0IIlK4OmGEC2pRday232yrhASaV9-Nbr0NiTffM9TrE37qHwGsIYHvRCpcae6fqJxhlfRDHliMkqF39ECg61orJDaZYLmjcVQITQF-ak-C-7e0Fi9IYR_MkOuPjIAIzKNB5xw7RzyoKjDLDWOlZ8sbLE49GUt2IKI5sXSlYVNEDSh2IaZUpaAZ4VTRcJwnLLQ2meDAE6yCf8dyam2whuA9bdCdRoHXdBE0vgM66JrXRuy6q1PaW4g3ir-CFSGTvHZDFZSOAKXC_PazxnrhwmqKPak_vZ9MhytNN71DQP81itkGnNnrE5t19W4ofXl4jy-cO1-xQVOHYJGiK95TOZPvCTlICXQyufqINiDz4r6mE1t8cscjIlxXGWScmV7DJcab5K8mQN-2OiET9H4hHtV0uETs1r4OGTXdxRf3_qslBCglesvyh7-vG5b43GujlNb5Yi8ZQy83zqdecwcre_i7HmUzBJIoJLuKLmBV0SbUFAo092TzMJmlf0mpvXdgaZMic5zA_qaD6NEywWbnZVebVODQlFZXosuoPdrXvjoR8RYMEAc5EKGIuQ-rEDy02W4pAqfcUNYDvE-iHDyzk9oAShyCZ68XLpx-ndyxWLoo1oy-s_62OJxfxi33peHzpHxoF_jG3V39ckiRrbl9kQ3h0Ts6WOqdDDaileG6Yw_wf8jlPEXKarXtpHsCMvYkiG_jf-7DizK9nAzFde6GNoR4x7KL00Wxkgk-QER4BaX-IsQuLpLdqlkc0mpOKba6lVurqBtF9cW8nmWfYXXeoZ4NL4CxhXkZda28pOxvcVcYmKvJbZndAJPnMe4raJArijKpLptBfYhVdSs0-UipwXA_eqWr2W4N0QGkTDB8qmzSQv2cvZXIp59hDSxjRfNT5PxHSyJr0pA_AkFpDs79HCTIIMy9OmWtIO-qOHEmTdH8epAxBQmVTpBv7qmZupKWOHm7C0bI3CPprMFLbKYKOhiFH8mnC4L14UCgT_OGVvHKWTZ7CXH2glEz7nNOlpDSI-k_QwrlkNunmJnYhgjmloEzChp4Fvd9U24Nzn23wvK9T-qBNkYSXcDj9F42ud0E2atGq9oZpAFaWSlY966D4ChS9MLW2EBaABdkKL7yYM6FJ3D4bHadBvex4Erse5CNqpJCK-z-l5Rr0LN4e_1IJFiw8kVGdL6j2FdhGg3L20GoKofiEBM0v4ucxbw3o4rIi6h7MS450oeDOuFEi1n9ok0MNE4Kfe2huQU65s1AXZnOThHqmo0PwOucoMUuuWkQU_5-kp-HUJbXRZWyQbbrhe6fTlF6YeUCzJJfKyMRv0YN5mh9y22S3GoAKoIbuDxcngz-k2ct4Ytx6J8bqDEqj3BxoIeeVRCvF-Q35ssw3odQWKlw8G3k87kQgO6haKc8ArVsFLp_JAlK4D13IHITTPwh3vgWi8vbJuKZjqUDEUhYzD-ZY01911ZdVejIcBdD2I1WhcgVWqaM91_U2K4Y8ZRTaHP3tw9CjA8J04PWwSzVAJOOAuo-pi54kJ7HOc5x5fqdz5QKmajHcYmgvxFkwx8foGDx6hJX7s7y_kwynzhQqHhpWqrYJMekogWI1qkPWszEjJ-8gSo1XRlP3H67jpBcZk8DG5LnsHX5gwa_u9nxQnVJaCxmdXIAaDHDS2dL0PMBtwjd2X_dNIjaMelBwTo59gKLlHVHG9KnUbydYLMTzwy2UC0jKIig0WYMqtn-TGWLegLQXnuzdAO1z_g-ThM9wPhNq3H5BgDTQ63tsyRX9lY_eZ7nkecTKkMSwuitRHm_lZ_RcHVnd0lvVXz_qZkJXMGkINtXAR4kmGqNyu5PDTxXSbvgUvpYH0BhElbDlJGnJGEwmSClvN6HFoL65SOcF6qpbZqoP8xbIu3HDLw-nbFAzvh-mjO8rFkp6FIjcI6aeroWZB35Tv8k4l8iU3cWum2zr9bFO4G0WNLzBKtu3vH31iAwa-VPri87L1fP_yfoHvFlu3V5rEzq2f9uBrfjy7gBkTBmmOGrcBmTsge43XoXP30njvbbGl7XSeTLZS3zlckkBwDnyVO-HW74pz_MvvybHjVKlj46Xv8RSg3_kH6N3V7qqXJQTy-dJUdkakGNzRC1Bh2fbY7W-IYcTFWLZt_aBVvnuSKvj_WP7uxhAkksCsOTV1Cs3bKpoRCApE_aSjbqvpM6JnIKRddZy9yFMnfjU0IuWCkQ6CcjgpjU_AghgR_LvGzkx-mTtFf77gAIdrMls2Vh5pamfXh5LXwQrIGzd_fjaHVhPkTnhFIWWAkr6jQvzo5nKPUb1djemtoiTcdfobN1OtrvseR7HcwvXeNrnHi_OnZOP_HCiLYSaV8TMCN6Cbp-0BksCuf0UaVWCiae8xqN7HP4Sf4whWWYhjRDBC6FYe01CDE6OVdxERO_RoTnGYIzkwlXa0yqFuzYaLw7b27HDpxxNSUoN1cEIA6inykrtEqBuMr83py2Q==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5178952655559168&eclog=0&im=1
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66
ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

GET /chicken.gif?z=2020090&pb=ee275597fdae6f8dc4785cf27148bf7e1715142007&psp=26zbXIJOhqKhsauvXGOUbHV7fcqtDPyvmOoPG_keUry9sCrCZ4azgIWdrxS2Me0QoEVmMwxOsB1bR0Ys17yx3TvBxuKARbska_imXFnbOzihJBYMuWb1liytzRGXPV3vXhPe0Gwl_cTTMFPDEq7V5vst3_e4DK9VlIG-P6MfCtYXfcK-iSETz28RmrkRVBLH2Z1FeF8rMz4aksYeCg3CoFiFHqW-XWT22h5FPHRKpYCrfvZPRO7pieaCKhpXTLQPFsCP7ixWagDGWI3hHjcvUeTntmV_9dujfWxlYv3yHx5h6XU3e16QBFcPgMXPDbaJGBIqvpeZ3mv44tk2lbiHQZ5CTzHPGO9mq_zfKseb8nFE0nkXugUw4b0Z12YLV1eusEa9cPFRVr2mRFs5Thhd3ByBgnocRXJq5qVvTTunEd9a4KTYA23a7cB8WR5rSLhuhDEAZvIxxcc0hdhXkPb5_ACYBASLOcLSkN8DCSEbtHB-HcruE7I5gUR27sYFj8sTY54ahsoRX3rWoe9CsLJKvMLLhbNmavz5CApw_e7RKdPN58I8WFDmlZf4B3Hoz93XFIiEm8KxHBUMqhUY4odir_M1wlETY8metJpLe0LR_bf2D1tSJyf2Aa0xtYO8rEQwrbuCYR0R_46M7jb-yrP4kFi-8DYBwHGz1s3KIsh7aRZI1nUPO08o2TtfvWMJH02Ott8-fYIHWsYRFF70v5KIGrT4h8ORVhYzG8VTOpe7WAonLbgIDkRuvh8-jqixbQW6oBDFboTz395H82p-GzDAJneeHir2IRW_cqJK4KL8QuBKGloOHG7tvnEAm4ZSw_vpWTtZxLocoopBOyLld_0vmafif5fg9xPWNM4caSVNRo7TqpE_8QDwdeQW93YT_qPD9gHgGGI4s7tTV6UjufjF9eehx7FgoYG2fHCmtkaxhYgkIBg4M_qfGk133q5EZ9BlPTT7eDb1uaCVnF2BbudlJl28NOcgnZnGzRphO0OLqhtSFRzvuCktwSB-IQ63TaFypumNkVYB2iEA4oV8Rn4C5_HtgQ0r-R3JLibXx5XQWa4uC0jAlUHPvvyI1f0WZU3MnzcG113Jb4bSHZbuImq3j1FbcnTCFrAYpG9N0Pux-OvpNKQ0oLNJGPT3YqWmVMIrsToxEVOCeN77_PulSp0Oi2v0XFuoGKs4DfDsVq_0n05MU7RZKl0c3j-wPmVOM7PiCYu4ex-G5-4YsXB9MWY1e2m_q4EGsbj-u8tK9Cl-LtHtyJD7r_G81BLiqYxk68DxrB7DL9czyICeGg0tZYE_utuV-GxqoyIZq-hXAgJjm181tCUfYaCSRE5DXymGlL1alpAlW6aDwTLzxFaFCzZKinOULXw8NDnh709NN2Tw91fddGEy_zd4rH41GGka7sd_d_00GCo2vQv8mdTKl_DtkP_RXWs6m7I49-LQlL8Ix3CMDxNx36S_lAqcTWplcEnHH8tLzauhZPARmrBIiVI1OGchp8xatUS_kEHEB5yiiTDgcwr9hsGHdNwZ8mhL7Urm2K-ZCug4hQEfz6PP0T8AtbpzsdhnFdt5OjpS_uYyUh2kuTT_eM73iOTrXXDwOWJE7VgZs11QP86ajoLs2UsYCHb2_vKpNru9O-zkgPf0IIlK4OmGEC2pRday232yrhASaV9-Nbr0NiTffM9TrE37qHwGsIYHvRCpcae6fqJxhlfRDHliMkqF39ECg61orJDaZYLmjcVQITQF-ak-C-7e0Fi9IYR_MkOuPjIAIzKNB5xw7RzyoKjDLDWOlZ8sbLE49GUt2IKI5sXSlYVNEDSh2IaZUpaAZ4VTRcJwnLLQ2meDAE6yCf8dyam2whuA9bdCdRoHXdBE0vgM66JrXRuy6q1PaW4g3ir-CFSGTvHZDFZSOAKXC_PazxnrhwmqKPak_vZ9MhytNN71DQP81itkGnNnrE5t19W4ofXl4jy-cO1-xQVOHYJGiK95TOZPvCTlICXQyufqINiDz4r6mE1t8cscjIlxXGWScmV7DJcab5K8mQN-2OiET9H4hHtV0uETs1r4OGTXdxRf3_qslBCglesvyh7-vG5b43GujlNb5Yi8ZQy83zqdecwcre_i7HmUzBJIoJLuKLmBV0SbUFAo092TzMJmlf0mpvXdgaZMic5zA_qaD6NEywWbnZVebVODQlFZXosuoPdrXvjoR8RYMEAc5EKGIuQ-rEDy02W4pAqfcUNYDvE-iHDyzk9oAShyCZ68XLpx-ndyxWLoo1oy-s_62OJxfxi33peHzpHxoF_jG3V39ckiRrbl9kQ3h0Ts6WOqdDDaileG6Yw_wf8jlPEXKarXtpHsCMvYkiG_jf-7DizK9nAzFde6GNoR4x7KL00Wxkgk-QER4BaX-IsQuLpLdqlkc0mpOKba6lVurqBtF9cW8nmWfYXXeoZ4NL4CxhXkZda28pOxvcVcYmKvJbZndAJPnMe4raJArijKpLptBfYhVdSs0-UipwXA_eqWr2W4N0QGkTDB8qmzSQv2cvZXIp59hDSxjRfNT5PxHSyJr0pA_AkFpDs79HCTIIMy9OmWtIO-qOHEmTdH8epAxBQmVTpBv7qmZupKWOHm7C0bI3CPprMFLbKYKOhiFH8mnC4L14UCgT_OGVvHKWTZ7CXH2glEz7nNOlpDSI-k_QwrlkNunmJnYhgjmloEzChp4Fvd9U24Nzn23wvK9T-qBNkYSXcDj9F42ud0E2atGq9oZpAFaWSlY966D4ChS9MLW2EBaABdkKL7yYM6FJ3D4bHadBvex4Erse5CNqpJCK-z-l5Rr0LN4e_1IJFiw8kVGdL6j2FdhGg3L20GoKofiEBM0v4ucxbw3o4rIi6h7MS450oeDOuFEi1n9ok0MNE4Kfe2huQU65s1AXZnOThHqmo0PwOucoMUuuWkQU_5-kp-HUJbXRZWyQbbrhe6fTlF6YeUCzJJfKyMRv0YN5mh9y22S3GoAKoIbuDxcngz-k2ct4Ytx6J8bqDEqj3BxoIeeVRCvF-Q35ssw3odQWKlw8G3k87kQgO6haKc8ArVsFLp_JAlK4D13IHITTPwh3vgWi8vbJuKZjqUDEUhYzD-ZY01911ZdVejIcBdD2I1WhcgVWqaM91_U2K4Y8ZRTaHP3tw9CjA8J04PWwSzVAJOOAuo-pi54kJ7HOc5x5fqdz5QKmajHcYmgvxFkwx8foGDx6hJX7s7y_kwynzhQqHhpWqrYJMekogWI1qkPWszEjJ-8gSo1XRlP3H67jpBcZk8DG5LnsHX5gwa_u9nxQnVJaCxmdXIAaDHDS2dL0PMBtwjd2X_dNIjaMelBwTo59gKLlHVHG9KnUbydYLMTzwy2UC0jKIig0WYMqtn-TGWLegLQXnuzdAO1z_g-ThM9wPhNq3H5BgDTQ63tsyRX9lY_eZ7nkecTKkMSwuitRHm_lZ_RcHVnd0lvVXz_qZkJXMGkINtXAR4kmGqNyu5PDTxXSbvgUvpYH0BhElbDlJGnJGEwmSClvN6HFoL65SOcF6qpbZqoP8xbIu3HDLw-nbFAzvh-mjO8rFkp6FIjcI6aeroWZB35Tv8k4l8iU3cWum2zr9bFO4G0WNLzBKtu3vH31iAwa-VPri87L1fP_yfoHvFlu3V5rEzq2f9uBrfjy7gBkTBmmOGrcBmTsge43XoXP30njvbbGl7XSeTLZS3zlckkBwDnyVO-HW74pz_MvvybHjVKlj46Xv8RSg3_kH6N3V7qqXJQTy-dJUdkakGNzRC1Bh2fbY7W-IYcTFWLZt_aBVvnuSKvj_WP7uxhAkksCsOTV1Cs3bKpoRCApE_aSjbqvpM6JnIKRddZy9yFMnfjU0IuWCkQ6CcjgpjU_AghgR_LvGzkx-mTtFf77gAIdrMls2Vh5pamfXh5LXwQrIGzd_fjaHVhPkTnhFIWWAkr6jQvzo5nKPUb1djemtoiTcdfobN1OtrvseR7HcwvXeNrnHi_OnZOP_HCiLYSaV8TMCN6Cbp-0BksCuf0UaVWCiae8xqN7HP4Sf4whWWYhjRDBC6FYe01CDE6OVdxERO_RoTnGYIzkwlXa0yqFuzYaLw7b27HDpxxNSUoN1cEIA6inykrtEqBuMr83py2Q==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5178952655559168&eclog=0&im=1 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2405072120d964e35ea4144f41a4777ab073
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:09 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACl2VgAAAAAAAAAB; Path=/; Expires=Fri, 07 Jun 2024 02:20:09 GMT; Secure; SameSite=None
OACIBLOCK=ACl2VgAAAABmOtyg; Path=/; Expires=Fri, 07 Jun 2024 02:20:09 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

104.16.80.73

200 OK

7.1 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
gzip compressed data, from Unix
Size
7.1 kB (7078 bytes)
Hash
663fc6e352e2b5bbff24cc82970eef7c
37e5ba01f10e8ccbb72a0194ab2fca7cee89534b
89d4132eaa360f086cc2261fe6927ba75d6ec965401446a1a6e77d2e9acbcee7

HTTP Headers

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:06 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Mon, 06 May 2024 19:01:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f7f9f86356be-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=161855

157.90.84.242

204 No Content

0 B

URL OPTIONS HTTP/1.1
fp.metricswpsh.com/fp?tag_id=161855
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=161855 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 08 May 2024 02:20:09 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

fp.metricswpsh.com/fp?tag_id=179977

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=179977
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 08 May 2024 02:20:09 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap

142.250.74.106

200 OK

364 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
364 B (364 bytes)
Hash
c360874f388163a72d892d9d986ee50c
33d31068b716045543955929ca98b8a073111e43
b8588b441cd046cc43fcf1541b059fb8f5d84506adf68d5f8109eb6e37263422

HTTP Headers

GET /css2?family=Poppins:wght@600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 02:20:06 GMT
date: Wed, 08 May 2024 02:20:06 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=161855

157.90.84.242

204 No Content

58 B

URL OPTIONS HTTP/1.1
fp.metricswpsh.com/fp?tag_id=161855
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=161855 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 08 May 2024 02:20:09 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=8506014702706264580; Expires=Thu, 08 May 2025 02:20:09 GMT; Secure; SameSite=None
Vary: Origin

b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js

212.117.190.201

200 OK

40 kB

URL GET HTTP/2
b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B
ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65106)
Size
40 kB (40528 bytes)
Hash
5c1245ce45f7e0a8ff772bf695857a27
fad29ae9877616251044562b679427d9450199f7
9eee888953ac3827e3a1951d646e67fd6c34a47c7f4ff861c8b875218889513b

HTTP Headers

GET /t/9/fret/meow4/2020088/0d68ddef.js HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:06 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-1a022"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=5f2cd5c6-38c6-438a-8d81-d3e3758efbcc&subid=14364679&spot_id=560192&created_at=2024-05-08&timezone=0&ver=1.141.0

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=5f2cd5c6-38c6-438a-8d81-d3e3758efbcc&subid=14364679&spot_id=560192&created_at=2024-05-08&timezone=0&ver=1.141.0
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=5f2cd5c6-38c6-438a-8d81-d3e3758efbcc&subid=14364679&spot_id=560192&created_at=2024-05-08&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:09 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=179977

157.90.84.242

200 OK

58 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=179977
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 08 May 2024 02:20:09 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=15144469824399726452; Expires=Thu, 08 May 2025 02:20:09 GMT; Secure; SameSite=None
Vary: Origin

82c39cef22.0a3036d0e7.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzM2ODc2NzkzOTc0Njc2MzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4xIiwidGFnX2lkIjoxNjE4NTUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC41OCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==

45.133.44.53

200 OK

0 B

URL GET HTTP/2
82c39cef22.0a3036d0e7.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzM2ODc2NzkzOTc0Njc2MzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4xIiwidGFnX2lkIjoxNjE4NTUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC41OCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subject82c39cef22.0a3036d0e7.com
FingerprintB5:63:82:89:FA:3B:23:EC:39:BF:44:83:B4:62:4A:8F:5D:11:9D:38
ValiditySun, 05 May 2024 02:50:23 GMT - Sat, 03 Aug 2024 02:50:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzM2ODc2NzkzOTc0Njc2MzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4xIiwidGFnX2lkIjoxNjE4NTUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC41OCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: 82c39cef22.0a3036d0e7.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:09 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=o7ft575140je452692623f3b9fywj863

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=o7ft575140je452692623f3b9fywj863
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
6db5485438f76c7562a545aa193dbcbb
394fda199666cf5596ad89b70f0317d208834054
8f0dbcc333b40f6b2a31ffef1fda498727672a50b10e9363f93eb8ca48167d99

HTTP Headers

GET /gid.js?userId=o7ft575140je452692623f3b9fywj863 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=o7ft575140je452692623f3b9fywj863; expires=Thu, 08 May 2025 02:20:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

mbddip.com/in/dip?site=native-push&wl=1&event_id=42540b9d-932f-4824-9e32-76fc92bb20e4&subid=1211831614&sid=860202703&spot_id=560190&created_at=2024-05-08&timezone=0&ver=8.159.0&is_native=1

157.90.84.246

200 OK

0 B

URL GET HTTP/2
mbddip.com/in/dip?site=native-push&wl=1&event_id=42540b9d-932f-4824-9e32-76fc92bb20e4&subid=1211831614&sid=860202703&spot_id=560190&created_at=2024-05-08&timezone=0&ver=8.159.0&is_native=1
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=42540b9d-932f-4824-9e32-76fc92bb20e4&subid=1211831614&sid=860202703&spot_id=560190&created_at=2024-05-08&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: mbddip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mbdippex.com/in/multy

157.90.84.246

200 OK

0 B

URL POST HTTP/2
mbdippex.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:10 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.99

471 B

URL
o.pki.goog/wr2
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5991db4ffbfc4b57b0f99a35a0e6a3d0
1b74b56ddc178de4587ef8898436cff19cc2c66b
17904ae58c5cfd605b9b96ef28a59c0b158141c0d69922267a677ff041ca24d9

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 May 2024 02:20:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

js.mbidinp.com/skins/nmain.m.js

45.133.44.52

200 OK

110 kB

URL GET HTTP/2
js.mbidinp.com/skins/nmain.m.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectjs.mbidinp.com
FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C
ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
110 kB (109944 bytes)
Hash
2902e331e5e735ad63e7510dfc434c5b
8f276d26159f74561fb370144b8cafba8bcc8bd3
26106440376cfc59241a9ef152d26483d436f1c155744bda92a41d3906e60ba2

HTTP Headers

GET /skins/nmain.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Wed, 08 May 2024 02:25:10 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

mbdippex.com/in/multy

157.90.84.246

200 OK

6.0 kB

URL POST HTTP/2
mbdippex.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
6.0 kB (5955 bytes)
Hash
b86f75040f8793914c04c4c8a179aba5
da4c2e3a26d9f5943cde062e7e6dbf2b317d9db8
48105234b2580d9c761844592017f4d54654bda21b4c5f5fbf7acd99e6a2fef2

HTTP Headers

POST /in/multy HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2246
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:10 GMT
content-type: application/json
content-length: 5955
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwewnBd3CHVY4FljwVlUifV6AY1i8blCVNSf9wdXnp1USPIbEdxV3XPuuZcegD0iZiQe8Jn2g

64.233.165.84

302 Found

428 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwewnBd3CHVY4FljwVlUifV6AY1i8blCVNSf9wdXnp1USPIbEdxV3XPuuZcegD0iZiQe8Jn2g
IP
64.233.165.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type
HTML document, ASCII text, with very long lines (406)
Size
428 B (428 bytes)
Hash
bae64861ab19bb6520eae4ed715f8845
2e914d6d465412e865eb94d24bc539b41b46ef43
1b849da8b723197e6cf22d36cd8f9f8bf26f2edee487e51f8863eab8d9bb77a6

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwewnBd3CHVY4FljwVlUifV6AY1i8blCVNSf9wdXnp1USPIbEdxV3XPuuZcegD0iZiQe8Jn2g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:5y1UpAj5ek_TMd5A3YPR98PNZzCgjA:RtrtpNH34V5NNUAi;Path=/;Expires=Fri, 08-May-2026 02:20:10 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 08 May 2024 02:20:10 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzRavSterGnAID5zfHSl7RIFh79eh_pkq1CNb3SvVQpoJVYL5d5ydvxuVZxGTHFYlB_M5zTmA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358285550%3A1715134810625203&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-X1-SRwxP4dfKb3HfaPFqOw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 428
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.99

471 B

URL
o.pki.goog/wr2
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d59e53e22f3681f080bc6a493b7508a1
50ec966f62f5efce0a5fbea8917c5c5b025eaccf
cffc1da003262cd2907f76fb611cccac521441669302d10fae3aeb0c9a81c181

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 May 2024 02:20:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

157.90.84.246

200 OK

0 B

URL GET HTTP/2
mbdippex.com/in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&refdom=www.amdahost.com&auction_time=1715134810&subid=1211831614&sid=860202703&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-08&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=36.73906512521945&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&icons=sQ1s_N_R48U28ApoeTZQjYR0f01g8UBp9rtHDbYvAJbrEvoFODDujwuDx1_Sd6tTe1BnxKzeycFmHotfE-crJ5b3kxZQBYgMAh2FTmrDNz4i6Tl7gVLNG9x9cUy5vnOfCQ2r4X2hw_qwLxzbiWkXHoGS4ZjFYO8WaXr4DwEJuQqcDBymxA&ext_cid=0&px_id=560190&min_cpm=0.09329738022515253&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=8117263191875138272&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.018588103250606648&cpm=0&verify_hash=eefb9a855616da81026a36ac08654018&is_native=4&real_bid=0.0005341350799710241&original_bid_usd=0.00268093&original_bid=0.00268093&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,27,20,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00268093&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000268093&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.06&cpa=0beb1114-f669-43f6-8cac-4883353f16f6&prev_step_diff=1094
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&refdom=www.amdahost.com&auction_time=1715134810&subid=1211831614&sid=860202703&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-08&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=36.73906512521945&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&icons=sQ1s_N_R48U28ApoeTZQjYR0f01g8UBp9rtHDbYvAJbrEvoFODDujwuDx1_Sd6tTe1BnxKzeycFmHotfE-crJ5b3kxZQBYgMAh2FTmrDNz4i6Tl7gVLNG9x9cUy5vnOfCQ2r4X2hw_qwLxzbiWkXHoGS4ZjFYO8WaXr4DwEJuQqcDBymxA&ext_cid=0&px_id=560190&min_cpm=0.09329738022515253&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=8117263191875138272&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.018588103250606648&cpm=0&verify_hash=eefb9a855616da81026a36ac08654018&is_native=4&real_bid=0.0005341350799710241&original_bid_usd=0.00268093&original_bid=0.00268093&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,27,20,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00268093&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000268093&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.06&cpa=0beb1114-f669-43f6-8cac-4883353f16f6&prev_step_diff=1094 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mbdippex.com/in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&refdom=www.amdahost.com&auction_time=1715134810&subid=1211831614&sid=860202703&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-08&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=36.73906512521945&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DQxrEUmBDdpb4NK_-VldEm9effG0D6d13J2L3NUEc4kLaFuiMj_QFo9OVL-odhixBXBfLyadEXHMRnrdKNC9vn2gfsKRWcrKfMlNqBiVlRGadGO2DQIqhpLoFtN2k2JzdI2zKJQAul7srrEY32L69qg4N-Te2BkFr6Y6PeuaL_XXlzHNy90-xUlE1Ak5ldD2cVmxSLyQPyn-_cGRZ_4yVeHkSd9X-ehiz2WfkXlbI-WJtBp8VtaDAERzTiD2qZURIClW2AzVycGAZXKm7ShQTVRwSxQ4JZZS1vQalWYF6c-u51X61PP4N7FaYE_Ku-aNUuiVMiVXR_RrI3kpEHaffFN_iCs8aboyzAWxaiJ4BLF69BoItEKpUaRErN0iXrMcAOuZrRC_WhXqylSWj2IOhMYlGYz4JUWnQGKWHS6A5aSy1djzeFGJajca8vZ88daFyqXukwCPDQGr7oxyRtr1ufPoFKqs2-dkKEJAOoqt4OuSEuKx_MHq0zdaI5F__EJfg51dcYHUMY9VVv3f-Wd8n7lfkEkrG_KiA0QCJkoVd7As34pLDCLj29KI6Njp4OQV8YokltFuaz1ED16Ww94zOOgvlzeT8JFQktiJONXvHmWI3gdtGIi4xEiNU7QO4JaxzfupHJSYKO-0q3eNG4ntjaqFOGtPxbC7LeG17FXERS8eZRJvxWZpZRJtIn31JaksJZOJ7Ku6ghMJSBSI0GboDT6D9RFqT6gmTDmUKup7-phzYbEQlOduZBHFZnX1iCF_t5O8LMOK9C5lM8X6GYGrQ7hAb6OrWrQ2HlrC6p-z663-VYmwwmRpF9reNCH-LYFt6dVSD3E6uBmadknSvGX10wQUQGn3fBQpmHZ2VLxUpoW1u-w8-KlMflZxcMK3xi1sIRdZrQuckaHf9_V2IH1OJXcdll8MKVKE3_nHdxqSlvTqgi7F3nZwJ9LaoXznLCYDyo3hbq4o2atD1s1BKDRwXUoQzIEtu2GMi7jh1YJD9z0U4FoGOn7lYGseGvngBW4sDwCkpc0DlBEYRavxxAvGyK4kqa0jd0eJ26-NAS-zKc1n28uv5iq8aXyorfY7s6QPp7rVi-2rZIyHfQI8mU8pDaVQBxV-AxxMnGXrAEGeM2mZhOy-tEe6cYpM0Uoy3YnTYgveKjujpeu_QrZuRTAvS1CSBtplBwAAReyvYXrniiKFK4iT6zN4qhFpkQdvtPjBGV1snGZBVPgNiJjE-d9imRqaiSqXZJWwDnG-FMHin4JWbUXVsT2wVGw-o8exFLp1p2EUVobw8YGuwgFrAwm-Q3l5PLHgJpd8-hDBcjBmmvqMh__4y%26bid%3D0.021892081860232598&icons=FjuqW8Vy2XBocOWch7m7Ovq3u1hLBQAiIq9Y4ZZ-cFD3An422QRQfILw6qB0CmNhsgkAxnls0XsB54og3nOqoiekRCIQgQMjeYMnL17Jw8Mnco3g5rfsXfNW4Cab75oVHc7SyOHAWsI6wdRyChEdVRqrPcDTBX56-o0bH75_jb8GQBn-YDDVi6b5a-4qmTP_4DoH5Lb-W5lbkcptmYlKCY1aX4gjPrmsMbT2gHKLA1j-nwit9GViffTuo5c8pF55avXdZ3Kaye_RyreCVQepwyERc6aJM4hncYAY80eY-UUCAUAmJJGJ-VZgSLCdJpdjMPrKCibORPy26M522L32L2mF3RgtW4bU5x9kECzacOJk-BZCq67FZT65nQDeqqvOpSr7dteH9bH_2fhpjTfz11XXvqpeZrWioAIp7HSUI7qcrbn2UxPJB9IrGIVlz6-OLKJF-GJCM6uImVTlutFpnddFWVMlnDLoKhEleGHrahYaXFwXSnIxVBMOB8t0vE22c5IqLOd95JOJrko6dI4nmTJhLcy4j3vC6asFrICz2K9lJwDwCztHIJA9yM_13Jt9NS1CHlYyBuerhsE7PzxgeLODOmmT8YRPNQnwz-hbgNTJX4MLT9JLTNhw5IsgcHqMLgOVe9ky7SshhIco2VDD6cH74DdD8BXM3-PAdbzyeuQkL9GiOQlEu_WWZiFoW5tNi_sOaUcOaS-isGDJ-Fmhi-JPovYXvK4X0kzouN-2BGtt61dq7Y1199TLnTqZyGDhG9s8v36fCQVbR92-sIcSdo7qQ5-lQAjggPK2K8Afq1SRrXjXMEWAa9vTq40jOb-NGGGH_X-7Y_SrzLcwNiHKQ7GjGYm3pzC-VDDDAgolqshwPrd59C8W3VpX5kn3r23XB6TsW2M_dn4TQMJoVtJdDjTjCgWnPCjewCggZ7vjWBFz9n_ozxAYFYI0bmleqXfaEG2A-DU9sW-PszCgNypF9vXR_0PE7I5pbgw9R0fcn2FC2Aw0SRW0cbRl4OGl6mGpZZsPaLlx4kgpxNKaWDc64qQhnGnOP8IedbLkB7_Wo-yM4_o1znpQL7e-mfm0dbke8bRYOnnJLFtmJgcbx1TjuWlJqRYRqAhEAmAGTyimCtLbCkfb0mbkblL730Q55k9-dCsFjrnZdjoqqLLkMtBsRWnP1SiXtA0I7EJZGEazswwk9MP-3t5RIfXDxUxKXRxdvlXdFIW7gnKZtCEwx7wCIOevan86rMXdK0Pjb0OLf5FhTNWB8gC8fcYn51cnu35tGEsRdSZDVvA9pf2X2Sn7FlEduerbFu2J971w27zTJE5OoDjbH5z6&ext_cid=224906&px_id=73560190&min_cpm=0.0034945246943458496&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=8117263191875138272&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.03162566010952003&cpm=0.021892081860232598&verify_hash=b31ef6355731aaf4479cab03c695f110&is_native=1&real_bid=0.02170381003139515&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=98,4,90,5,33&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715307610&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.06&cpa=dea31cbf-28db-4d10-b901-f8c74f9d7464&prev_step_diff=1094

157.90.84.246

200 OK

0 B

URL GET HTTP/2
mbdippex.com/in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&refdom=www.amdahost.com&auction_time=1715134810&subid=1211831614&sid=860202703&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-08&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=36.73906512521945&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DQxrEUmBDdpb4NK_-VldEm9effG0D6d13J2L3NUEc4kLaFuiMj_QFo9OVL-odhixBXBfLyadEXHMRnrdKNC9vn2gfsKRWcrKfMlNqBiVlRGadGO2DQIqhpLoFtN2k2JzdI2zKJQAul7srrEY32L69qg4N-Te2BkFr6Y6PeuaL_XXlzHNy90-xUlE1Ak5ldD2cVmxSLyQPyn-_cGRZ_4yVeHkSd9X-ehiz2WfkXlbI-WJtBp8VtaDAERzTiD2qZURIClW2AzVycGAZXKm7ShQTVRwSxQ4JZZS1vQalWYF6c-u51X61PP4N7FaYE_Ku-aNUuiVMiVXR_RrI3kpEHaffFN_iCs8aboyzAWxaiJ4BLF69BoItEKpUaRErN0iXrMcAOuZrRC_WhXqylSWj2IOhMYlGYz4JUWnQGKWHS6A5aSy1djzeFGJajca8vZ88daFyqXukwCPDQGr7oxyRtr1ufPoFKqs2-dkKEJAOoqt4OuSEuKx_MHq0zdaI5F__EJfg51dcYHUMY9VVv3f-Wd8n7lfkEkrG_KiA0QCJkoVd7As34pLDCLj29KI6Njp4OQV8YokltFuaz1ED16Ww94zOOgvlzeT8JFQktiJONXvHmWI3gdtGIi4xEiNU7QO4JaxzfupHJSYKO-0q3eNG4ntjaqFOGtPxbC7LeG17FXERS8eZRJvxWZpZRJtIn31JaksJZOJ7Ku6ghMJSBSI0GboDT6D9RFqT6gmTDmUKup7-phzYbEQlOduZBHFZnX1iCF_t5O8LMOK9C5lM8X6GYGrQ7hAb6OrWrQ2HlrC6p-z663-VYmwwmRpF9reNCH-LYFt6dVSD3E6uBmadknSvGX10wQUQGn3fBQpmHZ2VLxUpoW1u-w8-KlMflZxcMK3xi1sIRdZrQuckaHf9_V2IH1OJXcdll8MKVKE3_nHdxqSlvTqgi7F3nZwJ9LaoXznLCYDyo3hbq4o2atD1s1BKDRwXUoQzIEtu2GMi7jh1YJD9z0U4FoGOn7lYGseGvngBW4sDwCkpc0DlBEYRavxxAvGyK4kqa0jd0eJ26-NAS-zKc1n28uv5iq8aXyorfY7s6QPp7rVi-2rZIyHfQI8mU8pDaVQBxV-AxxMnGXrAEGeM2mZhOy-tEe6cYpM0Uoy3YnTYgveKjujpeu_QrZuRTAvS1CSBtplBwAAReyvYXrniiKFK4iT6zN4qhFpkQdvtPjBGV1snGZBVPgNiJjE-d9imRqaiSqXZJWwDnG-FMHin4JWbUXVsT2wVGw-o8exFLp1p2EUVobw8YGuwgFrAwm-Q3l5PLHgJpd8-hDBcjBmmvqMh__4y%26bid%3D0.021892081860232598&icons=FjuqW8Vy2XBocOWch7m7Ovq3u1hLBQAiIq9Y4ZZ-cFD3An422QRQfILw6qB0CmNhsgkAxnls0XsB54og3nOqoiekRCIQgQMjeYMnL17Jw8Mnco3g5rfsXfNW4Cab75oVHc7SyOHAWsI6wdRyChEdVRqrPcDTBX56-o0bH75_jb8GQBn-YDDVi6b5a-4qmTP_4DoH5Lb-W5lbkcptmYlKCY1aX4gjPrmsMbT2gHKLA1j-nwit9GViffTuo5c8pF55avXdZ3Kaye_RyreCVQepwyERc6aJM4hncYAY80eY-UUCAUAmJJGJ-VZgSLCdJpdjMPrKCibORPy26M522L32L2mF3RgtW4bU5x9kECzacOJk-BZCq67FZT65nQDeqqvOpSr7dteH9bH_2fhpjTfz11XXvqpeZrWioAIp7HSUI7qcrbn2UxPJB9IrGIVlz6-OLKJF-GJCM6uImVTlutFpnddFWVMlnDLoKhEleGHrahYaXFwXSnIxVBMOB8t0vE22c5IqLOd95JOJrko6dI4nmTJhLcy4j3vC6asFrICz2K9lJwDwCztHIJA9yM_13Jt9NS1CHlYyBuerhsE7PzxgeLODOmmT8YRPNQnwz-hbgNTJX4MLT9JLTNhw5IsgcHqMLgOVe9ky7SshhIco2VDD6cH74DdD8BXM3-PAdbzyeuQkL9GiOQlEu_WWZiFoW5tNi_sOaUcOaS-isGDJ-Fmhi-JPovYXvK4X0kzouN-2BGtt61dq7Y1199TLnTqZyGDhG9s8v36fCQVbR92-sIcSdo7qQ5-lQAjggPK2K8Afq1SRrXjXMEWAa9vTq40jOb-NGGGH_X-7Y_SrzLcwNiHKQ7GjGYm3pzC-VDDDAgolqshwPrd59C8W3VpX5kn3r23XB6TsW2M_dn4TQMJoVtJdDjTjCgWnPCjewCggZ7vjWBFz9n_ozxAYFYI0bmleqXfaEG2A-DU9sW-PszCgNypF9vXR_0PE7I5pbgw9R0fcn2FC2Aw0SRW0cbRl4OGl6mGpZZsPaLlx4kgpxNKaWDc64qQhnGnOP8IedbLkB7_Wo-yM4_o1znpQL7e-mfm0dbke8bRYOnnJLFtmJgcbx1TjuWlJqRYRqAhEAmAGTyimCtLbCkfb0mbkblL730Q55k9-dCsFjrnZdjoqqLLkMtBsRWnP1SiXtA0I7EJZGEazswwk9MP-3t5RIfXDxUxKXRxdvlXdFIW7gnKZtCEwx7wCIOevan86rMXdK0Pjb0OLf5FhTNWB8gC8fcYn51cnu35tGEsRdSZDVvA9pf2X2Sn7FlEduerbFu2J971w27zTJE5OoDjbH5z6&ext_cid=224906&px_id=73560190&min_cpm=0.0034945246943458496&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=8117263191875138272&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.03162566010952003&cpm=0.021892081860232598&verify_hash=b31ef6355731aaf4479cab03c695f110&is_native=1&real_bid=0.02170381003139515&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=98,4,90,5,33&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715307610&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.06&cpa=dea31cbf-28db-4d10-b901-f8c74f9d7464&prev_step_diff=1094
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&refdom=www.amdahost.com&auction_time=1715134810&subid=1211831614&sid=860202703&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-08&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=36.73906512521945&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DQxrEUmBDdpb4NK_-VldEm9effG0D6d13J2L3NUEc4kLaFuiMj_QFo9OVL-odhixBXBfLyadEXHMRnrdKNC9vn2gfsKRWcrKfMlNqBiVlRGadGO2DQIqhpLoFtN2k2JzdI2zKJQAul7srrEY32L69qg4N-Te2BkFr6Y6PeuaL_XXlzHNy90-xUlE1Ak5ldD2cVmxSLyQPyn-_cGRZ_4yVeHkSd9X-ehiz2WfkXlbI-WJtBp8VtaDAERzTiD2qZURIClW2AzVycGAZXKm7ShQTVRwSxQ4JZZS1vQalWYF6c-u51X61PP4N7FaYE_Ku-aNUuiVMiVXR_RrI3kpEHaffFN_iCs8aboyzAWxaiJ4BLF69BoItEKpUaRErN0iXrMcAOuZrRC_WhXqylSWj2IOhMYlGYz4JUWnQGKWHS6A5aSy1djzeFGJajca8vZ88daFyqXukwCPDQGr7oxyRtr1ufPoFKqs2-dkKEJAOoqt4OuSEuKx_MHq0zdaI5F__EJfg51dcYHUMY9VVv3f-Wd8n7lfkEkrG_KiA0QCJkoVd7As34pLDCLj29KI6Njp4OQV8YokltFuaz1ED16Ww94zOOgvlzeT8JFQktiJONXvHmWI3gdtGIi4xEiNU7QO4JaxzfupHJSYKO-0q3eNG4ntjaqFOGtPxbC7LeG17FXERS8eZRJvxWZpZRJtIn31JaksJZOJ7Ku6ghMJSBSI0GboDT6D9RFqT6gmTDmUKup7-phzYbEQlOduZBHFZnX1iCF_t5O8LMOK9C5lM8X6GYGrQ7hAb6OrWrQ2HlrC6p-z663-VYmwwmRpF9reNCH-LYFt6dVSD3E6uBmadknSvGX10wQUQGn3fBQpmHZ2VLxUpoW1u-w8-KlMflZxcMK3xi1sIRdZrQuckaHf9_V2IH1OJXcdll8MKVKE3_nHdxqSlvTqgi7F3nZwJ9LaoXznLCYDyo3hbq4o2atD1s1BKDRwXUoQzIEtu2GMi7jh1YJD9z0U4FoGOn7lYGseGvngBW4sDwCkpc0DlBEYRavxxAvGyK4kqa0jd0eJ26-NAS-zKc1n28uv5iq8aXyorfY7s6QPp7rVi-2rZIyHfQI8mU8pDaVQBxV-AxxMnGXrAEGeM2mZhOy-tEe6cYpM0Uoy3YnTYgveKjujpeu_QrZuRTAvS1CSBtplBwAAReyvYXrniiKFK4iT6zN4qhFpkQdvtPjBGV1snGZBVPgNiJjE-d9imRqaiSqXZJWwDnG-FMHin4JWbUXVsT2wVGw-o8exFLp1p2EUVobw8YGuwgFrAwm-Q3l5PLHgJpd8-hDBcjBmmvqMh__4y%26bid%3D0.021892081860232598&icons=FjuqW8Vy2XBocOWch7m7Ovq3u1hLBQAiIq9Y4ZZ-cFD3An422QRQfILw6qB0CmNhsgkAxnls0XsB54og3nOqoiekRCIQgQMjeYMnL17Jw8Mnco3g5rfsXfNW4Cab75oVHc7SyOHAWsI6wdRyChEdVRqrPcDTBX56-o0bH75_jb8GQBn-YDDVi6b5a-4qmTP_4DoH5Lb-W5lbkcptmYlKCY1aX4gjPrmsMbT2gHKLA1j-nwit9GViffTuo5c8pF55avXdZ3Kaye_RyreCVQepwyERc6aJM4hncYAY80eY-UUCAUAmJJGJ-VZgSLCdJpdjMPrKCibORPy26M522L32L2mF3RgtW4bU5x9kECzacOJk-BZCq67FZT65nQDeqqvOpSr7dteH9bH_2fhpjTfz11XXvqpeZrWioAIp7HSUI7qcrbn2UxPJB9IrGIVlz6-OLKJF-GJCM6uImVTlutFpnddFWVMlnDLoKhEleGHrahYaXFwXSnIxVBMOB8t0vE22c5IqLOd95JOJrko6dI4nmTJhLcy4j3vC6asFrICz2K9lJwDwCztHIJA9yM_13Jt9NS1CHlYyBuerhsE7PzxgeLODOmmT8YRPNQnwz-hbgNTJX4MLT9JLTNhw5IsgcHqMLgOVe9ky7SshhIco2VDD6cH74DdD8BXM3-PAdbzyeuQkL9GiOQlEu_WWZiFoW5tNi_sOaUcOaS-isGDJ-Fmhi-JPovYXvK4X0kzouN-2BGtt61dq7Y1199TLnTqZyGDhG9s8v36fCQVbR92-sIcSdo7qQ5-lQAjggPK2K8Afq1SRrXjXMEWAa9vTq40jOb-NGGGH_X-7Y_SrzLcwNiHKQ7GjGYm3pzC-VDDDAgolqshwPrd59C8W3VpX5kn3r23XB6TsW2M_dn4TQMJoVtJdDjTjCgWnPCjewCggZ7vjWBFz9n_ozxAYFYI0bmleqXfaEG2A-DU9sW-PszCgNypF9vXR_0PE7I5pbgw9R0fcn2FC2Aw0SRW0cbRl4OGl6mGpZZsPaLlx4kgpxNKaWDc64qQhnGnOP8IedbLkB7_Wo-yM4_o1znpQL7e-mfm0dbke8bRYOnnJLFtmJgcbx1TjuWlJqRYRqAhEAmAGTyimCtLbCkfb0mbkblL730Q55k9-dCsFjrnZdjoqqLLkMtBsRWnP1SiXtA0I7EJZGEazswwk9MP-3t5RIfXDxUxKXRxdvlXdFIW7gnKZtCEwx7wCIOevan86rMXdK0Pjb0OLf5FhTNWB8gC8fcYn51cnu35tGEsRdSZDVvA9pf2X2Sn7FlEduerbFu2J971w27zTJE5OoDjbH5z6&ext_cid=224906&px_id=73560190&min_cpm=0.0034945246943458496&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=8117263191875138272&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.03162566010952003&cpm=0.021892081860232598&verify_hash=b31ef6355731aaf4479cab03c695f110&is_native=1&real_bid=0.02170381003139515&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=98,4,90,5,33&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715307610&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.06&cpa=dea31cbf-28db-4d10-b901-f8c74f9d7464&prev_step_diff=1094 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:10 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Thu, 08 May 2025 02:20:10 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.06&cpa=a0784a67-a537-461a-91c9-1b34e870b054&prev_step_diff=1094

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.06&cpa=a0784a67-a537-461a-91c9-1b34e870b054&prev_step_diff=1094
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.06&cpa=a0784a67-a537-461a-91c9-1b34e870b054&prev_step_diff=1094 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:10 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Thu, 08 May 2025 02:20:10 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Archivo+Black&display=swap

142.250.74.106

200 OK

880 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Archivo+Black&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
880 B (880 bytes)
Hash
86c7f6eed115878ad4b3e7fb3666036d
848f9fb7a3c5ff796b3292c989c0e05ec07bfad4
c86eed446399ca6de8f232c4fd52211f0cc6602d9915c614894cfb66d1dcaafb

HTTP Headers

GET /css2?family=Archivo+Black&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 02:20:06 GMT
date: Wed, 08 May 2024 02:20:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

p.a64x.com/in/tip_shows/?katds_ep=FFlqSh6P1JTuz_x0JD4f0NGYnj6BksoPBqOskF7Rh-jv3SvOTCYk-4ZDaEgj6u7y0aHSVGflQRMn7GcVc4XFAJvN7lk4krdJ7PXRLNrTKRlqps6jEg5DP22zXJonE_42gK4TRcov32K8coauJll4lKKDW6_CRpX1gOD2VOF-hLLlWwyzqjds7SinrFPE0Dr64iDay9ajosxmH5Bzx_m31dAwAMZixvF2CO62WqZYSPo2U6fAKHRKWHKBgwI1--OPxaXmdKIHd8vPp-82mnsbjXUmQlHIx-1q8u9mdSGIVHbcn6r5sfgBpg-r2UeQpc11exdjXMEItUkJMJyufgEQUH8KjVbzYfnvrHRAqkfl0U5pgBgfB93Y7U2jp1KyDyx5c2P9EsM_j8a7ODYYUGTlsy04h0w3mEVa2peMkXQU1Q_OFwmaZUTgM5t5QmOGb_nstiNLGuuCb0vRraKP67--e8lvvJFdNl3Nm4TWx6voikxrfbOr7B4wpwPbxtCyAtWnp0EjCC4NL8FSAjTjJCScHW79_dKBbpukctYVrEsgt7yY6CkcE3Pke2HfzRJuGxcDOy_jdBYBYSOUqnzfX7pNul8QZU2jJizQ_WTibw0utGDPLmd1Q7AR3bRSs-N-j1FVnSNQ18t4fQ05gjUihZerJeufVJP1M1XDq_UGxaw1YqklPAjDWYlN9Ih56jgx0iuPzlhbLOl4XNQ8R5osV17yo_dx7EwJmfeZMA-Wwxyq0_ExEFaf9EE0Wg9-qYBDuArClxiL8F8MDnsPGHczEx6PF2jk-8Nh3XH0qh1y2Dlskc_9jnb8llU66DjEUCFlsbAEj77aStj9uffbIQf_79gWwOgBohySY-vUnz04qLtPo8R302_6LOIZ-aebg0nR&bid=0.021892081860232598&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.06&cpa=eeb1ca4b-73a0-4c2b-a62a-20ceff9100f4&prev_step_diff=1094

172.67.185.171

302 Found

0 B

URL GET HTTP/2
p.a64x.com/in/tip_shows/?katds_ep=FFlqSh6P1JTuz_x0JD4f0NGYnj6BksoPBqOskF7Rh-jv3SvOTCYk-4ZDaEgj6u7y0aHSVGflQRMn7GcVc4XFAJvN7lk4krdJ7PXRLNrTKRlqps6jEg5DP22zXJonE_42gK4TRcov32K8coauJll4lKKDW6_CRpX1gOD2VOF-hLLlWwyzqjds7SinrFPE0Dr64iDay9ajosxmH5Bzx_m31dAwAMZixvF2CO62WqZYSPo2U6fAKHRKWHKBgwI1--OPxaXmdKIHd8vPp-82mnsbjXUmQlHIx-1q8u9mdSGIVHbcn6r5sfgBpg-r2UeQpc11exdjXMEItUkJMJyufgEQUH8KjVbzYfnvrHRAqkfl0U5pgBgfB93Y7U2jp1KyDyx5c2P9EsM_j8a7ODYYUGTlsy04h0w3mEVa2peMkXQU1Q_OFwmaZUTgM5t5QmOGb_nstiNLGuuCb0vRraKP67--e8lvvJFdNl3Nm4TWx6voikxrfbOr7B4wpwPbxtCyAtWnp0EjCC4NL8FSAjTjJCScHW79_dKBbpukctYVrEsgt7yY6CkcE3Pke2HfzRJuGxcDOy_jdBYBYSOUqnzfX7pNul8QZU2jJizQ_WTibw0utGDPLmd1Q7AR3bRSs-N-j1FVnSNQ18t4fQ05gjUihZerJeufVJP1M1XDq_UGxaw1YqklPAjDWYlN9Ih56jgx0iuPzlhbLOl4XNQ8R5osV17yo_dx7EwJmfeZMA-Wwxyq0_ExEFaf9EE0Wg9-qYBDuArClxiL8F8MDnsPGHczEx6PF2jk-8Nh3XH0qh1y2Dlskc_9jnb8llU66DjEUCFlsbAEj77aStj9uffbIQf_79gWwOgBohySY-vUnz04qLtPo8R302_6LOIZ-aebg0nR&bid=0.021892081860232598&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.06&cpa=eeb1ca4b-73a0-4c2b-a62a-20ceff9100f4&prev_step_diff=1094
IP
172.67.185.171:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjecta64x.com
Fingerprint86:FD:2B:DD:CC:BD:8D:ED:C0:8D:41:81:C1:48:2D:45:D6:4F:67:88
ValidityTue, 19 Mar 2024 14:58:28 GMT - Mon, 17 Jun 2024 14:58:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/tip_shows/?katds_ep=FFlqSh6P1JTuz_x0JD4f0NGYnj6BksoPBqOskF7Rh-jv3SvOTCYk-4ZDaEgj6u7y0aHSVGflQRMn7GcVc4XFAJvN7lk4krdJ7PXRLNrTKRlqps6jEg5DP22zXJonE_42gK4TRcov32K8coauJll4lKKDW6_CRpX1gOD2VOF-hLLlWwyzqjds7SinrFPE0Dr64iDay9ajosxmH5Bzx_m31dAwAMZixvF2CO62WqZYSPo2U6fAKHRKWHKBgwI1--OPxaXmdKIHd8vPp-82mnsbjXUmQlHIx-1q8u9mdSGIVHbcn6r5sfgBpg-r2UeQpc11exdjXMEItUkJMJyufgEQUH8KjVbzYfnvrHRAqkfl0U5pgBgfB93Y7U2jp1KyDyx5c2P9EsM_j8a7ODYYUGTlsy04h0w3mEVa2peMkXQU1Q_OFwmaZUTgM5t5QmOGb_nstiNLGuuCb0vRraKP67--e8lvvJFdNl3Nm4TWx6voikxrfbOr7B4wpwPbxtCyAtWnp0EjCC4NL8FSAjTjJCScHW79_dKBbpukctYVrEsgt7yY6CkcE3Pke2HfzRJuGxcDOy_jdBYBYSOUqnzfX7pNul8QZU2jJizQ_WTibw0utGDPLmd1Q7AR3bRSs-N-j1FVnSNQ18t4fQ05gjUihZerJeufVJP1M1XDq_UGxaw1YqklPAjDWYlN9Ih56jgx0iuPzlhbLOl4XNQ8R5osV17yo_dx7EwJmfeZMA-Wwxyq0_ExEFaf9EE0Wg9-qYBDuArClxiL8F8MDnsPGHczEx6PF2jk-8Nh3XH0qh1y2Dlskc_9jnb8llU66DjEUCFlsbAEj77aStj9uffbIQf_79gWwOgBohySY-vUnz04qLtPo8R302_6LOIZ-aebg0nR&bid=0.021892081860232598&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.06&cpa=eeb1ca4b-73a0-4c2b-a62a-20ceff9100f4&prev_step_diff=1094 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 08 May 2024 02:20:10 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nRtXp70eNt7xhO87GrCyEkSD9Jhl29pH2R2%2FO553aAwdIhQMyFcyk3V4gmfCVdfC01R%2FulasRzQECzPWw2pSQ6%2Bg5w%2BmaK%2F2Xfin3fhdeWCSeMARfkA63u2Lok6t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8178f1db512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg

45.133.44.24

200 OK

11 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3
Size
11 kB (11228 bytes)
Hash
7a0f4319e0c7d4e0ec42eae657ba39fd
e2940c23868c5975a1dc1a3c963609b34abbe6b5
6c0278ead1dce8c37b6b233d5251184cd820586eeb5d30db860c1c7315d5dba0

HTTP Headers

GET /m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:10 GMT
content-type: image/jpeg
content-length: 11228
server: nginx
last-modified: Tue, 09 Apr 2024 19:56:57 GMT
etag: "66159d89-2bdc"
x-request-id: 13aea49745d30295dcee0faf2bf8a0c1
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg

45.133.44.24

200 OK

2.5 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3
Size
2.5 kB (2460 bytes)
Hash
9eb726ecf5e85e3b48f854490ff8284a
d08b4f022e64d06f2642c5c9217d35b7851516d5
30bd73405bb72856107c9e940bece489b670970c3d2e4d6b592cc138a67a3c05

HTTP Headers

GET /m/p/0/777/777181/conversions/PguV688J-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:10 GMT
content-type: image/jpeg
content-length: 2460
server: nginx
last-modified: Tue, 09 Apr 2024 19:56:49 GMT
etag: "66159d81-99c"
x-request-id: 064bc710493213dae1825c3b2f5e7289
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=5f2cd5c6-38c6-438a-8d81-d3e3758efbcc&subid=14364679&spot_id=560192&created_at=2024-05-08&timezone=0&ver=1.141.0

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=5f2cd5c6-38c6-438a-8d81-d3e3758efbcc&subid=14364679&spot_id=560192&created_at=2024-05-08&timezone=0&ver=1.141.0
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=5f2cd5c6-38c6-438a-8d81-d3e3758efbcc&subid=14364679&spot_id=560192&created_at=2024-05-08&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:11 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mcpuwpsh.com/get/

94.130.197.240

200 OK

4.7 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
4.7 kB (4704 bytes)
Hash
cc0a670c2bc6f84eef8c1b7631a78dae
631a8f27b572c38e6c2a2f5d0dc172192e3228ed
e4ab9ac3ec1b77d17e61df35ac4f6f6d1b731d4249ad932e11da2877e92bdc0b

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1482
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Wed, 08 May 2024 02:20:11 GMT
content-type: application/json
content-length: 4704
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzRavSterGnAID5zfHSl7RIFh79eh_pkq1CNb3SvVQpoJVYL5d5ydvxuVZxGTHFYlB_M5zTmA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358285550%3A1715134810625203&theme=mn&ddm=0

64.233.165.84

403 Forbidden

7.6 kB

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzRavSterGnAID5zfHSl7RIFh79eh_pkq1CNb3SvVQpoJVYL5d5ydvxuVZxGTHFYlB_M5zTmA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358285550%3A1715134810625203&theme=mn&ddm=0
IP
64.233.165.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A
ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT

File type
gzip compressed data, max compression
Size
7.6 kB (7636 bytes)
Hash
4cd083d40424124ec5466bb12061f866
6603d89a903bfc45d80d897083945d3154ab3752
cfdd561023f35538036ee1d2028d312b5f3e849a230f63571cad8ab7634a6bab

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzRavSterGnAID5zfHSl7RIFh79eh_pkq1CNb3SvVQpoJVYL5d5ydvxuVZxGTHFYlB_M5zTmA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358285550%3A1715134810625203&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 08 May 2024 02:20:10 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-6u7Huk7AgDNPBN2Kz9m-3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

nereserv.com/in/dip?event_id=e488f972-3721-4883-92b7-dee5f4110051&subid=308553955&spot_id=529502&created_at=2024-05-08&timezone=0&ver=1.141.0

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=e488f972-3721-4883-92b7-dee5f4110051&subid=308553955&spot_id=529502&created_at=2024-05-08&timezone=0&ver=1.141.0
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=e488f972-3721-4883-92b7-dee5f4110051&subid=308553955&spot_id=529502&created_at=2024-05-08&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:12 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans

142.250.74.106

200 OK

1.5 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Open+Sans
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.5 kB (1541 bytes)
Hash
f2e2ef45d2e72cd58cb4a28a026e2eba
08b163ec93f2cb06aca2eb9aa413c4bc34da87ca
58d73cf4b2557a8ad017611aa851b9b9db34a2b8db5976a6c04907ad5bd2cfd7

HTTP Headers

GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 02:20:13 GMT
date: Wed, 08 May 2024 02:20:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

nereserv.com/in/dip?site=native-push&wl=1&event_id=5bdeb259-c9ca-4b2e-a4c2-07e3441d908b&subid=1511354673&sid=2590395888&spot_id=529500&created_at=2024-05-08&timezone=0&ver=8.159.0&is_native=1

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=5bdeb259-c9ca-4b2e-a4c2-07e3441d908b&subid=1511354673&sid=2590395888&spot_id=529500&created_at=2024-05-08&timezone=0&ver=8.159.0&is_native=1
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=5bdeb259-c9ca-4b2e-a4c2-07e3441d908b&subid=1511354673&sid=2590395888&spot_id=529500&created_at=2024-05-08&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:14 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

1e7942d985.fff2788093.com/in/multy

157.90.84.246

200 OK

0 B

URL POST HTTP/2
1e7942d985.fff2788093.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectfff2788093.com
Fingerprint81:F0:97:8F:8A:B3:D7:C6:23:C1:FC:F8:5A:A0:2A:EB:73:8A:C7:10
ValidityMon, 06 May 2024 12:38:51 GMT - Sun, 04 Aug 2024 12:38:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 1e7942d985.fff2788093.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:14 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

32879.2481april2024.com/hiNDCoc5OA_oZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmq6lubuKcgEfSrhO0g0Jv21dBmL_TPyblUJm7Q?kws=video%2Cclan%2Cwithout%2Ctaboo%2Cwant%2Cfuck%2Cstepsisters%2Cdelicious%2Cpussy&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Wed%20May%2008%202024%2002%3A20%3A07%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1

88.208.22.4

200 OK

7.2 kB

URL GET HTTP/2
32879.2481april2024.com/hiNDCoc5OA_oZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmq6lubuKcgEfSrhO0g0Jv21dBmL_TPyblUJm7Q?kws=video%2Cclan%2Cwithout%2Ctaboo%2Cwant%2Cfuck%2Cstepsisters%2Cdelicious%2Cpussy&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Wed%20May%2008%202024%2002%3A20%3A07%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
IP
88.208.22.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subject*.2481april2024.com
FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49
ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT

File type
Unicode text, UTF-8 text, with very long lines (46950), with no line terminators
Size
7.2 kB (7178 bytes)
Hash
8a9e185895a184fa9d757b001a0b0724
6aead0b2909e098e1bc8a253527d901c74ad6c43
3813e61044c2279f43477050f0cf02ac9cde752039d627127c6b998f90d6f49c

HTTP Headers

GET /hiNDCoc5OA_oZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmq6lubuKcgEfSrhO0g0Jv21dBmL_TPyblUJm7Q?kws=video%2Cclan%2Cwithout%2Ctaboo%2Cwant%2Cfuck%2Cstepsisters%2Cdelicious%2Cpussy&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Wed%20May%2008%202024%2002%3A20%3A07%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Wed, 08 May 2024 02:20:10 UTC
expires: Wed, 08 May 2024 02:20:10 UTC
content-encoding: gzip
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=62aa99e0-ba43-4b0f-b7aa-e1711c83a4e4&prev_step_diff=693

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=62aa99e0-ba43-4b0f-b7aa-e1711c83a4e4&prev_step_diff=693
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=62aa99e0-ba43-4b0f-b7aa-e1711c83a4e4&prev_step_diff=693 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:15 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Thu, 08 May 2025 02:20:15 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

157.90.84.246

200 OK

0 B

URL GET HTTP/2
1e7942d985.fff2788093.com/in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&refdom=www.amdahost.com&auction_time=1715134814&subid=1511354673&sid=2590395888&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-08&iabcat=IAB25-3&keywords=adult&user_fp=9474243627012240951&score=67.93361311907826&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&icons=wiP9MaW-pHYQjnaOe2-vBDSN05MAzWxkxik_yeqUVMaSasy57lDjTieM5dx2T8QehyHmFJ34D0CFNTaX_S6ZCsO_hMZAUGInatJ-HqKlAAipicB2qrA--sKXI6LHQ8JXhW6Rjgf-ij8gnIxSeCjVL1_jEw4X_7__mkuwLpM6C2lWMe1J_g&ext_cid=0&px_id=529500&min_cpm=0.09329738022515253&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2839302747906711941&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.01690861968759447&cpm=0&verify_hash=80d34a4753d1ada89c1a5a0ec88c1277&is_native=4&real_bid=0.00048587458372000106&original_bid_usd=0.00268093&original_bid=0.00268093&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,108,0,114,27&need_redirect_show=0&applied_features=coef_090,main-skins-settings&show_count=2&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00268093&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000026809300000000004&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=f6a350f8-7b43-479e-86ff-962e99b5ba19&prev_step_diff=694
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectfff2788093.com
Fingerprint81:F0:97:8F:8A:B3:D7:C6:23:C1:FC:F8:5A:A0:2A:EB:73:8A:C7:10
ValidityMon, 06 May 2024 12:38:51 GMT - Sun, 04 Aug 2024 12:38:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&refdom=www.amdahost.com&auction_time=1715134814&subid=1511354673&sid=2590395888&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-08&iabcat=IAB25-3&keywords=adult&user_fp=9474243627012240951&score=67.93361311907826&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&icons=wiP9MaW-pHYQjnaOe2-vBDSN05MAzWxkxik_yeqUVMaSasy57lDjTieM5dx2T8QehyHmFJ34D0CFNTaX_S6ZCsO_hMZAUGInatJ-HqKlAAipicB2qrA--sKXI6LHQ8JXhW6Rjgf-ij8gnIxSeCjVL1_jEw4X_7__mkuwLpM6C2lWMe1J_g&ext_cid=0&px_id=529500&min_cpm=0.09329738022515253&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2839302747906711941&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.01690861968759447&cpm=0&verify_hash=80d34a4753d1ada89c1a5a0ec88c1277&is_native=4&real_bid=0.00048587458372000106&original_bid_usd=0.00268093&original_bid=0.00268093&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,108,0,114,27&need_redirect_show=0&applied_features=coef_090,main-skins-settings&show_count=2&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00268093&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000026809300000000004&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=f6a350f8-7b43-479e-86ff-962e99b5ba19&prev_step_diff=694 HTTP/1.1
Host: 1e7942d985.fff2788093.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:15 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

js.mbidinp.com/npc/sdk/wpu/npush.m.js

45.133.44.52

200 OK

46 kB

URL GET HTTP/2
js.mbidinp.com/npc/sdk/wpu/npush.m.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectjs.mbidinp.com
FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C
ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
46 kB (46534 bytes)
Hash
e164f0fc509991890121aa763019689d
16f901a89a57f87c90d6cea80cff9f8bd32756dc
fdd439b2c8d28676c5e03847afc19252a3d6d88a670ba48db4ac020866c6b6ec

HTTP Headers

GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Wed, 08 May 2024 02:25:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777156/conversions/3b69WTpe-minify.jpg

45.133.44.24

200 OK

10 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777156/conversions/3b69WTpe-minify.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3
Size
10 kB (10147 bytes)
Hash
d27321438be78f72c18f84cecb85c11e
31084685ba871245f90f4ac23949bc4aa37ce39b
d08796c038822a8e5b0b8f249dda868ce114459c911091b0969acf32df501b98

HTTP Headers

GET /m/p/0/777/777156/conversions/3b69WTpe-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:15 GMT
content-type: image/jpeg
content-length: 10147
server: nginx
last-modified: Tue, 09 Apr 2024 19:44:54 GMT
etag: "66159ab6-27a3"
x-request-id: a42fb51f65ac1ae8733899620e4ac07b
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

p.a64x.com/in/tip_shows/?katds_ep=DvV55Pi2A-D7HlFF4IDTvmYm5F_vwUhl570ij7d2lUTFjPaMwGUFWZY2tkbtvjk4twFItF2LOsFFxU4RqdNHb5uEz1-wQEXll9dlHpR3Nv-3vBwD-cWlWsT8xcDjxpxLaCXneWdBmWj8t04b3X8rDypFZOY6X4UCuiMvlw4c0FcC0tRfPLARrmI3ZCWaC4nLqSGhwTiJCY4o-6mgRVpgbNuYcODYFQAQvcx2otUbLCyAfrw05TS4uK9pUvjypGfowIbfYYa980ajtgcSN6Iu9yCI_tWwE6GttmDMwb8du2NT8DxSF-rCy4RyY2agJj94im-a6I2W5W9mA7e2HmQDa731i9YMX3ALjvGgxbPyvsNTGTti4pmobUGwO1iuOM6fmpIZECq5rtoUcTYN0F-kT_AjSRZ5mpb8HOZPQL-bPYMjjEEJ3NMbXVf6H9166W6xjLbpb-3YXLW0FuLbRzjRkklesubWwFtQ-AEg9DN80piIsCeePcKgkpWEJTRL2WC-YfdrgG47bY6QQ5CxKkWcdcvTDGBTj1vBodNLkFjrMEa3D6vOOU847w5bp1GRczgT3BjTaUAPb7IF9pFwy7OWHpfX8r9B_UeHSZD5GrZA_-2H9Py_FqOuUI2fqdzOFLXYt8lhCSEdRhwmWyt1IHKV4VpFcfnv_mnmjuJI9-TnIuXS7txfiH1SjoIEjHsgAFcopYu69VQkvxbdpZM7oPRiIc2vW1XRrAYrCKkqsFdDJciBZZGYkjnMTNmjx6LLGuMiYPV6PrOpJ6O57zZ2Rmjdbmw_gRBlWGxA_mnJY5CQTfuhcNIzM9h70UlTb77YzzqBnf8iC23V77N17vstolt0rPbxnF0qRiSMfcgyr54ojRfi8h2TF4gG0xDMxI3q8A&bid=0.004899363770037027&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.13&cpa=31b7ad16-268f-4a66-84f0-5a81f188ec78&prev_step_diff=693

172.67.185.171

302 Found

0 B

URL GET HTTP/3
p.a64x.com/in/tip_shows/?katds_ep=DvV55Pi2A-D7HlFF4IDTvmYm5F_vwUhl570ij7d2lUTFjPaMwGUFWZY2tkbtvjk4twFItF2LOsFFxU4RqdNHb5uEz1-wQEXll9dlHpR3Nv-3vBwD-cWlWsT8xcDjxpxLaCXneWdBmWj8t04b3X8rDypFZOY6X4UCuiMvlw4c0FcC0tRfPLARrmI3ZCWaC4nLqSGhwTiJCY4o-6mgRVpgbNuYcODYFQAQvcx2otUbLCyAfrw05TS4uK9pUvjypGfowIbfYYa980ajtgcSN6Iu9yCI_tWwE6GttmDMwb8du2NT8DxSF-rCy4RyY2agJj94im-a6I2W5W9mA7e2HmQDa731i9YMX3ALjvGgxbPyvsNTGTti4pmobUGwO1iuOM6fmpIZECq5rtoUcTYN0F-kT_AjSRZ5mpb8HOZPQL-bPYMjjEEJ3NMbXVf6H9166W6xjLbpb-3YXLW0FuLbRzjRkklesubWwFtQ-AEg9DN80piIsCeePcKgkpWEJTRL2WC-YfdrgG47bY6QQ5CxKkWcdcvTDGBTj1vBodNLkFjrMEa3D6vOOU847w5bp1GRczgT3BjTaUAPb7IF9pFwy7OWHpfX8r9B_UeHSZD5GrZA_-2H9Py_FqOuUI2fqdzOFLXYt8lhCSEdRhwmWyt1IHKV4VpFcfnv_mnmjuJI9-TnIuXS7txfiH1SjoIEjHsgAFcopYu69VQkvxbdpZM7oPRiIc2vW1XRrAYrCKkqsFdDJciBZZGYkjnMTNmjx6LLGuMiYPV6PrOpJ6O57zZ2Rmjdbmw_gRBlWGxA_mnJY5CQTfuhcNIzM9h70UlTb77YzzqBnf8iC23V77N17vstolt0rPbxnF0qRiSMfcgyr54ojRfi8h2TF4gG0xDMxI3q8A&bid=0.004899363770037027&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.13&cpa=31b7ad16-268f-4a66-84f0-5a81f188ec78&prev_step_diff=693
IP
172.67.185.171:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjecta64x.com
Fingerprint86:FD:2B:DD:CC:BD:8D:ED:C0:8D:41:81:C1:48:2D:45:D6:4F:67:88
ValidityTue, 19 Mar 2024 14:58:28 GMT - Mon, 17 Jun 2024 14:58:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/tip_shows/?katds_ep=DvV55Pi2A-D7HlFF4IDTvmYm5F_vwUhl570ij7d2lUTFjPaMwGUFWZY2tkbtvjk4twFItF2LOsFFxU4RqdNHb5uEz1-wQEXll9dlHpR3Nv-3vBwD-cWlWsT8xcDjxpxLaCXneWdBmWj8t04b3X8rDypFZOY6X4UCuiMvlw4c0FcC0tRfPLARrmI3ZCWaC4nLqSGhwTiJCY4o-6mgRVpgbNuYcODYFQAQvcx2otUbLCyAfrw05TS4uK9pUvjypGfowIbfYYa980ajtgcSN6Iu9yCI_tWwE6GttmDMwb8du2NT8DxSF-rCy4RyY2agJj94im-a6I2W5W9mA7e2HmQDa731i9YMX3ALjvGgxbPyvsNTGTti4pmobUGwO1iuOM6fmpIZECq5rtoUcTYN0F-kT_AjSRZ5mpb8HOZPQL-bPYMjjEEJ3NMbXVf6H9166W6xjLbpb-3YXLW0FuLbRzjRkklesubWwFtQ-AEg9DN80piIsCeePcKgkpWEJTRL2WC-YfdrgG47bY6QQ5CxKkWcdcvTDGBTj1vBodNLkFjrMEa3D6vOOU847w5bp1GRczgT3BjTaUAPb7IF9pFwy7OWHpfX8r9B_UeHSZD5GrZA_-2H9Py_FqOuUI2fqdzOFLXYt8lhCSEdRhwmWyt1IHKV4VpFcfnv_mnmjuJI9-TnIuXS7txfiH1SjoIEjHsgAFcopYu69VQkvxbdpZM7oPRiIc2vW1XRrAYrCKkqsFdDJciBZZGYkjnMTNmjx6LLGuMiYPV6PrOpJ6O57zZ2Rmjdbmw_gRBlWGxA_mnJY5CQTfuhcNIzM9h70UlTb77YzzqBnf8iC23V77N17vstolt0rPbxnF0qRiSMfcgyr54ojRfi8h2TF4gG0xDMxI3q8A&bid=0.004899363770037027&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.13&cpa=31b7ad16-268f-4a66-84f0-5a81f188ec78&prev_step_diff=693 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 08 May 2024 02:20:15 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0R4AoZlRTCrBziJargTei5DEa6tvLF2iFk7FleYfz2%2FOENbDLdww4ktOHpzQBSrnw5RxX7eniEyJ1q%2Fs5mlXNj6ilIlk%2BJtmo%2BsvBreMRkMZlKAW2TIBBtK%2BIWY6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8339be1568a-OSL
alt-svc: h3=":443"; ma=86400

imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg

45.133.44.24

200 OK

3.0 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3
Size
3.0 kB (2972 bytes)
Hash
bbd50a964fd18363b647225883bbb908
960383ba8379454c49adc0ed9c0faf681a898d61
58deb046cbfa7bfae5ed5290686bda50b55be2bf0ea62f1577ca135a8fdeb10e

HTTP Headers

GET /m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:15 GMT
content-type: image/jpeg
content-length: 2972
server: nginx
last-modified: Tue, 09 Apr 2024 19:44:46 GMT
etag: "66159aae-b9c"
x-request-id: bcbe6ea9e5034af8477860eea5b5ead2
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/rum?

172.67.183.69

204 No Content

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/rum?
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 520
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Wed, 08 May 2024 02:20:30 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8805f89279bd56cb-OSL
x-frame-options: DENY
x-content-type-options: nosniff

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c2LONWyvnG9hR60wrT%2FBoEbVsrE%2Bxv8RRRDNE20LYkWj93KR8ds8BF%2FoKi52iW68fXuN9op5t5c2S4S%2F0dks5hktTNMf3pBd9kKAdvGuRHuluhEQ03rPg0OSRXl4RNHEIJzBbpI2cAd7dg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f812babeb517-OSL
alt-svc: h3=":443"; ma=86400

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/2
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Wed, 08 May 2024 02:20:09 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zGbBPaL4Mc58xgikRKJqzkNWmhirAp7Vk1sCC84y71Rp%2B8%2Flp9rqHkpP5H1mt1VR5UvaJChopd6MJ82DB9IZpJT0ZSHjjGkPpXjGWkqiqvOnxTMOxOrqyOzqbwfygW3GDs6A4qgoWRolIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f80e6e9b569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1202bb3601.29972123f3.com/85e8405e316bc191fffad51abaff7a3c.js

45.133.44.53

200 OK

169 kB

URL GET HTTP/2
1202bb3601.29972123f3.com/85e8405e316bc191fffad51abaff7a3c.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subject1202bb3601.29972123f3.com
Fingerprint75:6B:15:49:55:01:42:44:F7:47:B8:56:B1:92:DE:3D:8F:41:D0:21
ValiditySun, 05 May 2024 02:20:34 GMT - Sat, 03 Aug 2024 02:20:33 GMT

File type

Size
169 kB (168568 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /85e8405e316bc191fffad51abaff7a3c.js HTTP/1.1
Host: 1202bb3601.29972123f3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Wed, 08 May 2024 02:25:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=02hK4ArABkD%2BkKyAale1VfXqF%2BmTGax%2FUZ3csWOm%2Fr47DvqeRJznK4E1bP8yqyXgYkG5MlBgT0K3s56guD9sIlDikOIMHuVRio51h9EH6Gq98HaVuItnXzsiCZhQeE%2Fay1hD%2BZIbdoHcnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f814eb7fb517-OSL
alt-svc: h3=":443"; ma=86400

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:11 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NJnLQHMzo0iaOWqvhQbdO08%2BtAedCUkgfIZwLFJhJ2k3kVZJnq7GnsfAqDHNfHyw6nTeSzKski49U1SL3JZp8VhhS9%2B3%2FklBOYCH71FgCdcobezWbDixXCJZjzRJE4L3xSZzt9fYdVIdIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8195d43b517-OSL
alt-svc: h3=":443"; ma=86400

glakaits.net/?rb=ymGcWh6-hSYXeD1lz0tXkCu-der8NBaEniuN8V7nyXbkg0SVUSnousliK-5ysZOMJXRD9vl5w-9HLoM-FIIzXtasqJniPnWpN_aD2hSJd4EpYZK6BIEZoGAxnq4SmdEfgzAIei_coJVnJk5zMRGbPh4kEaiNow6uRArY8qEAHOO-U6dzRKDsnwDVJp8kuMNB0pc_jzlNelpz41Q02NQBteyWaYCW7InEGrSqDmDyzmPf2YvmO8S-Qe5KZycVakm6MQoqa4wCRUfVTVd0&request_ab2=0&zoneid=7446033&js_build=iclick-v1.788.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=4&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.9-auto&navlng=en-US&pnt=0&pnrc=0&bs=666bfca6-2879-4708-92b7-8d7e240e8d23&wasm=1&userId=o7ft575140je452692623f3b9fywj863&m=link

139.45.197.242

200 OK

2.3 kB

URL GET HTTP/2
glakaits.net/?rb=ymGcWh6-hSYXeD1lz0tXkCu-der8NBaEniuN8V7nyXbkg0SVUSnousliK-5ysZOMJXRD9vl5w-9HLoM-FIIzXtasqJniPnWpN_aD2hSJd4EpYZK6BIEZoGAxnq4SmdEfgzAIei_coJVnJk5zMRGbPh4kEaiNow6uRArY8qEAHOO-U6dzRKDsnwDVJp8kuMNB0pc_jzlNelpz41Q02NQBteyWaYCW7InEGrSqDmDyzmPf2YvmO8S-Qe5KZycVakm6MQoqa4wCRUfVTVd0&request_ab2=0&zoneid=7446033&js_build=iclick-v1.788.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=4&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.9-auto&navlng=en-US&pnt=0&pnrc=0&bs=666bfca6-2879-4708-92b7-8d7e240e8d23&wasm=1&userId=o7ft575140je452692623f3b9fywj863&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectglakaits.net
Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02
ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2360), with no line terminators
Size
2.3 kB (2337 bytes)
Hash
1f20b1236b67ed38609d6c17674b7160
d0ab1ff15ce4e37d2e686a3201efff0152f6ff6c
abc3ed57f05497ffc68af39aeb8e0ca9aed710c3cd8e07d717f85964d7bc4570

HTTP Headers

GET /?rb=ymGcWh6-hSYXeD1lz0tXkCu-der8NBaEniuN8V7nyXbkg0SVUSnousliK-5ysZOMJXRD9vl5w-9HLoM-FIIzXtasqJniPnWpN_aD2hSJd4EpYZK6BIEZoGAxnq4SmdEfgzAIei_coJVnJk5zMRGbPh4kEaiNow6uRArY8qEAHOO-U6dzRKDsnwDVJp8kuMNB0pc_jzlNelpz41Q02NQBteyWaYCW7InEGrSqDmDyzmPf2YvmO8S-Qe5KZycVakm6MQoqa4wCRUfVTVd0&request_ab2=0&zoneid=7446033&js_build=iclick-v1.788.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=4&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.9-auto&navlng=en-US&pnt=0&pnrc=0&bs=666bfca6-2879-4708-92b7-8d7e240e8d23&wasm=1&userId=o7ft575140je452692623f3b9fywj863&m=link HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:09 GMT
content-type: application/json
x-trace-id: 36a2dd77efb8c4141bc2cfaeba0e93d3
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=o7ft575140je452692623f3b9fywj863; expires=Thu, 08 May 2025 02:20:09 GMT; path=/; secure; SameSite=None
oaidts=1715134809; expires=Thu, 08 May 2025 02:20:09 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 15 May 2024 02:20:09 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ja9%2FXM9uQXUgLULVtgc6eeJuCk5YQgv5ivVoTYJfot1jKNRDCnYlWU0w1zND6W3krZRXcpWnROXIEZvN6fbZ8me24e72WwZowZbP2jGvok%2FQhj81XN2PrNP2njzJr7%2F4D5c%2FMBA%2Bj2TAQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f815fc0fb517-OSL
alt-svc: h3=":443"; ma=86400

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:11 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4KILpoykOOrsvoOoGltr4iPKp2LcHKJZa3rcWOh8S3uK2Z2Nj9dAjXZn9P8piVxIDh%2BYFx%2Bc6B7cap2CTf4Hm6HlbYgrrUup757o%2FmVpGIUPZeN8GGOl4yI%2FBOQwwfU3rewEuN7pi1YtPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8199d54b517-OSL
alt-svc: h3=":443"; ma=86400

zovidree.com/tag.min.js

172.67.166.14

200 OK

90 kB

URL GET HTTP/2
zovidree.com/tag.min.js
IP
172.67.166.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectzovidree.com
FingerprintE7:A2:02:40:34:64:74:90:8F:C4:F5:DA:6D:7F:08:2D:33:29:9A:FD
ValidityMon, 22 Apr 2024 15:25:10 GMT - Sun, 21 Jul 2024 15:25:09 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89874 bytes)
Hash
7573260aff69fe8406b0115ab4bcefaa
f7f5c31f2481bd176a9b79deff1b7c0d4878f87c
280186476a1f8103793e2139d4654b16f61a2a1d393966388f55b8ed795ebba3

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: zovidree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 1a13b2616487079790d1ad15928b1eb9
cache-control: max-age=86400
last-modified: Sun, 05 May 2024 17:51:41 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Wed, 08 May 2024 03:11:59 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 83285
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ii48QwJlJYEBg%2F8rW41m4jBq4D7Y%2BjG472o0M4OeeXfD4bfJz4yesoNsfmUsTGxmtVmX%2BTsbpObamKhkocYcfv15OPsUgPy24LETh49fkcbcsB1kb7AWrjghZDj1DQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f7ffe8a7712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6L8wWjTlpmRVpjS2I6cU1tIZG7zpQ4pLcu5bcCdpDRwHuyG4zsFqZecf669jLOPHPStDMdKKZ%2FoN5A9bAYLlgdd%2B0eXnZGGfTqGPy1%2FBqLnwYd0uCNx1RGF6W9o1BqH3X8EiKFDX85RCEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8149b5cb517-OSL
alt-svc: h3=":443"; ma=86400

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:11 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WmNEaoFWxFaMJOSWAmmgFsm6iKZ57B%2FVEVsAmQNtQmGPl9Y29anGrZD1k8Q8llv5zREoJ6KtrulkXSGcQ5u1klFwbSlQHR5%2BziuXUjaEoqwKt%2BpM3xXEE8hG%2B%2BHgN9NpY0IzSnN%2B3fQfNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f819ed6bb517-OSL
alt-svc: h3=":443"; ma=86400

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/2
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Wed, 08 May 2024 02:20:09 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ohLTfY0am09ZpJsH8A9zuBWLLT8sOiqa3%2BGKt7Ss497A2vAYy3X%2BEd%2BHzKJpJfYpa7Cnv5S5%2BwUI2f0wJbg4d8ZdR%2FGefxwSm9AbWJFNFZQRGGFVot1VRTcMlGvKAEruoZFKQ6t4ImpXxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f80edecf569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:11 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=StPX8GsU8FOS9tkoG3qR5IgZj30BFt88tx0u3HDXP%2BFjhMK6so4GGCsAXnzvtdVxjm3GfflgpEP9EFVlWCuxlBxAJ8nVyZDq90uzc5QKBQKaCpFHVvTc2Ma1AU9Z3oCl1D%2FFsooaFMpzuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8190d29b517-OSL
alt-svc: h3=":443"; ma=86400

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MYYhaeFGJj214qLLB3as6QVl94%2Fhbrd8tRt6MJR8bGoajVOFEv2AFdAj0GpbhTTV%2Bac79LQk7IGis9P7mIyGXleCbHqwokyWiEmpMcaray9OhYWHX%2BZA8CG633F8GVzviYo4J9%2FjTsZ7Ew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8163c34b517-OSL
alt-svc: h3=":443"; ma=86400

mpougdusr.com/bultykh/ipp24/7/bazinga/2020090

212.117.190.201

200 OK

158 kB

URL GET HTTP/2
mpougdusr.com/bultykh/ipp24/7/bazinga/2020090
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66
ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65107)
Size
158 kB (158045 bytes)
Hash
c6ea5aedb4469e81f7d41b0eec41f409
7d7edc7b87462fb56c5e3c17c86bebad542d1d6f
72ad45cf0dd548c1f9611c35289dec90c22375b45bf1aa33d6a14ac7f896865b

HTTP Headers

GET /bultykh/ipp24/7/bazinga/2020090 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:06 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-269a3"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

1202bb3601.29972123f3.com/569f22a889f80ae5fb51436365dfe21c.js

45.133.44.53

200 OK

101 kB

URL GET HTTP/2
1202bb3601.29972123f3.com/569f22a889f80ae5fb51436365dfe21c.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subject1202bb3601.29972123f3.com
Fingerprint75:6B:15:49:55:01:42:44:F7:47:B8:56:B1:92:DE:3D:8F:41:D0:21
ValiditySun, 05 May 2024 02:20:34 GMT - Sat, 03 Aug 2024 02:20:33 GMT

File type

Size
101 kB (100855 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /569f22a889f80ae5fb51436365dfe21c.js HTTP/1.1
Host: 1202bb3601.29972123f3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:08 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 06 May 2024 08:27:28 GMT
etag: W/"66389470-189f7"
content-encoding: gzip
expires: Wed, 08 May 2024 02:25:08 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bq560rMl8HBuXUX%2FpIFp1bCBtsyvA8u5Zs3DSgI4XJRn7kOO3ZH5OihzA3R9WrBu%2FzjtoXuyuCr1chNu2G%2F%2FyWuWPT2JaieNnGfSJc9gkZaVfhYa0dqPSdmm3akKkl7SZ5e4khgYcbCocw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8153b9fb517-OSL
alt-svc: h3=":443"; ma=86400

www.amdahost.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js

172.67.183.69

200 OK

7.9 kB

URL GET HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
JavaScript source, ASCII text, with very long lines (7908), with no line terminators
Size
7.9 kB (7908 bytes)
Hash
456bf3e3dad6f5ede6f71ba681a332ba
aca7e19d20a96e158702117fdf51203c1a1404cc
08e0d5aaa5f3972ebb42394c109dc71e7da952974b34389ce35f77f95eb004ef

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
cache-control: max-age=14400, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GbzEflgYRAcrpuIThmREUzj%2BHf7DS6Cf6RZ7FqdRlKcktFDFpFWmg0K%2Ff%2Ft7mDFP7wdOFvYjdVH5rbspL%2FcVUxAOcZMvsbGhK3Yh1ndZ2JXb00sB6VFN1VZSXl35CoJjJgaH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f8021ba456cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4smlaJM30882IMRSbYLX3qGurAG1%2Bt0fPg2eMQFn1Bk4dFoYTxajGzSEsgrXZ9ZGqVuQHVqcC%2BC89%2BKtVs%2FNcQdc%2FcnaWJy598oGOsPE17pMD8qH7B8Umb%2B5QBda0kRZ532teFVA0%2BFCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f815abe1b517-OSL
alt-svc: h3=":443"; ma=86400

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:11 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4jm77KIiRUscYXYJQLsaQWzjICcrDP4q8aL%2B%2Bc%2BblUtUpN014TYGG1r%2FfujJzcA46brPdjSjy74%2BMXOWiVclIXgESPA0ZY4uBbetbyhVQ0aXSfzYECnxb5JAAK%2Fh%2BTtJne6nEWNepUthgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f81a3d80b517-OSL
alt-svc: h3=":443"; ma=86400

metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzM2ODc2NzkzOTc0Njc2MzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4xIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC43NiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==

168.119.25.78

200 OK

0 B

URL GET HTTP/2
metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzM2ODc2NzkzOTc0Njc2MzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4xIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC43NiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
IP
168.119.25.78:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzM2ODc2NzkzOTc0Njc2MzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4xIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC43NiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 08 May 2024 02:20:09 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sxk0j7iJB0fXh9HBztWnlzka%2FDYmuja5f%2Fo2KbGIUHD7h0NnpGMxTdrL2m92DHe%2FLPAexBGlo0%2BRvsRgvZ4naIQ0WijljvidHs06HsfkDzzlfybN9rZOleHOW5SsKEozoR6CpQKf9rxhqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f813bb19b517-OSL
alt-svc: h3=":443"; ma=86400

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:11 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QaJ94Y93m0oYG8fafAfM3wMqwfwCguvLmkzy4Q4hU94hhLWBHRJXUJx1UeKKpDz0ZOVu7JTg%2Bp4jKM5zSzf60ezx9FuxGV3MlLWNDHSiJ77bFGbel7ccSpen1qdALVT4r92bQyLHuP1YUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f81a8da7b517-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Bebas+Neue&display=swap

142.250.74.106

200 OK

799 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bebas+Neue&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (817), with no line terminators
Size
799 B (799 bytes)
Hash
c493231efba2219e3348f16e938d7380
95b2c3d6221a58cbd7e96f2c05c40d03f53fb16c
ff65de3252fffb1650fca0c23a1a87351bf5b2385dc11e35e19b94c3495e4cf0

HTTP Headers

GET /css2?family=Bebas+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 02:20:06 GMT
date: Wed, 08 May 2024 02:20:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.amdahost.com/thumbnails/1714980024_c43a831a4f5a759d.jpg

172.67.183.69

200 OK

22 kB

URL GET HTTP/3
www.amdahost.com/thumbnails/1714980024_c43a831a4f5a759d.jpg
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 960x540, components 3
Size
22 kB (21555 bytes)
Hash
a2aeaf79359fbce3c7bafec616c5a1a3
76ba4b7035ed8b7f13b4b11a925af9d8175e3f4c
444ca16369e5587d7bef998e4ab2aab08a6da25394fce75b5551dc7649890f8d

HTTP Headers

GET /thumbnails/1714980024_c43a831a4f5a759d.jpg HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 02:20:06 GMT
content-type: image/jpeg
content-length: 21555
cache-control: public, max-age=604800
expires: Wed, 15 May 2024 02:20:05 GMT
etag: "5433-663884b8-8c5688;;;"
last-modified: Mon, 06 May 2024 07:20:24 GMT
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W2pj5PPFuYgRGcMM7SQ2aCrNV29rTgfZ5qAoiZIJYZpl3%2ByHx9H%2B1EsbS5K27UMbBH%2BBx3Zojy5GE2Hnme9BqSTf%2FoPwNn3R9cVGnMkGsC%2BaqpKR0%2FfjcspyLpphjuDqgWTM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f7f81fc056cb-OSL
alt-svc: h3=":443"; ma=86400

zokaukree.net/5/7446033/?oo=1&js_build=iclick-v1.788.9-auto

139.45.197.245

200 OK

2.9 kB

URL GET HTTP/2
zokaukree.net/5/7446033/?oo=1&js_build=iclick-v1.788.9-auto
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectzokaukree.net
FingerprintC0:B6:2C:1B:C6:37:68:38:7C:A4:E0:F4:BF:B4:8E:D4:CA:7E:2A:F1
ValiditySun, 05 May 2024 11:48:42 GMT - Sat, 03 Aug 2024 11:48:41 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3160), with no line terminators
Size
2.9 kB (2915 bytes)
Hash
9ca54578b7c224a71476b2251e6a9f03
5b0030a6d5ac224ff36d2df51986a3b654681b10
1d610bc8dc62cfda5c262c742a282594bdb7b22c424269c6f7b7490454eeb276

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/7446033/?oo=1&js_build=iclick-v1.788.9-auto HTTP/1.1
Host: zokaukree.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:08 GMT
content-type: application/json
x-trace-id: 920fccd240fb412473bc491440b402c8
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008056add9ec4edee58be14e040dc716; expires=Thu, 08 May 2025 02:20:08 GMT; path=/; secure; SameSite=None
oaidts=1715134808; expires=Thu, 08 May 2025 02:20:08 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

1202bb3601.29972123f3.com/edd3f584431195a64a2c615d7550e6a9/161855?version_name=d

45.133.44.53

200 OK

2.4 kB

URL GET HTTP/2
1202bb3601.29972123f3.com/edd3f584431195a64a2c615d7550e6a9/161855?version_name=d
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subject1202bb3601.29972123f3.com
Fingerprint75:6B:15:49:55:01:42:44:F7:47:B8:56:B1:92:DE:3D:8F:41:D0:21
ValiditySun, 05 May 2024 02:20:34 GMT - Sat, 03 Aug 2024 02:20:33 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2744), with no line terminators
Size
2.4 kB (2425 bytes)
Hash
57ed9e8789c799ac1c0cb88a331fc507
9499433765f97a3c779b7bd8bb0c6d61001bbe70
23725421b5fecd31ac898b0c3b41b8d7dfef35d750da060be73c3d6350b3e5ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /edd3f584431195a64a2c615d7550e6a9/161855?version_name=d HTTP/1.1
Host: 1202bb3601.29972123f3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Wed, 08 May 2024 02:25:07 GMT
x-proxy-cache: EXPIRED
access-control-allow-origin: *
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1IwLsNEPD7kBJCWo0N8rzdSsngBe2UryFndOBBg%2B2X%2BWIqYRDdiI1o8Mqxfv1on%2F%2BjEhxPJHbCYRpAZfzaBnq5OpR0VC2Okk59wAWG2DO51jCGyHYbgTZx%2Bs4eJGs8PapMyTtYBK67J2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f816ec7db517-OSL
alt-svc: h3=":443"; ma=86400

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

64.233.165.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
64.233.165.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:lr-g-zOkBhXc6bNkYMJtiPOswMDnPQ:ld34CIAq8JG8ezUZ; Expires=Fri, 08-May-2026 02:20:10 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 08 May 2024 02:20:10 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwewnBd3CHVY4FljwVlUifV6AY1i8blCVNSf9wdXnp1USPIbEdxV3XPuuZcegD0iZiQe8Jn2g
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-p9Da_5s1xYEM0lE59J2MCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pyknrhm5c.com/chicken.gif?z=2025683&pb=ee275597fdae6f8dc4785cf27148bf7e1715142007&psp=jXMdwXo5Scjr4CHvZ5ZlLYTU1HGofH9ppIUEo965kfCfAo4VVt-Ys0l1LptFEPln-fE2bz75O9xzS214ypw2H3coLVxQQafXLCfFOi4ZTaDECnZ8z3YjhCUSnZDXBnQzdq13hWtTbpsOg7mnthCSugeRRtXS2LoyogO8oP-k_fmly1W53tD84Yr3eaFcJeV9P0g5wgc_K2IWQPEIBs8uzQUpjirViCX2r-z8GxJVIM1KD5kUk6WS6kawQZDl9C6pgdaxDSnYFtQHQytLv3qBTTlN8ZBR-DgY__QjetKSyAxj1chAaX-z2BNjekMNRx1rQqTpk9K8zj3xtYI6fvc_-TPeCF1kyfbG0D-66s5JnsnB95ZzieKIO7o3gwHGHMn2PYjDuY3dO42YpfBBQnTK05NkaemfvZCEEfn2ws9riFBGfliN3DcMShaJ66OgeDZ4AoyY6uq_Cq-8yqW3vJGB46xRZhKOI-iWBJqd2jbICH_aL562DKBh90lIxKyFxS_ABZSb0Xg7T18H7xRojGgadUYujcbd0b_-t4IpuQt4Ih957okBXTAnerylhrsDriUuCIsszIqedD0X7_GeluY17gP_of4iwxovgmd66rrWOrFM7Lm6eW84C330DnWLY0RmPbB7gDXQ18Gj2aGo_h9on43uDvz4kyDQAv2BLvfQ9JIfI5OADy9Gnj3xMV2e6vE=&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7993702422673920&eclog=0&im=1&_=0.8953365739761693

212.117.190.201

200 OK

43 B

URL GET HTTP/2
pyknrhm5c.com/chicken.gif?z=2025683&pb=ee275597fdae6f8dc4785cf27148bf7e1715142007&psp=jXMdwXo5Scjr4CHvZ5ZlLYTU1HGofH9ppIUEo965kfCfAo4VVt-Ys0l1LptFEPln-fE2bz75O9xzS214ypw2H3coLVxQQafXLCfFOi4ZTaDECnZ8z3YjhCUSnZDXBnQzdq13hWtTbpsOg7mnthCSugeRRtXS2LoyogO8oP-k_fmly1W53tD84Yr3eaFcJeV9P0g5wgc_K2IWQPEIBs8uzQUpjirViCX2r-z8GxJVIM1KD5kUk6WS6kawQZDl9C6pgdaxDSnYFtQHQytLv3qBTTlN8ZBR-DgY__QjetKSyAxj1chAaX-z2BNjekMNRx1rQqTpk9K8zj3xtYI6fvc_-TPeCF1kyfbG0D-66s5JnsnB95ZzieKIO7o3gwHGHMn2PYjDuY3dO42YpfBBQnTK05NkaemfvZCEEfn2ws9riFBGfliN3DcMShaJ66OgeDZ4AoyY6uq_Cq-8yqW3vJGB46xRZhKOI-iWBJqd2jbICH_aL562DKBh90lIxKyFxS_ABZSb0Xg7T18H7xRojGgadUYujcbd0b_-t4IpuQt4Ih957okBXTAnerylhrsDriUuCIsszIqedD0X7_GeluY17gP_of4iwxovgmd66rrWOrFM7Lm6eW84C330DnWLY0RmPbB7gDXQ18Gj2aGo_h9on43uDvz4kyDQAv2BLvfQ9JIfI5OADy9Gnj3xMV2e6vE=&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7993702422673920&eclog=0&im=1&_=0.8953365739761693
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87
ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

GET /chicken.gif?z=2025683&pb=ee275597fdae6f8dc4785cf27148bf7e1715142007&psp=jXMdwXo5Scjr4CHvZ5ZlLYTU1HGofH9ppIUEo965kfCfAo4VVt-Ys0l1LptFEPln-fE2bz75O9xzS214ypw2H3coLVxQQafXLCfFOi4ZTaDECnZ8z3YjhCUSnZDXBnQzdq13hWtTbpsOg7mnthCSugeRRtXS2LoyogO8oP-k_fmly1W53tD84Yr3eaFcJeV9P0g5wgc_K2IWQPEIBs8uzQUpjirViCX2r-z8GxJVIM1KD5kUk6WS6kawQZDl9C6pgdaxDSnYFtQHQytLv3qBTTlN8ZBR-DgY__QjetKSyAxj1chAaX-z2BNjekMNRx1rQqTpk9K8zj3xtYI6fvc_-TPeCF1kyfbG0D-66s5JnsnB95ZzieKIO7o3gwHGHMn2PYjDuY3dO42YpfBBQnTK05NkaemfvZCEEfn2ws9riFBGfliN3DcMShaJ66OgeDZ4AoyY6uq_Cq-8yqW3vJGB46xRZhKOI-iWBJqd2jbICH_aL562DKBh90lIxKyFxS_ABZSb0Xg7T18H7xRojGgadUYujcbd0b_-t4IpuQt4Ih957okBXTAnerylhrsDriUuCIsszIqedD0X7_GeluY17gP_of4iwxovgmd66rrWOrFM7Lm6eW84C330DnWLY0RmPbB7gDXQ18Gj2aGo_h9on43uDvz4kyDQAv2BLvfQ9JIfI5OADy9Gnj3xMV2e6vE=&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7993702422673920&eclog=0&im=1&_=0.8953365739761693 HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: UID=24050721206e057c73ba064a7f800363da70; CHCK=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:13 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

cdn.fluidplayer.com/v3/current/6aef4fee473c54e96ff8.svg

185.76.9.24

200 OK

19 kB

URL GET HTTP/2
cdn.fluidplayer.com/v3/current/6aef4fee473c54e96ff8.svg
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectfluidplayer.com
Fingerprint46:64:4F:F1:3B:B5:54:D2:21:6F:9B:66:05:DF:D9:AC:7D:3C:8E:D0
ValidityMon, 06 May 2024 08:37:10 GMT - Sun, 04 Aug 2024 08:37:09 GMT

File type
SVG Scalable Vector Graphics image
Size
19 kB (18560 bytes)
Hash
805524b1fa0e091076d7afbf68e31133
ab696de0e85a7ce728cbe9b4131f5f4d528fb788
ad0276c58ec6a9875a2e1d39d972950763aac2e8f6262638d5868402ae2466fd

HTTP Headers

GET /v3/current/6aef4fee473c54e96ff8.svg HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 13:23:12 GMT
etag: W/"65fc34c0-4880"
expires: Fri, 22 Mar 2024 21:45:09 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3QkAAAAwBuUwKDAH3AAAAAAwBisclxAGzgVEBAA
x-77-nzt-ray: af585630ef0168a356e13a6653aedd36
x-accel-expires: @1715204756
x-accel-date: 1715118356
x-77-cache: HIT
x-77-age: 16450
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 16450
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

js.mbidpp.com/popunder-admanager/build.m.js

45.133.44.53

200 OK

101 kB

URL GET HTTP/2
js.mbidpp.com/popunder-admanager/build.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectjs.mbidpp.com
Fingerprint5B:B3:95:84:D0:2B:0C:9A:68:98:53:B0:A4:A5:68:88:B2:A5:5F:82
ValidityThu, 18 Apr 2024 03:01:11 GMT - Wed, 17 Jul 2024 03:01:10 GMT

File type

Size
101 kB (100855 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /popunder-admanager/build.m.js HTTP/1.1
Host: js.mbidpp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 06 May 2024 08:27:28 GMT
etag: W/"66389470-189f7"
content-encoding: gzip
expires: Wed, 08 May 2024 02:25:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

storage.multstorage.com/log/count.html

172.67.174.51

200 OK

882 B

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
172.67.174.51:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT

File type
HTML document, ASCII text, with very long lines (919), with no line terminators
Size
882 B (882 bytes)
Hash
053b1fe641da8057571d40ebaf1624ab
09b2648b7d08c84621298f0b939cea5170a65022
6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:09 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 23ceed896d3a90a5433f88d904b5c539
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BaF7pjXT8s35%2FZtV8%2FmouT8pVPo08KB5dWnutRgB6R8WkNEQWCvalekJOly5n8RBr8CcIF%2BdlT1DDRgoNjdWq4LkSpZnORsVtYAplvxHmlo%2FS3g9Gb3Q%2F56aZ%2FqdW1qGOlh4f3jKF%2F9fyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f80edff0b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i1hFCM8Gb0f6U65v9371r4kw%2FYfvNGzj4KukV4sEfmb7BMtPvhvB0bx7aU270VqLwBk7ShenQUWlk3o0WqO6H2PTtDQ4JWjzqo%2FjvyQbHZsmXIkQ1vB%2FOpnruu1PY6wDPZgQrw7a1wvlIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8144b46b517-OSL
alt-svc: h3=":443"; ma=86400

www.amdahost.com/includes/update_visits.php

172.67.183.69

200 OK

0 B

URL POST HTTP/3
www.amdahost.com/includes/update_visits.php
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /includes/update_visits.php HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 54
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af; cf_clearance=g._3Nz0ByrvIXGGQDoqna3wNVaM1lzm0sSWV8Si4zIs-1715134807-1.0.1.1-Qbv4ddqzDoxpEWZ6k5247t0bu73axx1cn33w49S_kdtJza8CNMLnWi5u0ICYA2ow4o99RZvNdGmH09C.lEEWyw; prefetchAd_7446033=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 02:20:28 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OhBJ9Wwo5LXU%2BLS0R8gQx9IxQ%2BIy4vAmMnLU026Fgqujltr92FCyy%2BjXYL5GG4QcTlvsUS0XxZ4ss1NcBJdxm6IxXVZ8R3epYzNssjE1YLJNyBNomZH4XQYDJ0pZCWuiiH5m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8822c5b56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mpougdusr.com/get/2020090?zoneid=2020090&jp=_clbizx9zsydclu63bx3o8i&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5178952655559168&eclog=0&im=1&freq=0&uf=0

212.117.190.201

200 OK

11 kB

URL GET HTTP/2
mpougdusr.com/get/2020090?zoneid=2020090&jp=_clbizx9zsydclu63bx3o8i&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5178952655559168&eclog=0&im=1&freq=0&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66
ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
ASCII text, with very long lines (10579), with no line terminators
Size
11 kB (10579 bytes)
Hash
0624ac5904b6f0d6a5111265ecac0cf8
3bbbb257402f183573b6d9388c13b9909ede549b
0c9543c3c078ddaa643fae780d0379f1ec9db1585387ada4006d01785c04680a

HTTP Headers

GET /get/2020090?zoneid=2020090&jp=_clbizx9zsydclu63bx3o8i&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5178952655559168&eclog=0&im=1&freq=0&uf=0 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:07 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Wed, 11 Jun 2025 02:20:07 GMT; Secure; SameSite=None
UID=2405072120d964e35ea4144f41a4777ab073; Path=/; Expires=Wed, 11 Jun 2025 02:20:07 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BRIvYyAcyRxFS4wPo8oVrgSiXZM2ihmZBIe4e4Xe5hZGDQmQDbla0UHQd7Wl%2FjNw%2FWQqcxBvb7uSMQr902XUl5ptQXnQMLIdniD4RQ%2FxIy%2B%2B7Qhn6mDKDxWi0Eu3Hn7XePvoPuG5z4md7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8140b2bb517-OSL
alt-svc: h3=":443"; ma=86400

1e7942d985.fff2788093.com/in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&refdom=www.amdahost.com&auction_time=1715134814&subid=1511354673&sid=2590395888&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-08&iabcat=IAB25-3&keywords=adult&user_fp=9474243627012240951&score=67.93361311907826&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DAapwQd-p1gK_ms-3jYuzcXBWd6azQ-_EVzhW-LA9qOfWFVrxPPW7AYN-lVY4Fo4zworvs0r73jKzZY_hoA3pBl24dtHg1cW-PTfZSYpfcQV6xCvP7I8MnbQ9ghxC3frrA4k0rgYVfUz-FTAH-ZTtWobj-bKH_90wDcbUJ1ktN5ohr6USLhGE9EhsiEXQSfDdxSfEDfqUQ7t2W4ad3DkgbeTY9CUZBC70UQCyE4av3V-roKBqNx9Ib55G77Z_eIon__yqDc5UCXPLtMfkTASQcjOcZL4Qn0YODWwuTt05Wv26cIv-_28wnjIAtdP23ACTbFZarTC3kvxBfqiOreLr-o-rxmmjsgi7PVq4abqybl0l6iUoroCwyGo3G4Eo9y0sAd4DH2XmKT0YMBCyO9mgoeh7PHV6EWAHLPZM5fdqoRCOQJ9Sp_TuszUNlOhmVFDnRn8WQhT4IPhuPIBy2i6AAgfLh1dXYCLGOq21GPKBct0y8rqQrdPDOQ_QBWwQTpV_HHjR0WpWjldd5nQkKdvC0cT-wA9cSB7J9lCeJnzs-n1OnqOZtVbgKPbxBCul6-llEYUtAnVO2ryvQGUWENK46TPW4CzSzXLhjFTokwrQf9jNp0ONT5m8StVFbJLUqM5TP-uNOQrXC_GPTrFNrrzFITnE-K6AklN6xWZep5YholNzi2B_zn63F2s0j1jlDNIUgb6yrKe99kAAP3uxDJD2fTT6tHceYhvoInFNtEgN0YCpNpxpOhA_tVjmY3R9b3E837ksFW_RHHhLtUu9ZZRNu-srutfnlT4PefHrrpLM96d1CG2JHAO7fp1H2XcdBlnDk0620rkdsbENx-83a5Yxtfl-Jj2Bc0dNlWnDGvwdSWxroJbNYJDCRnk1EhJc2862ierCAbTzs1bxxsAXVG2egfPBnL0niS9X9TM-eiS8Fmuo_ol82Us2KeO3xRqEiRB3Sv458lBkxfivujicN6okVwoBInhKqFtKadeBvdzMONU3bLQSPjFs8zY73THvhM9C0M80dotY5m46J5LasFqwHgVMUaGKHw1o23wELj9tOf6YRR9BHJHsebKhLdz95RzVuCPzhrL0x_L4UujcHlHLCRBv9Zckcn6HYWuf4RLVRA8qbFUtsfAvhlUpCuD85CJY6CLbfnrth5ck_2cAUgMeX0_kooqo5tYjK7EhpjdNCAuCdE4u7MmUlrNtAL9pcOkE8HOxMv9cK50jBQJZwWfCDWEPvmCNq6yU4NI1Q8Se-6pAQEyyFJz8MauyrhQVS_gyEz6NXy1JVvb8CP9_gpCA7eX06t_zk-c0NREv2BPwmIMfa8ww2A%26bid%3D0.004899363770037027&icons=CwbEgDVPcTlKG1aJrlyw3-yGColhVRC1pC-pGGXmaPNuIecdmX55BJY6N2P97Jn94wl5peofTACA9Tud7Dj7DHLr1ZCORka2JO-BPxNhesUTyxBkZeqMbAf75Q_VAFJH5Qx75Dumit2cb4BMODACjTjkC6YAA9j6FXtIp70WUhex0mnItwsBNzfPuNYcOvsoiR6jlNBsp2L9mqS5Y2q3dcHhb15tj6LGLhRYNlRSCY7lS8Sngw2tqcqL5ywdFi46kF1v5JGFqrPqeVYr1Z5SBQLMM7bFL4vz0ZMEQpbsafRJ2A7bzxer1dVn47SMziIOz9DvQGTXvte7-ygO9BwFBFfHdighistgBfX2PsSDndA1OzGJqtyxOxTA0MehTEqlmmgPrPWUoL-ie87_wfW8d8HzF6NyG36sIM__MMa39Sf5v90XuWhd1XztGraUuj-VC7RASgmBwO3-nsrhsotLN5nsq9UvezdHCCjqHq30AWNhUQ2vRuNHIc5D5hVtEFR5co_-Pg4uWhXRUnc7Hxk8WvqB16-ruEaQcKzchDHSrbpYNNkcNUWuA26-RocCMolruipldlPOiP_r0LAvxuPxXYMgjaqxVvSKspIQfpI4pQqVw1WhcMzsRGQ00qJ2Bc_XIpLnG7QW9ha1DmY7sRsIgVGJpM5nMGn6UgqcOFrPiuxGOiHX0Tk-EeUpBDk-Go896Asl3eYI46ehZ-NCTGRW_gnJf5xPB_Biy8keZnjJqoRjhc-BkkRvfNwTM4SMV_OXCXIM7__SXWrBrUeb5WBvm_uhhgIeqkdulH6ec4XY9CK83kVuG4M4UQa13-e4sGm8pex-8C6j-TufSN0mddxw0_JKX6KeaVui9BwnhvjIw1GSu7lZ6UOT4mELC0gHCLON9Ymy5yV0qSVxiXyrDMNxmZ-LmMfxlZyzoy4S9aUIxzBfTyo5zHPoBYH5mEj1CX7Xh8kcECYpKsjdnq7kV6893CrAhlHhb-BAMMGUcyE6qcyhdLgrocT-M0VMEtKwOf4zW21Y6bL9U_GRVRVlXIfCSRFaJATbxaAKmTQpmFFLA8zto8iCYcn83CME3US9eo6pD_eUk5Kj3oaVTVE2zIHk2en-9FpWo4ZShYBd4MTNza_eZWP-Tk8xjEaI6kauD-mBMbIule-X4vBRcblHOl9yVLDwr4SxVZAujd1sy19EVfOZl9bYesnboYF3prhFfAU2J-SFiai_7bS1S5jaZB4twvcPHZkHFnzj7bm2_-I-dYrHELCPoDgB37ofNhU06qdeJUiqE7zA-gmVuxyi743b8yjxTiKOfzmMVSmfgPr5NdbTC-yFaBwkRHk&ext_cid=224906&px_id=73529500&min_cpm=0.0034945246943458496&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=2839302747906711941&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03162566010952003&cpm=0.004899363770037027&verify_hash=329bf3d927dfb26f4ed33a77340da37f&is_native=1&real_bid=0.004857229258435351&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=33,98,130,4,90,5&need_redirect_show=0&applied_features=coef_090,main-skins-settings&show_count=2&expiration_timestamp=1715307614&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.13&cpa=63bfd966-a705-4e4a-9d3c-1e332c446081&prev_step_diff=693

157.90.84.246

200 OK

0 B

URL GET HTTP/2
1e7942d985.fff2788093.com/in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&refdom=www.amdahost.com&auction_time=1715134814&subid=1511354673&sid=2590395888&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-08&iabcat=IAB25-3&keywords=adult&user_fp=9474243627012240951&score=67.93361311907826&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DAapwQd-p1gK_ms-3jYuzcXBWd6azQ-_EVzhW-LA9qOfWFVrxPPW7AYN-lVY4Fo4zworvs0r73jKzZY_hoA3pBl24dtHg1cW-PTfZSYpfcQV6xCvP7I8MnbQ9ghxC3frrA4k0rgYVfUz-FTAH-ZTtWobj-bKH_90wDcbUJ1ktN5ohr6USLhGE9EhsiEXQSfDdxSfEDfqUQ7t2W4ad3DkgbeTY9CUZBC70UQCyE4av3V-roKBqNx9Ib55G77Z_eIon__yqDc5UCXPLtMfkTASQcjOcZL4Qn0YODWwuTt05Wv26cIv-_28wnjIAtdP23ACTbFZarTC3kvxBfqiOreLr-o-rxmmjsgi7PVq4abqybl0l6iUoroCwyGo3G4Eo9y0sAd4DH2XmKT0YMBCyO9mgoeh7PHV6EWAHLPZM5fdqoRCOQJ9Sp_TuszUNlOhmVFDnRn8WQhT4IPhuPIBy2i6AAgfLh1dXYCLGOq21GPKBct0y8rqQrdPDOQ_QBWwQTpV_HHjR0WpWjldd5nQkKdvC0cT-wA9cSB7J9lCeJnzs-n1OnqOZtVbgKPbxBCul6-llEYUtAnVO2ryvQGUWENK46TPW4CzSzXLhjFTokwrQf9jNp0ONT5m8StVFbJLUqM5TP-uNOQrXC_GPTrFNrrzFITnE-K6AklN6xWZep5YholNzi2B_zn63F2s0j1jlDNIUgb6yrKe99kAAP3uxDJD2fTT6tHceYhvoInFNtEgN0YCpNpxpOhA_tVjmY3R9b3E837ksFW_RHHhLtUu9ZZRNu-srutfnlT4PefHrrpLM96d1CG2JHAO7fp1H2XcdBlnDk0620rkdsbENx-83a5Yxtfl-Jj2Bc0dNlWnDGvwdSWxroJbNYJDCRnk1EhJc2862ierCAbTzs1bxxsAXVG2egfPBnL0niS9X9TM-eiS8Fmuo_ol82Us2KeO3xRqEiRB3Sv458lBkxfivujicN6okVwoBInhKqFtKadeBvdzMONU3bLQSPjFs8zY73THvhM9C0M80dotY5m46J5LasFqwHgVMUaGKHw1o23wELj9tOf6YRR9BHJHsebKhLdz95RzVuCPzhrL0x_L4UujcHlHLCRBv9Zckcn6HYWuf4RLVRA8qbFUtsfAvhlUpCuD85CJY6CLbfnrth5ck_2cAUgMeX0_kooqo5tYjK7EhpjdNCAuCdE4u7MmUlrNtAL9pcOkE8HOxMv9cK50jBQJZwWfCDWEPvmCNq6yU4NI1Q8Se-6pAQEyyFJz8MauyrhQVS_gyEz6NXy1JVvb8CP9_gpCA7eX06t_zk-c0NREv2BPwmIMfa8ww2A%26bid%3D0.004899363770037027&icons=CwbEgDVPcTlKG1aJrlyw3-yGColhVRC1pC-pGGXmaPNuIecdmX55BJY6N2P97Jn94wl5peofTACA9Tud7Dj7DHLr1ZCORka2JO-BPxNhesUTyxBkZeqMbAf75Q_VAFJH5Qx75Dumit2cb4BMODACjTjkC6YAA9j6FXtIp70WUhex0mnItwsBNzfPuNYcOvsoiR6jlNBsp2L9mqS5Y2q3dcHhb15tj6LGLhRYNlRSCY7lS8Sngw2tqcqL5ywdFi46kF1v5JGFqrPqeVYr1Z5SBQLMM7bFL4vz0ZMEQpbsafRJ2A7bzxer1dVn47SMziIOz9DvQGTXvte7-ygO9BwFBFfHdighistgBfX2PsSDndA1OzGJqtyxOxTA0MehTEqlmmgPrPWUoL-ie87_wfW8d8HzF6NyG36sIM__MMa39Sf5v90XuWhd1XztGraUuj-VC7RASgmBwO3-nsrhsotLN5nsq9UvezdHCCjqHq30AWNhUQ2vRuNHIc5D5hVtEFR5co_-Pg4uWhXRUnc7Hxk8WvqB16-ruEaQcKzchDHSrbpYNNkcNUWuA26-RocCMolruipldlPOiP_r0LAvxuPxXYMgjaqxVvSKspIQfpI4pQqVw1WhcMzsRGQ00qJ2Bc_XIpLnG7QW9ha1DmY7sRsIgVGJpM5nMGn6UgqcOFrPiuxGOiHX0Tk-EeUpBDk-Go896Asl3eYI46ehZ-NCTGRW_gnJf5xPB_Biy8keZnjJqoRjhc-BkkRvfNwTM4SMV_OXCXIM7__SXWrBrUeb5WBvm_uhhgIeqkdulH6ec4XY9CK83kVuG4M4UQa13-e4sGm8pex-8C6j-TufSN0mddxw0_JKX6KeaVui9BwnhvjIw1GSu7lZ6UOT4mELC0gHCLON9Ymy5yV0qSVxiXyrDMNxmZ-LmMfxlZyzoy4S9aUIxzBfTyo5zHPoBYH5mEj1CX7Xh8kcECYpKsjdnq7kV6893CrAhlHhb-BAMMGUcyE6qcyhdLgrocT-M0VMEtKwOf4zW21Y6bL9U_GRVRVlXIfCSRFaJATbxaAKmTQpmFFLA8zto8iCYcn83CME3US9eo6pD_eUk5Kj3oaVTVE2zIHk2en-9FpWo4ZShYBd4MTNza_eZWP-Tk8xjEaI6kauD-mBMbIule-X4vBRcblHOl9yVLDwr4SxVZAujd1sy19EVfOZl9bYesnboYF3prhFfAU2J-SFiai_7bS1S5jaZB4twvcPHZkHFnzj7bm2_-I-dYrHELCPoDgB37ofNhU06qdeJUiqE7zA-gmVuxyi743b8yjxTiKOfzmMVSmfgPr5NdbTC-yFaBwkRHk&ext_cid=224906&px_id=73529500&min_cpm=0.0034945246943458496&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=2839302747906711941&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03162566010952003&cpm=0.004899363770037027&verify_hash=329bf3d927dfb26f4ed33a77340da37f&is_native=1&real_bid=0.004857229258435351&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=33,98,130,4,90,5&need_redirect_show=0&applied_features=coef_090,main-skins-settings&show_count=2&expiration_timestamp=1715307614&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.13&cpa=63bfd966-a705-4e4a-9d3c-1e332c446081&prev_step_diff=693
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectfff2788093.com
Fingerprint81:F0:97:8F:8A:B3:D7:C6:23:C1:FC:F8:5A:A0:2A:EB:73:8A:C7:10
ValidityMon, 06 May 2024 12:38:51 GMT - Sun, 04 Aug 2024 12:38:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3Dc7c3a08a8a&refdom=www.amdahost.com&auction_time=1715134814&subid=1511354673&sid=2590395888&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-08&iabcat=IAB25-3&keywords=adult&user_fp=9474243627012240951&score=67.93361311907826&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253Dc7c3a08a8a%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DAapwQd-p1gK_ms-3jYuzcXBWd6azQ-_EVzhW-LA9qOfWFVrxPPW7AYN-lVY4Fo4zworvs0r73jKzZY_hoA3pBl24dtHg1cW-PTfZSYpfcQV6xCvP7I8MnbQ9ghxC3frrA4k0rgYVfUz-FTAH-ZTtWobj-bKH_90wDcbUJ1ktN5ohr6USLhGE9EhsiEXQSfDdxSfEDfqUQ7t2W4ad3DkgbeTY9CUZBC70UQCyE4av3V-roKBqNx9Ib55G77Z_eIon__yqDc5UCXPLtMfkTASQcjOcZL4Qn0YODWwuTt05Wv26cIv-_28wnjIAtdP23ACTbFZarTC3kvxBfqiOreLr-o-rxmmjsgi7PVq4abqybl0l6iUoroCwyGo3G4Eo9y0sAd4DH2XmKT0YMBCyO9mgoeh7PHV6EWAHLPZM5fdqoRCOQJ9Sp_TuszUNlOhmVFDnRn8WQhT4IPhuPIBy2i6AAgfLh1dXYCLGOq21GPKBct0y8rqQrdPDOQ_QBWwQTpV_HHjR0WpWjldd5nQkKdvC0cT-wA9cSB7J9lCeJnzs-n1OnqOZtVbgKPbxBCul6-llEYUtAnVO2ryvQGUWENK46TPW4CzSzXLhjFTokwrQf9jNp0ONT5m8StVFbJLUqM5TP-uNOQrXC_GPTrFNrrzFITnE-K6AklN6xWZep5YholNzi2B_zn63F2s0j1jlDNIUgb6yrKe99kAAP3uxDJD2fTT6tHceYhvoInFNtEgN0YCpNpxpOhA_tVjmY3R9b3E837ksFW_RHHhLtUu9ZZRNu-srutfnlT4PefHrrpLM96d1CG2JHAO7fp1H2XcdBlnDk0620rkdsbENx-83a5Yxtfl-Jj2Bc0dNlWnDGvwdSWxroJbNYJDCRnk1EhJc2862ierCAbTzs1bxxsAXVG2egfPBnL0niS9X9TM-eiS8Fmuo_ol82Us2KeO3xRqEiRB3Sv458lBkxfivujicN6okVwoBInhKqFtKadeBvdzMONU3bLQSPjFs8zY73THvhM9C0M80dotY5m46J5LasFqwHgVMUaGKHw1o23wELj9tOf6YRR9BHJHsebKhLdz95RzVuCPzhrL0x_L4UujcHlHLCRBv9Zckcn6HYWuf4RLVRA8qbFUtsfAvhlUpCuD85CJY6CLbfnrth5ck_2cAUgMeX0_kooqo5tYjK7EhpjdNCAuCdE4u7MmUlrNtAL9pcOkE8HOxMv9cK50jBQJZwWfCDWEPvmCNq6yU4NI1Q8Se-6pAQEyyFJz8MauyrhQVS_gyEz6NXy1JVvb8CP9_gpCA7eX06t_zk-c0NREv2BPwmIMfa8ww2A%26bid%3D0.004899363770037027&icons=CwbEgDVPcTlKG1aJrlyw3-yGColhVRC1pC-pGGXmaPNuIecdmX55BJY6N2P97Jn94wl5peofTACA9Tud7Dj7DHLr1ZCORka2JO-BPxNhesUTyxBkZeqMbAf75Q_VAFJH5Qx75Dumit2cb4BMODACjTjkC6YAA9j6FXtIp70WUhex0mnItwsBNzfPuNYcOvsoiR6jlNBsp2L9mqS5Y2q3dcHhb15tj6LGLhRYNlRSCY7lS8Sngw2tqcqL5ywdFi46kF1v5JGFqrPqeVYr1Z5SBQLMM7bFL4vz0ZMEQpbsafRJ2A7bzxer1dVn47SMziIOz9DvQGTXvte7-ygO9BwFBFfHdighistgBfX2PsSDndA1OzGJqtyxOxTA0MehTEqlmmgPrPWUoL-ie87_wfW8d8HzF6NyG36sIM__MMa39Sf5v90XuWhd1XztGraUuj-VC7RASgmBwO3-nsrhsotLN5nsq9UvezdHCCjqHq30AWNhUQ2vRuNHIc5D5hVtEFR5co_-Pg4uWhXRUnc7Hxk8WvqB16-ruEaQcKzchDHSrbpYNNkcNUWuA26-RocCMolruipldlPOiP_r0LAvxuPxXYMgjaqxVvSKspIQfpI4pQqVw1WhcMzsRGQ00qJ2Bc_XIpLnG7QW9ha1DmY7sRsIgVGJpM5nMGn6UgqcOFrPiuxGOiHX0Tk-EeUpBDk-Go896Asl3eYI46ehZ-NCTGRW_gnJf5xPB_Biy8keZnjJqoRjhc-BkkRvfNwTM4SMV_OXCXIM7__SXWrBrUeb5WBvm_uhhgIeqkdulH6ec4XY9CK83kVuG4M4UQa13-e4sGm8pex-8C6j-TufSN0mddxw0_JKX6KeaVui9BwnhvjIw1GSu7lZ6UOT4mELC0gHCLON9Ymy5yV0qSVxiXyrDMNxmZ-LmMfxlZyzoy4S9aUIxzBfTyo5zHPoBYH5mEj1CX7Xh8kcECYpKsjdnq7kV6893CrAhlHhb-BAMMGUcyE6qcyhdLgrocT-M0VMEtKwOf4zW21Y6bL9U_GRVRVlXIfCSRFaJATbxaAKmTQpmFFLA8zto8iCYcn83CME3US9eo6pD_eUk5Kj3oaVTVE2zIHk2en-9FpWo4ZShYBd4MTNza_eZWP-Tk8xjEaI6kauD-mBMbIule-X4vBRcblHOl9yVLDwr4SxVZAujd1sy19EVfOZl9bYesnboYF3prhFfAU2J-SFiai_7bS1S5jaZB4twvcPHZkHFnzj7bm2_-I-dYrHELCPoDgB37ofNhU06qdeJUiqE7zA-gmVuxyi743b8yjxTiKOfzmMVSmfgPr5NdbTC-yFaBwkRHk&ext_cid=224906&px_id=73529500&min_cpm=0.0034945246943458496&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=2839302747906711941&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03162566010952003&cpm=0.004899363770037027&verify_hash=329bf3d927dfb26f4ed33a77340da37f&is_native=1&real_bid=0.004857229258435351&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=33,98,130,4,90,5&need_redirect_show=0&applied_features=coef_090,main-skins-settings&show_count=2&expiration_timestamp=1715307614&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.13&cpa=63bfd966-a705-4e4a-9d3c-1e332c446081&prev_step_diff=693 HTTP/1.1
Host: 1e7942d985.fff2788093.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 08 May 2024 02:20:15 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

js.mbidadm.com/static/scripts.js

45.133.44.52

200 OK

1.7 kB

URL GET HTTP/2
js.mbidadm.com/static/scripts.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectjs.mbidadm.com
FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80
ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT

File type
JavaScript source, ASCII text, with very long lines (1884), with no line terminators
Size
1.7 kB (1732 bytes)
Hash
920f349834adf2faa94a7c6047814e52
34557304112fe9d61f23b8f89ceead6db43b98d4
2ddd6ffb00a0971092562d2c424678425e8496d315e38967a4ca2e26fdcfeafc

HTTP Headers

GET /static/scripts.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:06 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 07 May 2024 12:02:54 GMT
etag: W/"663a186e-6c4"
content-encoding: gzip
expires: Wed, 08 May 2024 02:25:06 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Lobster&display=swap

142.250.74.106

200 OK

1.8 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Lobster&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1825), with no line terminators
Size
1.8 kB (1780 bytes)
Hash
785af4cad14c8087afd0b4ca069742ba
b81dc83d9ec505a925e3da6bac340491a13460af
dc804cd560b63c44aea3659ce684d8b21a4ccbe7180f953716be1e3e1c4f5274

HTTP Headers

GET /css2?family=Lobster&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 02:20:06 GMT
date: Wed, 08 May 2024 02:20:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.mbidadm.com/static/scripts.m.js

45.133.44.52

200 OK

109 kB

URL GET HTTP/2
js.mbidadm.com/static/scripts.m.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectjs.mbidadm.com
FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80
ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT

File type

Size
109 kB (109409 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/scripts.m.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:20:07 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 07 May 2024 12:02:58 GMT
etag: W/"663a1872-1ab61"
content-encoding: gzip
expires: Wed, 08 May 2024 02:25:07 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Bungee+Spice&display=swap

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bungee+Spice&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1310), with no line terminators
Size
1.3 kB (1280 bytes)
Hash
6ed7e36a675f79912a60041296e6712c
90726391e4efdc836774a463094dbce3f980c761
59214048cf850c5c635c4bd6669db6222a200dd806e8ec2b2e8f504fa0b9393d

HTTP Headers

GET /css2?family=Bungee+Spice&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 02:20:06 GMT
date: Wed, 08 May 2024 02:20:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pyknrhm5c.com/get/2025683?p=2025683&jp=_cla2x3x88hiogb2imt3yh9&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7993702422673920&eclog=0&im=1&freq=0&uf=0

212.117.190.201

200 OK

12 kB

URL GET HTTP/2
pyknrhm5c.com/get/2025683?p=2025683&jp=_cla2x3x88hiogb2imt3yh9&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7993702422673920&eclog=0&im=1&freq=0&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87
ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT

File type
ASCII text, with very long lines (11569), with no line terminators
Size
12 kB (11569 bytes)
Hash
faf459db84d09eae33822db0db75d5f5
11679d7fb85e5e76b17c3e5e028607dab2311019
14661a86a03bb9ead278daf4ef17a1c06b9f38c7aad5b46ee10a89a26fd13c43

HTTP Headers

GET /get/2025683?p=2025683&jp=_cla2x3x88hiogb2imt3yh9&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7993702422673920&eclog=0&im=1&freq=0&uf=0 HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:07 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=24050721206e057c73ba064a7f800363da70; Path=/; Expires=Wed, 11 Jun 2025 02:20:07 GMT; Secure; SameSite=None
CHCK=1; Path=/; Expires=Wed, 11 Jun 2025 02:20:07 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZZyjBHF%2F7tcstutTIjdlMRUZzXplVFKKL7YSn6MQdqOtMaEHt2jwd4gR9xyU5x54saBSVnrUZ%2FyPN8O6SpdyTHTTfG%2BtzX5hUVXXIGM%2FhSnIjSxrFsyRgBNp7d%2FV9G6T3Rn3%2FRi49pwyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f8172c97b517-OSL
alt-svc: h3=":443"; ma=86400

pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js

212.117.190.201

200 OK

91 kB

URL GET HTTP/2
pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87
ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65107)
Size
91 kB (91237 bytes)
Hash
e0411427d3a21e45aeedb135ad163c3b
fa7604ba1e0c74bb7f8ffb0d229ec10677872813
30e20e87ce0312c597365ca972e0e0bc4470a1ac11b6f6c026d5aa342d6576cd

HTTP Headers

GET /q/tdl/95/dnt/2025683/kep.js HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:20:06 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-164ab"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=008056add9ec4edee58be14e040dc716

0.0.0.0

0 B

URL GET
my.rtmark.net/gid.js?userId=008056add9ec4edee58be14e040dc716
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gid.js?userId=008056add9ec4edee58be14e040dc716 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

0 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Wed, 08 May 2024 02:20:10 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mhR1wWVf1KRCYt8kvVJMQ9bWKIRkQnM0HV8GXskcydlCxYG603F6jYD0H%2BcmaQs1aNpF4yk0tuA0vP8ULZGmR5zvlpGDQ56AkLd9SoKoGFFKQnqQcJjBcIhix7G5Rbl8QmO3fEWevo2TMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f817bcc4b517-OSL
alt-svc: h3=":443"; ma=86400

cdn.tailwindcss.com/

104.22.20.144

302 Found

366 kB

URL GET HTTP/2
cdn.tailwindcss.com/
IP
104.22.20.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type

Size
366 kB (365681 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 08 May 2024 02:20:05 GMT
cache-control: max-age=14400
location: /3.4.3
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::2hfjr-1715134083432-6a808a908027
cf-cache-status: HIT
age: 542
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805f7f8296ab4f4-OSL
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Karla&display=swap

142.250.74.106

200 OK

802 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Karla&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (820), with no line terminators
Size
802 B (802 bytes)
Hash
19b781ab6f09786f5d9e86ac26de083d
11ca72183489143542fafe4efb122b11f9b4c1d9
e17e04ca3c38fa955e6789b4818c7c24ffd3a99eae0830a01ca51ed8e968db8a

HTTP Headers

GET /css2?family=Karla&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 02:20:06 GMT
date: Wed, 08 May 2024 02:20:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.amdahost.com/css/root.css

172.67.183.69

200 OK

3.2 kB

URL GET HTTP/3
www.amdahost.com/css/root.css
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
ASCII text, with very long lines (3175), with no line terminators
Size
3.2 kB (3175 bytes)
Hash
b29e82a0b6fab49b186f1878409b49cf
632d7a94b851c7c879e29825bee06920d7b5cb99
5b7746d8aa2c0a8a908f6a5df646167afb319fc1d2a6ec08d275e195a275afdf

HTTP Headers

GET /css/root.css HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Cookie: PHPSESSID=5681521f537ec90e7451a2c5977494af
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 02:20:05 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=6128
cache-control: public, max-age=604800
etag: W/"17f0-65dd98cc-8c005d;br"
expires: Wed, 15 May 2024 01:35:49 GMT
last-modified: Tue, 27 Feb 2024 08:09:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 2656
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o3GMLAtbjkg6p0xFNL2Wv8z5ZlId5R25jhWw31ggwoNgtVCCaGxggHT1Sg1TGLGIzQ0tWicoMUdUu9Oe8EG%2BO%2FNJbXCyTvurNyHiYDXoyn71kQcmhb6TYqDC4kndtSSs3YT2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805f7f7ffb556cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Comic+Neue&display=swap

142.250.74.106

200 OK

420 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Comic+Neue&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=c7c3a08a8a
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (429), with no line terminators
Size
420 B (420 bytes)
Hash
75f97bdeb174d8b64c2078ceff6726a3
beb63d63eb0398c4e6f15b6f2ad83c9fd7ef272d
0dd00245b771e2aada55e76fe50ee64c186e9413f70b1fc54da284a2cab024c6

HTTP Headers

GET /css2?family=Comic+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 02:20:06 GMT
date: Wed, 08 May 2024 02:20:06 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML