Report - www.amdahost.com/watch_direct.php?id=820f3e3f67

Report Overview

Submitted URL
www.amdahost.com/watch_direct.php?id=820f3e3f67
IP
104.21.40.89
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-09 01:36:50
Access
public
Website Title
Video [m3zatka-MILF-obciaga-kutasa-kierowcy-mpk-polish-grupowa-20211011-part-1]
Final URL
www.amdahost.com/watch_direct.php?id=820f3e3f67
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
o.pki.goog	unknown	2016-06-13	2024-04-24	2024-05-07	650 B	1.4 kB	142.250.74.131
pyknrhm5c.com	unknown	unknown	No data	No data	2.8 kB	52 kB	212.117.190.201
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2024-05-07	1.6 kB	1.2 kB	157.90.84.242
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-07	1.7 kB	5.3 kB	173.194.222.84
www.amdahost.com	unknown	2024-03-17	2024-03-21	2024-04-18	8.4 kB	1.6 MB	104.21.40.89
e9b729472c.39268ea911.com	unknown	unknown	No data	No data	1.9 kB	193 kB	45.133.44.52
mbddip.com	unknown	2023-04-26	2023-07-14	2024-05-06	594 B	320 B	94.130.198.6
imdn.pics	unknown	2023-09-14	2023-09-14	2024-05-07	1.7 kB	28 kB	45.133.44.24
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-08	1.1 kB	29 kB	216.58.207.227
cdn.pncloudfl.com	13313	2021-04-20	2021-06-07	2024-05-07	948 B	93 kB	104.22.59.221
storage.mbidstorage.com	unknown	2024-02-27	2024-03-05	2024-04-27	1.6 kB	3.8 kB	104.21.65.172
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2024-05-07	526 B	1.9 kB	172.67.174.51
metricswpsh.com	unknown	2021-10-29	2021-11-02	2024-05-08	821 B	322 B	138.201.236.216
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-08	431 B	31 kB	216.58.211.10
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	3.5 kB	31 kB	142.250.74.106
js.capndr.com	316718	2021-08-30	2021-08-30	2024-05-07	403 B	374 B	45.133.44.53
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20	2024-05-08	429 B	789 B	142.250.74.98
mpougdusr.com	unknown	unknown	No data	No data	3.8 kB	167 kB	212.117.190.201
mcpuwpsh.com	unknown	2022-08-12	2022-08-12	2024-05-08	970 B	14 kB	94.130.197.240
zovidree.com	unknown	2024-02-23	2024-02-24	2024-04-22	400 B	91 kB	104.21.16.31
b57dqedu4.com	unknown	unknown	No data	No data	1.9 kB	112 kB	212.117.190.201
cdn.tailwindcss.com	422202	2017-07-20	2018-07-09	2024-05-07	797 B	443 kB	104.22.21.144
p.a64x.com	unknown	2023-07-27	2023-07-27	2024-05-06	3.0 kB	1.4 kB	172.67.185.171
e275260174.05ae41c3fc.com	unknown	unknown	No data	No data	831 B	322 B	45.133.44.53
js.mbidinp.com	unknown	2023-02-20	2023-04-25	2024-05-06	822 B	639 kB	45.133.44.53
js.mbidpp.com	unknown	2023-02-20	2023-04-22	2024-02-23	420 B	101 kB	45.133.44.53
js.mbidadm.com	unknown	2023-02-20	2023-02-21	2024-05-01	820 B	112 kB	45.133.44.53
32879.2481april2024.com	unknown	unknown	No data	No data	1.8 kB	9.5 kB	88.208.22.4
static.bookmsg.com	47495	2020-09-15	2020-11-24	2024-05-08	1.8 kB	3.0 kB	45.133.44.24
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-08	465 B	745 B	139.45.195.8
bid.mbidtg.com	unknown	2023-03-09	2023-03-09	2024-05-02	448 B	2.4 kB	45.133.44.25
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-05-08	498 B	20 kB	104.16.79.73
vjs.zencdn.net	4968	2011-12-27	2012-05-21	2024-05-08	423 B	13 kB	151.101.194.217
glakaits.net	unknown	2024-05-07	2024-05-08	2024-05-08	1.7 kB	6.6 kB	139.45.197.242
nereserv.com	40015	2020-12-21	2020-12-21	2024-05-07	2.8 kB	1.6 kB	94.130.198.6
mbdippex.com	unknown	2023-04-26	2023-06-06	2024-03-26	10 kB	9.8 kB	94.130.198.6
e859321004.6423f6c6c4.com	unknown	unknown	No data	No data	11 kB	10 kB	94.130.198.6
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-08	445 B	18 kB	151.101.193.229
cdn.fluidplayer.com	33284	2016-09-22	2017-08-29	2024-05-08	891 B	246 kB	185.76.9.18

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-09	medium	39268ea911.com	Sinkholed
2024-05-09	medium	39268ea911.com	Sinkholed
2024-05-09	medium	39268ea911.com	Sinkholed
2024-05-08	medium	glakaits.net	Sinkholed
2024-05-09	medium	39268ea911.com	Sinkholed
2024-05-08	medium	glakaits.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (28)

	URL	Size	First Seen	Last Seen
	js.mbidadm.com/static/scripts.m.js	109 kB	2024-05-09	2024-05-14
Pretty URL js.mbidadm.com/static/scripts.m.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:36:59 Last Seen2024-05-14 10:09:50 Times Seen9 Hash c2a3c75610c6c75209df9d78a3a647c0 97fdac036c2163169d1596b5071a9ecec36c2022 e3b4ef31b0952f0f0e09e614f157b9469789a1ba6db8e0fd806203c72f064137 Loading...

	www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-05-09	2024-05-09
Pretty URL www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:27:56 Last Seen2024-05-09 03:37:01 Times Seen4 Hash 8ef28710178eb40a0f27abe9f9154acc 32936d9e9f0618b2fca0c17e4c8d6b9a030f982e f756a38924482f7ca3b5bb935d0998704e568f3da03f701a5dda2e3677c67281 Loading...

	www.amdahost.com/watch_direct.php?id=820f3e3f67	1.1 kB	2024-05-05	2024-05-09
Pretty URL www.amdahost.com/watch_direct.php?id=820f3e3f67 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-05 18:31:32 Last Seen2024-05-09 15:53:32 Times Seen6 Hash 39c54041ee8117304161418adba6f7a4 97670dc581cbd864e84af58d8beafd09a4f729ba 5d66aabc8d6ea5f5356e43abe4be0e7d9cf5f6934373683ed6a9ba7106f0d2e2 Loading...

	www.amdahost.com/watch_direct.php?id=820f3e3f67	696 B	2024-05-09	2024-05-09
Pretty URL www.amdahost.com/watch_direct.php?id=820f3e3f67 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 03:36:59 Last Seen2024-05-09 03:36:59 Times Seen1 Hash 27606c3b854d9fc4b9bb0217f7ed16c7 f139f06969bcc71991279e176e7b0b412e09f419 249eedd513443ade356fc769701000edcab8bc065b44377b3843ed1d99729115 Loading...

	zovidree.com/tag.min.js	90 kB	2024-05-08	2024-05-09
Pretty URL zovidree.com/tag.min.js IP 104.21.16.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 21:20:09 Last Seen2024-05-09 07:49:38 Times Seen12 Hash 76c2a69970c22493395c731940cfe07c c009ced71ef13eccbca3583729ede2e58156894e 0cd441d1f29495f38b588ddb04e10283e04ea626e2c5b79783710998031576d6 Loading...

	js.mbidinp.com/npc/sdk/wpu/npush.m.js	169 kB	2024-04-25	2024-05-16
Pretty URL js.mbidinp.com/npc/sdk/wpu/npush.m.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:48:27 Last Seen2024-05-16 08:49:21 Times Seen1042 Hash e164f0fc509991890121aa763019689d 16f901a89a57f87c90d6cea80cff9f8bd32756dc fdd439b2c8d28676c5e03847afc19252a3d6d88a670ba48db4ac020866c6b6ec Loading...

	b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js	106 kB	2024-05-03	2024-05-09
Pretty URL b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:40:35 Last Seen2024-05-09 15:53:33 Times Seen34 Hash 5c1245ce45f7e0a8ff772bf695857a27 fad29ae9877616251044562b679427d9450199f7 9eee888953ac3827e3a1951d646e67fd6c34a47c7f4ff861c8b875218889513b Loading...

	www.amdahost.com/watch_direct.php?id=820f3e3f67	192 B	2024-05-07	2024-05-09
Pretty URL www.amdahost.com/watch_direct.php?id=820f3e3f67 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 06:09:42 Last Seen2024-05-09 03:42:21 Times Seen9 Hash 983cf614c8d893b18d7f62c5f5cf37eb 0dd65aae75b152bf5663aa6eaf2281fa35fbc918 b9fff563451906887c412e545903684bb80c61c369c8b11e5256f5fcbed91647 Loading...

	js.capndr.com/advertising.js	0 B	2023-03-07	2024-05-20
Pretty URL js.capndr.com/advertising.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 05:17:24 Times Seen37857147 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	e9b729472c.39268ea911.com/8d49d19b7765f1a8c2fc9471c8f12409.js	101 kB	2024-05-06	2024-05-16
Pretty URL e9b729472c.39268ea911.com/8d49d19b7765f1a8c2fc9471c8f12409.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-06 11:08:30 Last Seen2024-05-16 07:55:12 Times Seen535 Hash 0cbfae16446f6ff17f3f18758b41e37c fdcba827008b6f52caa67735b295f7fab6f26a04 4f5cece30fb18d801a39950fe09419aa3280c654a323e72733b3204ad11a7a33 Loading...

	32879.2481april2024.com/4/js/233169	17 kB	2024-05-09	2024-05-09
Pretty URL 32879.2481april2024.com/4/js/233169 IP 88.208.22.4 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:36:59 Last Seen2024-05-09 03:36:59 Times Seen2 Hash 117cb0e4d02af103e2dd27202470dc90 2528402ed8243c022eb36e49025c04f338c259dd 14cadb55928f7f165847c44eba0b7f92f7156ca65429b9cadb72fcb1e7e7efbb Loading...

	pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js	91 kB	2024-05-05	2024-05-09
Pretty URL pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 00:39:25 Last Seen2024-05-09 15:53:35 Times Seen26 Hash e0411427d3a21e45aeedb135ad163c3b fa7604ba1e0c74bb7f8ffb0d229ec10677872813 30e20e87ce0312c597365ca972e0e0bc4470a1ac11b6f6c026d5aa342d6576cd Loading...

	js.mbidadm.com/static/scripts.js	1.7 kB	2024-04-12	2024-05-20
Pretty URL js.mbidadm.com/static/scripts.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 00:52:21 Last Seen2024-05-20 03:42:28 Times Seen67 Hash 7e14d1597d1dd442175d8ee15cb07f07 de55b2463f332f2096d788047f8a7b07a776e437 cf31e107e8cb091c9477fe99de3a57a65486fe87becf0e8f469846949beff9f3 Loading...

	e9b729472c.39268ea911.com/34d6dd2e1c7f31ddf3a9042ff9eeb58b.js	109 kB	2024-05-08	2024-05-14
Pretty URL e9b729472c.39268ea911.com/34d6dd2e1c7f31ddf3a9042ff9eeb58b.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 14:11:42 Last Seen2024-05-14 14:15:38 Times Seen387 Hash 392da8c33f7fec0078e15e7cb7dec615 9a58299ea074848763f9b3e0d0b3ed82ed92614a e4dd634416e83566cd4235d596b6292bdcca640a6fb47da3b9330a3113e35c47 Loading...

	cdn.tailwindcss.com/	366 kB	2024-03-28	2024-05-20
Pretty URL cdn.tailwindcss.com/ IP 104.22.21.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 05:53:51 Last Seen2024-05-20 03:42:29 Times Seen515 Hash 4bdcdace639cc6c0f08a15c295482172 6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31 d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c Loading...

	www.amdahost.com/watch_direct.php?id=820f3e3f67	6.4 kB	2024-04-21	2024-05-09
Pretty URL www.amdahost.com/watch_direct.php?id=820f3e3f67 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-21 00:00:40 Last Seen2024-05-09 15:53:33 Times Seen38 Hash 729b602ae59da0a8a578c627f0c8e252 55588035e45b31ca4c5066d0155bd092a6fabcda b5ce04d261257f877cfa642ea13d645c29e8c474ef571d0f300c81900d226302 Loading...

	www.amdahost.com/watch_direct.php?id=820f3e3f67	1.1 kB	2024-05-09	2024-05-09
Pretty URL www.amdahost.com/watch_direct.php?id=820f3e3f67 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 03:36:59 Last Seen2024-05-09 03:36:59 Times Seen1 Hash bb77c3984f7da845895a03297a8315b2 1b94ff0eafc80aa4e4a2c3812cde0a465e023de3 359ad79c3e964c1b6a682852bc617cb7445692e0c76672e05e6c9fb905f8fac8 Loading...

	mpougdusr.com/bultykh/ipp24/7/bazinga/2020090	158 kB	2024-05-03	2024-05-09
Pretty URL mpougdusr.com/bultykh/ipp24/7/bazinga/2020090 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:40:35 Last Seen2024-05-09 15:53:33 Times Seen37 Hash c6ea5aedb4469e81f7d41b0eec41f409 7d7edc7b87462fb56c5e3c17c86bebad542d1d6f 72ad45cf0dd548c1f9611c35289dec90c22375b45bf1aa33d6a14ac7f896865b Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js	88 kB	2023-08-31	2024-05-20
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js IP 216.58.211.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 16:03:19 Last Seen2024-05-20 03:42:28 Times Seen9860 Hash 2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Loading...

	cdn.fluidplayer.com/v3/current/fluidplayer.min.js	233 kB	2024-04-06	2024-05-20
Pretty URL cdn.fluidplayer.com/v3/current/fluidplayer.min.js IP 185.76.9.18 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-06 22:07:12 Last Seen2024-05-20 03:42:27 Times Seen155 Hash 9829e8e730a9125e695789512d85177a e20a0d55ab1722ef3ad13741a2b8975413d43909 7c38ede4727de973827091514a83d24a039bda1d0d4cac219eb20571a2cc3698 Loading...

	b57dqedu4.com/get/2020088?zoneid=2020088&jp=_clsqfowinemogygwfxh6d4&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897483169191936&eclog=0&im=1&uf=0	2.9 kB	2024-05-09	2024-05-09
Pretty URL b57dqedu4.com/get/2020088?zoneid=2020088&jp=_clsqfowinemogygwfxh6d4&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897483169191936&eclog=0&im=1&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:36:59 Last Seen2024-05-09 03:36:59 Times Seen1 Hash c2c0ac20b4e4f8f3b17ba8821cae20a2 2d895c8495eeec875d47a2b776f6d91b7c0121c0 f0aa8da7965942a49800cf04bd1a57b56a74fa50d4f3d0dcc01c0aa0a0a49f18 Loading...

	pyknrhm5c.com/get/2025683?p=2025683&jp=_clm4njdyw491jerwn4qbd0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=3771583262359040&eclog=0&im=1&freq=0&uf=0	12 kB	2024-05-09	2024-05-09
Pretty URL pyknrhm5c.com/get/2025683?p=2025683&jp=_clm4njdyw491jerwn4qbd0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=3771583262359040&eclog=0&im=1&freq=0&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:36:59 Last Seen2024-05-09 03:36:59 Times Seen1 Hash 1aa01e1a9db21d34b0e43c3ceffc124e 5a73aba9dc7eafcb0d28f359a447bf5908b669e6 451add6905031c561289be8064b93f58ab9a7adc614f4038ca5bdaf723bddf79 Loading...

	mpougdusr.com/get/2020090?zoneid=2020090&jp=_clh8kcov1yplv098772txm&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5460433122569216&eclog=0&im=1&freq=0&uf=0	6.6 kB	2024-05-09	2024-05-09
Pretty URL mpougdusr.com/get/2020090?zoneid=2020090&jp=_clh8kcov1yplv098772txm&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5460433122569216&eclog=0&im=1&freq=0&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:36:59 Last Seen2024-05-09 03:36:59 Times Seen1 Hash 2428b9c5ce6166d6a0bf2433b2546958 d3263cce23319ff30fcff08337a5623a1c071da9 c494de3180a6436e97625ff08ba9bcb8914f790678abb45ca1e9867b60fe1169 Loading...

	www.amdahost.com/watch_direct.php?id=820f3e3f67	109 B	2024-01-26	2024-05-09
Pretty URL www.amdahost.com/watch_direct.php?id=820f3e3f67 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-26 19:51:30 Last Seen2024-05-09 15:53:33 Times Seen39 Hash abd3eda1d5f4b0fe7f9c99f43eb150b1 284cfcd4d397568f57e7119072af359d0e9690a0 fa9aeea174a0931635c6509c1484d92671e2adbd83146b79ddce59040cc32760 Loading...

	unknown	247 B	2024-05-09	2024-05-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:36:59 Last Seen2024-05-09 03:36:59 Times Seen1 Hash 69747b1c7f61a823553a6b3db28d6d94 d16f2ea0b00f195fc4a014d38224a2dccb98f2c4 885cf347e302705262d47fb01994192b6278a7a57a298ee6db2d0a547c2f2f9e Loading...

	js.mbidinp.com/skins/nmain.m.js	470 kB	2024-04-16	2024-05-20
Pretty URL js.mbidinp.com/skins/nmain.m.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:37:10 Last Seen2024-05-20 01:03:58 Times Seen1383 Hash 2902e331e5e735ad63e7510dfc434c5b 8f276d26159f74561fb370144b8cafba8bcc8bd3 26106440376cfc59241a9ef152d26483d436f1c155744bda92a41d3906e60ba2 Loading...

	static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387	19 kB	2024-04-24	2024-05-20
Pretty URL static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:56:41 Last Seen2024-05-20 04:15:27 Times Seen2627 Hash 4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192 Loading...

	storage.multstorage.com/log/count.html	718 B	2023-09-18	2024-05-20
Pretty URL storage.multstorage.com/log/count.html IP 172.67.174.51 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19:52 Last Seen2024-05-20 05:14:27 Times Seen5631 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

HTTP Transactions (99)

URL IP Response Size

cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css

151.101.193.229

200 OK

17 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
17 kB (16743 bytes)
Hash
373c68d52e3daa5cd7e1ae058fb6bd70
30a01afb8338555278162655e4a8e7ac57774f35
f53b0f6c14c09b5c263713876dfe7185531a3a424a91d192dfee3c5fa03493dd

HTTP Headers

GET /npm/remixicon@4.0.0/fonts/remixicon.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.0.0
x-jsd-version-type: version
etag: W/"200b1-MKAa+4M4VVJ4FiZV5KjnrFd3TzU"
content-encoding: br
accept-ranges: bytes
date: Thu, 09 May 2024 01:36:22 GMT
age: 5350871
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410027-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16743
X-Firefox-Spdy: h2

32879.2481april2024.com/4/js/233169

88.208.22.4

200 OK

6.6 kB

URL GET HTTP/2
32879.2481april2024.com/4/js/233169
IP
88.208.22.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subject*.2481april2024.com
FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49
ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT

File type
JavaScript source, ASCII text, with very long lines (16647), with no line terminators
Size
6.6 kB (6577 bytes)
Hash
117cb0e4d02af103e2dd27202470dc90
2528402ed8243c022eb36e49025c04f338c259dd
14cadb55928f7f165847c44eba0b7f92f7156ca65429b9cadb72fcb1e7e7efbb

HTTP Headers

GET /4/js/233169 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:22 GMT
content-type: application/javascript; charset=UTF-8
content-length: 6577
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2

vjs.zencdn.net/8.10.0/video-js.css

151.101.194.217

200 OK

13 kB

URL GET HTTP/2
vjs.zencdn.net/8.10.0/video-js.css
IP
151.101.194.217:443
ASN
#54113 FASTLY

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGlobalSign nv-sa
Subjectvjs.zencdn.net
Fingerprint6B:3F:11:07:D7:05:FD:AF:4D:46:B4:BA:1C:8A:60:70:95:37:35:17
ValidityWed, 06 Mar 2024 21:50:11 GMT - Mon, 07 Apr 2025 21:50:10 GMT

File type
ASCII text, with very long lines (7288)
Size
13 kB (12695 bytes)
Hash
27818e70d5704691d9264fe0083c5b08
b4dffd90528e8f63d54ad3a859b749344e6e00ad
92e11fbc7753b5be23fd489ba4e09c0d62d0b8c64e466845b4534934c46c85d6

HTTP Headers

GET /8.10.0/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 17 Jan 2024 12:53:07 GMT
etag: "27818e70d5704691d9264fe0083c5b08"
x-amz-server-side-encryption: AES256
content-type: text/css
content-encoding: gzip
date: Thu, 09 May 2024 01:36:22 GMT
x-served-by: cache-hel1410028-HEL
x-cache: HIT
x-cache-hits: 2
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 12695
X-Firefox-Spdy: h2

www.amdahost.com/media/logo.png

104.21.40.89

200 OK

26 kB

URL GET HTTP/3
www.amdahost.com/media/logo.png
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 382 x 70, 8-bit/color RGBA, non-interlaced
Size
26 kB (25625 bytes)
Hash
9c5c0fe1ed466c1a4801524b31777955
eb7bfae0af480eae554a937a9f64e96a0a4f734a
62b08c1489fff9fb4cf4d33857fb46d4f8298c3f74fc57f92279bdad95472640

HTTP Headers

GET /media/logo.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:22 GMT
content-type: image/png
content-length: 25625
last-modified: Fri, 15 Mar 2024 19:45:30 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QrRg%2FZK4QpMQiXQ8J8pZFI5kjlgXpByeuzU6e1gKsKVw8Vxjcey18sUB55aiBO41GPh%2BORzeR%2F45yop9nnbZ7MUACygL8BGKi1d9zs%2Fw8xBkx9KG6zpCa9%2BDrut2r3lSuQGm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df54a6e405684-OSL
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js

216.58.211.10

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
30 kB (30462 bytes)
Hash
2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

HTTP Headers

GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30462
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:07:52 GMT
expires: Sat, 03 May 2025 02:07:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 516510
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.amdahost.com/thumbnails/1713402079_8979167ff02e8b3c.jpg

104.21.40.89

200 OK

41 kB

URL GET HTTP/3
www.amdahost.com/thumbnails/1713402079_8979167ff02e8b3c.jpg
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 960x540, components 3
Size
41 kB (41011 bytes)
Hash
f6d4b76a307e81718088a38d98dcf301
a97211f063399ae1639cf90f04bb3d8206493444
1f90cb94a4883431deedc70662bda81389aae9522a4218ff883dbb6a0dfca660

HTTP Headers

GET /thumbnails/1713402079_8979167ff02e8b3c.jpg HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:22 GMT
content-type: image/jpeg
content-length: 41011
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:36:22 GMT
etag: "a033-662070df-8c2f7c;;;"
last-modified: Thu, 18 Apr 2024 01:01:19 GMT
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mtwQCOlHAYK%2BvgY6m76EXQ4Ltiqeab7lLNGWNsUtTnoIgRKmFRR6HMwXGEOyIed9YIbcCdRnz07pjBBbafWoRkYRT0COY93vZ4wzpXhdsDinGgYpWqJYKmPzu7yfDDoaI1Af"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df54a7e415684-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2

216.58.207.227

200 OK

13 kB

URL GET HTTP/2
fonts.gstatic.com/s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13184, version 1.0
Size
13 kB (13184 bytes)
Hash
37b12babb3bd0f9d9587cc8ca89a19b9
49cfe5b31144493cec4f21dc63fb2f1051061b45
73351bb42cb7827d0cd08c5d5832140700139b86eb6dd9a49047017924cb3ed0

HTTP Headers

GET /s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:41:24 GMT
expires: Fri, 02 May 2025 02:41:24 GMT
cache-control: public, max-age=31536000
age: 600898
last-modified: Wed, 27 Sep 2023 15:40:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Bebas+Neue&display=swap

142.250.74.106

200 OK

14 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bebas+Neue&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
14 kB (14191 bytes)
Hash
efc7acc550b95e6044c9c23fe99a0a03
7b739ae0255afba988ce54930bf9aa3dd34a80b4
ff87b31eacebca6f00913e0fe8ed247a30cac964ada616e3d5ebebbc6f652c27

HTTP Headers

GET /css2?family=Bebas+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:36:22 GMT
date: Thu, 09 May 2024 01:36:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

b57dqedu4.com/solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897483169191936&eclog=0&im=1

212.117.190.201

200 OK

43 B

URL POST HTTP/2
b57dqedu4.com/solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897483169191936&eclog=0&im=1
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B
ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

POST /solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897483169191936&eclog=0&im=1 HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:23 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: UID=240508203620f4a93f5f17412cb2dff137dd; Path=/; Expires=Thu, 12 Jun 2025 01:36:23 GMT; Secure; SameSite=None
CHCK=1; Path=/; Expires=Thu, 12 Jun 2025 01:36:23 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

www.amdahost.com/css/root.css

104.21.40.89

200 OK

1.4 kB

URL GET HTTP/3
www.amdahost.com/css/root.css
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
ASCII text, with very long lines (3175), with no line terminators
Size
1.4 kB (1395 bytes)
Hash
b29e82a0b6fab49b186f1878409b49cf
632d7a94b851c7c879e29825bee06920d7b5cb99
5b7746d8aa2c0a8a908f6a5df646167afb319fc1d2a6ec08d275e195a275afdf

HTTP Headers

GET /css/root.css HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:22 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=6128
last-modified: Tue, 27 Feb 2024 08:09:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 457
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U2l0sNWT4e%2Fu1UT9aW6sJLCW7QLEx91GzxED3Y%2BCwTvP02eaKtySU13Up89%2FIlAUawe8hd7i1T5CpKN9Cf6HlaKT8vy%2F6MVhXavt71UaYNht82mhamNW8ZXYdlwL4ZPCjLfM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df54a6e3c5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.fluidplayer.com/v3/current/6aef4fee473c54e96ff8.svg

185.76.9.18

200 OK

13 kB

URL GET HTTP/2
cdn.fluidplayer.com/v3/current/6aef4fee473c54e96ff8.svg
IP
185.76.9.18:443
ASN
#60068 Datacamp Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectfluidplayer.com
Fingerprint46:64:4F:F1:3B:B5:54:D2:21:6F:9B:66:05:DF:D9:AC:7D:3C:8E:D0
ValidityMon, 06 May 2024 08:37:10 GMT - Sun, 04 Aug 2024 08:37:09 GMT

File type
gzip compressed data, from Unix
Size
13 kB (12659 bytes)
Hash
20691a2db39fd0b95c576cd54bee882d
2ee9d901ea2a523aed7c2eb52fd34a6f8cabfc1b
13e58992749e56106f265c908b4725efae091c256fdf5c8e68259f65f412abfa

HTTP Headers

GET /v3/current/6aef4fee473c54e96ff8.svg HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 13:23:12 GMT
etag: W/"65fc34c0-4880"
expires: Fri, 22 Mar 2024 21:45:09 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-77-nzt: EwwBuUwJDQH3AjYAAAwBuUwKDAH3AAAAAAwBisclxAGzgVEBAA
x-77-nzt-ray: c0a4cc28520b262197283c665f23b009
x-accel-expires: @1715291157
x-accel-date: 1715204757
x-77-cache: HIT
x-77-age: 13826
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 13826
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

cdn.tailwindcss.com/

104.22.21.144

302 Found

77 kB

URL GET HTTP/2
cdn.tailwindcss.com/
IP
104.22.21.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type
data
Size
77 kB (76752 bytes)
Hash
e17c9ee5a0157972931fb86795fd4152
6d45c406596fb38b9fcb3632f57746bd7857dc6d
492fd1bb555a26de89d2de93dccfb947b30b491bdb66e404627244059b993763

HTTP Headers

GET / HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 09 May 2024 01:36:22 GMT
cache-control: max-age=14400
location: /3.4.3
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::9k7dz-1715217895083-d650dcfb1d94
cf-cache-status: HIT
age: 357
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df54a9e92b4ff-OSL
X-Firefox-Spdy: h2

pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js

212.117.190.201

200 OK

42 kB

URL GET HTTP/2
pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87
ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT

File type
gzip compressed data, max speed, from Unix
Size
42 kB (41681 bytes)
Hash
07db82f799b13801a9976768d715da78
048ceeb6faaa96bc824868fd13e9f8d06339cfbe
a33d57e37517ffe5335d9b39f92762f1073fcb4009396cd58435d38eaf81ec83

HTTP Headers

GET /q/tdl/95/dnt/2025683/kep.js HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:22 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-164ab"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.40.89

302 Found

0 B

URL GET HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Thu, 09 May 2024 01:36:23 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gq9AmgoBWtOkb6CWJK3ykUOGx9%2FcuZpmpebd%2BMExokBtjqEv3tS8nb5hNowNWnuwDtHhG5iS3Z9PT%2Bg2YLMBLs%2FMeQmuUMccshNpLuDzGqXGY73cwc2iU2oGDZR7Eo1K4gft"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df552ebc75684-OSL
alt-svc: h3=":443"; ma=86400

e9b729472c.39268ea911.com/34d6dd2e1c7f31ddf3a9042ff9eeb58b.js

45.133.44.52

200 OK

83 kB

URL GET HTTP/2
e9b729472c.39268ea911.com/34d6dd2e1c7f31ddf3a9042ff9eeb58b.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjecte9b729472c.39268ea911.com
FingerprintB5:9F:EF:07:F2:D5:84:63:A5:90:19:76:24:EB:38:B3:AB:84:6E:C8
ValidityMon, 06 May 2024 02:20:40 GMT - Sun, 04 Aug 2024 02:20:39 GMT

File type
gzip compressed data, from Unix
Size
83 kB (83346 bytes)
Hash
d32beafe4a49c49c0aaae2f8f92caf8c
7cc524fe345ee903425410beddbc77154a791e7e
c84bd8984754f53d308cc9809cac6650ef8260bef211500da08689da590967fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /34d6dd2e1c7f31ddf3a9042ff9eeb58b.js HTTP/1.1
Host: e9b729472c.39268ea911.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 08 May 2024 10:50:20 GMT
etag: W/"663b58ec-1ab25"
content-encoding: gzip
expires: Thu, 09 May 2024 01:41:23 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/082/d6d/41f/082d6d41f9bd3220a660f2a4108986b2b367f0e4.png

104.22.59.221

200 OK

43 kB

URL GET HTTP/2
cdn.pncloudfl.com/pn/082/d6d/41f/082d6d41f9bd3220a660f2a4108986b2b367f0e4.png
IP
104.22.59.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectcdn.pncloudfl.com
Fingerprint50:5F:A0:91:53:C9:C9:E3:5D:EA:53:42:E8:5B:81:FB:DE:7B:1E:2C
ValiditySun, 28 Apr 2024 04:53:51 GMT - Sat, 27 Jul 2024 04:53:50 GMT

File type
RIFF (little-endian) data, Web/P image
Size
43 kB (42912 bytes)
Hash
bec3572ed077c92240ef0dd7dc17231d
e278cd647e65b5f04ba1d582d05f76d5dfafd125
eb304641419d09e779018fe3bf31596d3ed3ad0d4ab05c716ce626152aa417ec

HTTP Headers

GET /pn/082/d6d/41f/082d6d41f9bd3220a660f2a4108986b2b367f0e4.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: image/webp
content-length: 42912
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=66221
content-disposition: inline; filename="082d6d41f9bd3220a660f2a4108986b2b367f0e4.webp"
etag: 20c64ca88091db62ea69001a7382f005
expires: Sat, 11 May 2024 01:15:46 GMT
last-modified: Mon, 23 Dec 2019 08:43:03 GMT
vary: Accept
x-openstack-request-id: tx9d94ab9f187b4137bb135-0061b079d0
x-proxy-cache: REVALIDATED
x-timestamp: 1577090582.49776
x-trans-id: tx9d94ab9f187b4137bb135-0061b079d0
cf-cache-status: HIT
age: 1237
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 880df5544d1f56a8-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

js.capndr.com/advertising.js

45.133.44.53

200 OK

0 B

URL GET HTTP/2
js.capndr.com/advertising.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectjs.capndr.com
Fingerprint0D:30:A1:FB:7E:A0:EC:89:85:17:27:67:37:21:DA:E0:CB:E3:26:06
ValiditySun, 21 Apr 2024 03:00:41 GMT - Sat, 20 Jul 2024 03:00:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Thu, 09 May 2024 01:41:23 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/challenge-platform/h/b/jsd/r/880df546cfe1b50b

104.21.40.89

200 OK

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/h/b/jsd/r/880df546cfe1b50b
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/880df546cfe1b50b HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12196
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=rkiZfgsCCjM3i0R2kHCeotMzLoE34ySZ9gVvAjVWBOQ-1715218583-1.0.1.1-jADs3UxfOr2ge1710cu8TwAE1Jv2z4qWpgjaRiS.sV4035AFLhY.nxhrsjSBFzAuDKQkKFMPYLKXBqmrSzvkHA; Path=/; Expires=Fri, 09-May-25 01:36:23 GMT; Domain=.amdahost.com; HttpOnly; Secure; SameSite=None; Partitioned
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZXI1f0ojm9s07tj9r2eTkVE6HNX8WI6TBvGIRsvaWHp32N4iRw6%2BiL%2FNTy7tGP2YWDCVaoenmW2gc6lWp8JREV5Jk7dOkruz2JDa%2BukKipIFKFpRcFWk3FxcIuhm284rfwAO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df555edee5684-OSL
alt-svc: h3=":443"; ma=86400

www.amdahost.com/videos/1713402037_220228c6337210b3.mp4

104.21.40.89

206 Partial Content

432 kB

URL GET HTTP/3
www.amdahost.com/videos/1713402037_220228c6337210b3.mp4
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
432 kB (431607 bytes)
Hash
5e1da1fce183207242f95cc7a8784c0b
df5cc508ce78be04efa2a54a294fc78d7a5ebea3
30b3f05b34aa123ea27ccf8631b8d0a3eba84f85480fa17a59d885f14336d95f

HTTP Headers

GET /videos/1713402037_220228c6337210b3.mp4 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Thu, 09 May 2024 01:36:23 GMT
content-type: video/mp4
content-length: 40756837
etag: "26de665-662070dd-8c2fb0;;;"
last-modified: Thu, 18 Apr 2024 01:01:17 GMT
cache-control: max-age=14400
cf-cache-status: MISS
content-range: bytes 0-40756836/40756837
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IO86%2BRLB%2BJMi5IbMP9eJXZTH7Zxseu17bwGYSrrqhufS3qeKblWYtKCZWgygTgMUwyO7Tfd1Gte%2F%2FPj9HSRN1EzZh7l4G9taCddCk8Z0ARBw5e%2FJ1aKGqC33CzXhFB0SZzei"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df5518b3d5684-OSL
alt-svc: h3=":443"; ma=86400

www.amdahost.com/media/favicon-16x16.png

104.21.40.89

200 OK

936 B

URL GET HTTP/3
www.amdahost.com/media/favicon-16x16.png
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
936 B (936 bytes)
Hash
ac0cd4d64276fa91e68993406abcd43d
c9af1132645f2bccfb9295a4e45cc95e8e78b7b6
bf852eabb9e0bbeb89b360a2dc4ccc1b86f2ffea3dfa78f0c2bb8747be598382

HTTP Headers

GET /media/favicon-16x16.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a; cf_clearance=rkiZfgsCCjM3i0R2kHCeotMzLoE34ySZ9gVvAjVWBOQ-1715218583-1.0.1.1-jADs3UxfOr2ge1710cu8TwAE1Jv2z4qWpgjaRiS.sV4035AFLhY.nxhrsjSBFzAuDKQkKFMPYLKXBqmrSzvkHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:24 GMT
content-type: image/png
content-length: 936
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 747
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2F56oDng%2FNPNmIegtcfwoYNZkAomt7l9nbqfwG02ah8C%2Be4wQ0ytzFDouSMvi%2FBUYFonUp2uizrR431%2BYrKzLqgP8W4lcQ%2B0UeA1bsecIoAt%2BFTMVDHk6DY3EqZ%2BP8jwSy6Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df557bf0c5684-OSL
alt-svc: h3=":443"; ma=86400

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.250.74.98

200 OK

0 B

URL HEAD HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.250.74.98:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B
ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Thu, 09 May 2024 01:36:24 GMT
expires: Thu, 09 May 2024 01:36:24 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 17015933755211752849
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51640
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=161855

157.90.84.242

204 No Content

0 B

URL OPTIONS HTTP/1.1
fp.metricswpsh.com/fp?tag_id=161855
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=161855 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 09 May 2024 01:36:24 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

pyknrhm5c.com/get/2025683?p=2025683&jp=_clm4njdyw491jerwn4qbd0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=3771583262359040&eclog=0&im=1&freq=0&uf=0

212.117.190.201

200 OK

8.2 kB

URL GET HTTP/2
pyknrhm5c.com/get/2025683?p=2025683&jp=_clm4njdyw491jerwn4qbd0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=3771583262359040&eclog=0&im=1&freq=0&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87
ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT

File type
gzip compressed data, from Unix
Size
8.2 kB (8234 bytes)
Hash
1e8c6954f4a4f3f3d67bc7cad2618e3e
262154e28bf27bae6ded36cc1743f2ef7a3a04f4
dcc4563e607d0df09a2a4fbe9dd7f507175fed4a5b0f7a0a0400d0d1fcac559e

HTTP Headers

GET /get/2025683?p=2025683&jp=_clm4njdyw491jerwn4qbd0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=3771583262359040&eclog=0&im=1&freq=0&uf=0 HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:23 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Thu, 12 Jun 2025 01:36:23 GMT; Secure; SameSite=None
UID=240508203630b0b2818a6b4f298caaff7f0c; Path=/; Expires=Thu, 12 Jun 2025 01:36:23 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=179977

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=179977
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 09 May 2024 01:36:24 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

e9b729472c.39268ea911.com/8d49d19b7765f1a8c2fc9471c8f12409.js

45.133.44.52

200 OK

29 kB

URL GET HTTP/2
e9b729472c.39268ea911.com/8d49d19b7765f1a8c2fc9471c8f12409.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjecte9b729472c.39268ea911.com
FingerprintB5:9F:EF:07:F2:D5:84:63:A5:90:19:76:24:EB:38:B3:AB:84:6E:C8
ValidityMon, 06 May 2024 02:20:40 GMT - Sun, 04 Aug 2024 02:20:39 GMT

File type
gzip compressed data, from Unix
Size
29 kB (29197 bytes)
Hash
2f6cdc7e739b266e733f5ac17a789c18
e11d97c6f184dac65614e965a4da8b847a0cd272
fbbecc81be9481dba83b81f3be8aedd31e2c50b68c56d8780de1321668563dbf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8d49d19b7765f1a8c2fc9471c8f12409.js HTTP/1.1
Host: e9b729472c.39268ea911.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:24 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 06 May 2024 08:27:28 GMT
etag: W/"66389470-189f7"
content-encoding: gzip
expires: Thu, 09 May 2024 01:41:24 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=179977

157.90.84.242

200 OK

58 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=179977
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1835
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 09 May 2024 01:36:24 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=8860623567929675171; Expires=Fri, 09 May 2025 01:36:24 GMT; Secure; SameSite=None
Vary: Origin

e9b729472c.39268ea911.com/c24b4e831b8a6d9c926c8506ce6591f3/161855?version_name=b

45.133.44.52

200 OK

2.4 kB

URL GET HTTP/2
e9b729472c.39268ea911.com/c24b4e831b8a6d9c926c8506ce6591f3/161855?version_name=b
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjecte9b729472c.39268ea911.com
FingerprintB5:9F:EF:07:F2:D5:84:63:A5:90:19:76:24:EB:38:B3:AB:84:6E:C8
ValidityMon, 06 May 2024 02:20:40 GMT - Sun, 04 Aug 2024 02:20:39 GMT

File type
JSON text data
Size
2.4 kB (2425 bytes)
Hash
ee3b41fbcfe8655ca32ffea85b4d969e
07951fda7014916a54c3a374c574ab277f7e7d64
d43c78ba97416968cee1aafc245bf108a1fc0c97e0fa6f7c71961b7161216c66

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c24b4e831b8a6d9c926c8506ce6591f3/161855?version_name=b HTTP/1.1
Host: e9b729472c.39268ea911.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Thu, 09 May 2024 01:41:23 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

glakaits.net/5/7446033/?oo=1&js_build=iclick-v1.790.0

139.45.197.242

200 OK

1.4 kB

URL GET HTTP/2
glakaits.net/5/7446033/?oo=1&js_build=iclick-v1.790.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectglakaits.net
Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02
ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT

File type
JSON text data
Size
1.4 kB (1398 bytes)
Hash
b87ebb7bdba184f818114c300e7bbdf6
b17bf9b4e79a821a90021b5d4eaeda72b4f28de5
4632c947c35c8262ce39bcece887a6612e28295ae8f690fbc90462aaf42d4dd9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/7446033/?oo=1&js_build=iclick-v1.790.0 HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:24 GMT
content-type: application/json
x-trace-id: 12c403be0ece78087b6f60a1bb329a96
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008057ec3f9a499bfb66d990df603b07; expires=Fri, 09 May 2025 01:36:24 GMT; path=/; secure; SameSite=None
oaidts=1715218584; expires=Fri, 09 May 2025 01:36:24 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=008057ec3f9a499bfb66d990df603b07

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=008057ec3f9a499bfb66d990df603b07
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
49c4cdadc2e0c6092efddcac8e1da6ef
d04a655aadd17e0e7fd2b30d2c5a208b02d853f3
28a73d9a28878a262d8c6e406f853ec18a0ec5a1a17f67c820b0bceb1dd4464d

HTTP Headers

GET /gid.js?userId=008057ec3f9a499bfb66d990df603b07 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:24 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008057ec3f9a499bfb66d990df603b07; expires=Fri, 09 May 2025 01:36:24 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=55c2d0ed-9d6d-4ded-9290-8264b9d73d73&subid=14364679&spot_id=560192&created_at=2024-05-09&timezone=0&ver=1.141.0

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=55c2d0ed-9d6d-4ded-9290-8264b9d73d73&subid=14364679&spot_id=560192&created_at=2024-05-09&timezone=0&ver=1.141.0
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=55c2d0ed-9d6d-4ded-9290-8264b9d73d73&subid=14364679&spot_id=560192&created_at=2024-05-09&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=70343a7c-b323-43ca-bc0d-5f3ba9487ea2&subid=308553955&spot_id=529502&created_at=2024-05-09&timezone=0&ver=1.141.0

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=70343a7c-b323-43ca-bc0d-5f3ba9487ea2&subid=308553955&spot_id=529502&created_at=2024-05-09&timezone=0&ver=1.141.0
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=70343a7c-b323-43ca-bc0d-5f3ba9487ea2&subid=308553955&spot_id=529502&created_at=2024-05-09&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mbddip.com/in/dip?site=native-push&wl=1&event_id=0730a89e-2175-4c10-82ff-f7b45863dcde&subid=1211831614&sid=1572509799&spot_id=560190&created_at=2024-05-09&timezone=0&ver=8.159.0&is_native=1

94.130.198.6

200 OK

0 B

URL GET HTTP/2
mbddip.com/in/dip?site=native-push&wl=1&event_id=0730a89e-2175-4c10-82ff-f7b45863dcde&subid=1211831614&sid=1572509799&spot_id=560190&created_at=2024-05-09&timezone=0&ver=8.159.0&is_native=1
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=0730a89e-2175-4c10-82ff-f7b45863dcde&subid=1211831614&sid=1572509799&spot_id=560190&created_at=2024-05-09&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: mbddip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

162 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 09 May 2024 01:36:24 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oJqnrPPEwqapMhjhXQGOZAf09d9u%2FIyndT5Gi1oFe6X%2FnT8hGMQa9Dw%2FbLT1%2Byn5YdGJ%2FLePGFHszggaGQvQ4ug%2FeaNPAU0%2B6Kdu2u6K4rA0fR5q2BarTSiJ8BgSqoqMpHWeqBJrP5vUHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5589a24569f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f276d15245c6ec1add5b5814bb8444eb
975c127eec9cc6514f4092ed034df575bcdeacd7
a77526d25e2226cff93318a2e87ab8d03eac1796e44fd997c5428693ddb61bd0

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 May 2024 01:36:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

324 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
324 B (324 bytes)
Hash
5aebd17d44825463dc5d20a0fd8b6061
fd05ef614c535a8934771c6fea5b5fdebd105ecb
698865e01b55bfdcc7135031fa7f59454b3153cca7f68c414e801c74a21e8291

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
date: Thu, 09 May 2024 01:36:25 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bnrduGP4USu0gthjRTH2hehM9N%2FGo1fl0R693OmS%2F2yeJN5I9siocMDMp25S24IX4CXXslYH1yq2LKfWccEY82EdnI8RiMcgUInQD53loZalKEirdRxpipFjAa%2Ba5jDcE%2ByNvUL4%2BKBa%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df55c9a510b45-OSL
alt-svc: h3=":443"; ma=86400

mbdippex.com/in/multy

94.130.198.6

204 No Content

8.8 kB

URL OPTIONS HTTP/2
mbdippex.com/in/multy
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
8.8 kB (8770 bytes)
Hash
637092cb986d54d54b0268293b61ecaf
bbcede1114c57525a72efe72cc2ccf9d0d338d11
500a4f75ff589644d52c6831172ef474992ed43416323fb8bbecae2fcb3c33bc

HTTP Headers

POST /in/multy HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2234
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:25 GMT
content-type: application/json
content-length: 8770
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzM2e1V9YIpV8-OnI6G90nuP5v86TiLoHIO9LrQhrc4BcqxB1IS2vnswOsKLxdzUwJHnCgvsw

173.194.222.84

302 Found

427 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzM2e1V9YIpV8-OnI6G90nuP5v86TiLoHIO9LrQhrc4BcqxB1IS2vnswOsKLxdzUwJHnCgvsw
IP
173.194.222.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type
HTML document, ASCII text, with very long lines (405)
Size
427 B (427 bytes)
Hash
b140a4052068d4c615fabbc5024ae3f6
cfcc7c39142dbbcb97081f7ec1770d22a695ec54
b9132e1f39adcfcd54b2e862c9b60bb695ad8bc4809e8fc126a7f3b91d236267

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzM2e1V9YIpV8-OnI6G90nuP5v86TiLoHIO9LrQhrc4BcqxB1IS2vnswOsKLxdzUwJHnCgvsw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:MXCwWh4fjXXdkfdYVzqdfeS9Vs39eQ:BdRhi5wuvhu0A_hU;Path=/;Expires=Sat, 09-May-2026 01:36:25 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 09 May 2024 01:36:25 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQw9d9o-odMtE8f_SsceW6WT9amJ3VviBkJMKQtrVyQNAFsjrZLycYFssMYpDuE5PQBquECHYA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1158309721%3A1715218585570872&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-t8QkJVafQNfIk5Iw7ksK4A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 427
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mbdippex.com/in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218585&subid=1211831614&sid=1572509799&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=milf,adult,mature&user_fp=6241671574567358293&score=33.436680851035334&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3186575&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYZM8SQETPDhpgWNHLcmIFyDI0yLXLMkFEjZg4zZGqQGSPGhhkcOUQ4HONGoY4YOWDgcBimzhiMNGjgqBHVxkwcMGLgoJkDx0yhIsSkIQNVKlUaVmVg1crVqwywBu0sBIl2acY6YibKQGuDKZyLOmbc2NpQxBw4EnVEzWEjxowaDsvgofPlcGIRNTLbyJoU7Jg2gGvAmEFjBsWHZMwsLCzGjZuFpnHYqHEDsog2bjwqpqFUhkM4uHXfiAFjs8M6MTCioWNxjo4XL868cYE7zOE2Lsa8afNiTpswcixufFFmTI2eN22MgTE8zIwxOEGGoWEmBo0wK8tgVU9DDNowOOVQxkphFGeQf2XIYIMNNGRGBhk3DGeGGT_UMQdCSZDRww0w5ADgGDPgUEYNM5hRhhi0hSgDY2aUhgMOZoxR2w1izLhVDg2SYUMYNZSBk4n6iaFfZmPIRoYMZGTFRR0wwKBgG2W0IaQcGfZQAxs4FEGEWjaoEUUbamhxBxqgoZFHDFYEQYMQVjQBgxgv7pVSY4_lIIOCN9iQBh1BFFFHFGhEMWYeTrQgxRNiJCFHDGZYkcRwVriBBxI0TAFHHptF0QQbSzBBQxwlWRfGEkfYuQYRc9yBhQxfxJEGEnCEQUcOTzSVRhVtfDGFGyPVgYQeVcBhBR0yHKGGDTnc8YQeasChBg12qDEDFElMcYUZQlTxBhJaIGFFDlYM0eMZd6jxxRlVJEGEFFWksWSTCs7xRh1yjFFGlYvRWcO7TtoAhww9APWiSvwqCEcMPTjxRMH-ztADWGRsh1G0eFScncRDybrQFqZ18Vu9C8HgQpPFDQXcF3CArIPIJTkkhx2A8RbZGMCF7EJfItRRRxoYxUAbTR3ekENQDqUBmAg5xOBCUi7QIIMLPtMAVh1hYNTEG3qkwQYbYbxQw8ggoIBFDDHsAAITabhRBx4g4CHbFwya_bIOjI2cAghHlLfGGy_IkFWTxMUAghFpyOHjG3i8UDcMnj2lgwgKg_WGHF-M4TjkT4DFxuVFOAFxGXZ8YTgbE9E2WElYweDyGa_pQBMOhR0UuhhyLPSiQ7J_0cYbZLku22lkyPEGbA69YZRvGQmPRx4L2TbHyxgJT4esk7dQhxt7tsCgCzvdIPnzcjFEXIdb2bUTRgd90T1YdLQx0XA1yKBVDVNV1MZbR8Ev_1RTOTkDU2QQXRkO8wWN5c9n-6OfbUBXQDYghA5G4VgNPPYQMVzmIGZoChsk8pvNhWwouoFBHxQQEA%25253D%25253D%2526s%253Db64bb09f5786e9e22706fefa193b78baeba0646e3a96b713fba4a3b7bfbdadd61715218585%2526ev%253D0.0009915254237288134&icons=gmLlju_g134KEM_ouKBp5XGoWG1Ec77mxlbWE2Y0TySPXO1RjlP4lvXPVYiICCbuFn5MuIquBUbnt_Zod-CO-q9jY6gIWTDlC3xpLz27BaNICJbQ0MhzkfDnHzBlgpfK0a4Aj6nX_TwNk3QyVA0MGDieB0cW3wpHdhGHtN_lBAPBueNCnw&ext_cid=503431&px_id=55560190&min_cpm=0.044112791828882426&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=4485446328018259832&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.009262430168932696&cpm=0&verify_hash=40182ada5a54427ba4d6b7315d6a001a&is_native=2&real_bid=0.0002559240031242384&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,4,89,20,27,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=503431&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=8f7101fd-202d-4a09-acb8-16887f388bae&prev_step_diff=850

94.130.198.6

200 OK

0 B

URL GET HTTP/2
mbdippex.com/in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218585&subid=1211831614&sid=1572509799&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=milf,adult,mature&user_fp=6241671574567358293&score=33.436680851035334&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3186575&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYZM8SQETPDhpgWNHLcmIFyDI0yLXLMkFEjZg4zZGqQGSPGhhkcOUQ4HONGoY4YOWDgcBimzhiMNGjgqBHVxkwcMGLgoJkDx0yhIsSkIQNVKlUaVmVg1crVqwywBu0sBIl2acY6YibKQGuDKZyLOmbc2NpQxBw4EnVEzWEjxowaDsvgofPlcGIRNTLbyJoU7Jg2gGvAmEFjBsWHZMwsLCzGjZuFpnHYqHEDsog2bjwqpqFUhkM4uHXfiAFjs8M6MTCioWNxjo4XL868cYE7zOE2Lsa8afNiTpswcixufFFmTI2eN22MgTE8zIwxOEGGoWEmBo0wK8tgVU9DDNowOOVQxkphFGeQf2XIYIMNNGRGBhk3DGeGGT_UMQdCSZDRww0w5ADgGDPgUEYNM5hRhhi0hSgDY2aUhgMOZoxR2w1izLhVDg2SYUMYNZSBk4n6iaFfZmPIRoYMZGTFRR0wwKBgG2W0IaQcGfZQAxs4FEGEWjaoEUUbamhxBxqgoZFHDFYEQYMQVjQBgxgv7pVSY4_lIIOCN9iQBh1BFFFHFGhEMWYeTrQgxRNiJCFHDGZYkcRwVriBBxI0TAFHHptF0QQbSzBBQxwlWRfGEkfYuQYRc9yBhQxfxJEGEnCEQUcOTzSVRhVtfDGFGyPVgYQeVcBhBR0yHKGGDTnc8YQeasChBg12qDEDFElMcYUZQlTxBhJaIGFFDlYM0eMZd6jxxRlVJEGEFFWksWSTCs7xRh1yjFFGlYvRWcO7TtoAhww9APWiSvwqCEcMPTjxRMH-ztADWGRsh1G0eFScncRDybrQFqZ18Vu9C8HgQpPFDQXcF3CArIPIJTkkhx2A8RbZGMCF7EJfItRRRxoYxUAbTR3ekENQDqUBmAg5xOBCUi7QIIMLPtMAVh1hYNTEG3qkwQYbYbxQw8ggoIBFDDHsAAITabhRBx4g4CHbFwya_bIOjI2cAghHlLfGGy_IkFWTxMUAghFpyOHjG3i8UDcMnj2lgwgKg_WGHF-M4TjkT4DFxuVFOAFxGXZ8YTgbE9E2WElYweDyGa_pQBMOhR0UuhhyLPSiQ7J_0cYbZLku22lkyPEGbA69YZRvGQmPRx4L2TbHyxgJT4esk7dQhxt7tsCgCzvdIPnzcjFEXIdb2bUTRgd90T1YdLQx0XA1yKBVDVNV1MZbR8Ev_1RTOTkDU2QQXRkO8wWN5c9n-6OfbUBXQDYghA5G4VgNPPYQMVzmIGZoChsk8pvNhWwouoFBHxQQEA%25253D%25253D%2526s%253Db64bb09f5786e9e22706fefa193b78baeba0646e3a96b713fba4a3b7bfbdadd61715218585%2526ev%253D0.0009915254237288134&icons=gmLlju_g134KEM_ouKBp5XGoWG1Ec77mxlbWE2Y0TySPXO1RjlP4lvXPVYiICCbuFn5MuIquBUbnt_Zod-CO-q9jY6gIWTDlC3xpLz27BaNICJbQ0MhzkfDnHzBlgpfK0a4Aj6nX_TwNk3QyVA0MGDieB0cW3wpHdhGHtN_lBAPBueNCnw&ext_cid=503431&px_id=55560190&min_cpm=0.044112791828882426&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=4485446328018259832&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.009262430168932696&cpm=0&verify_hash=40182ada5a54427ba4d6b7315d6a001a&is_native=2&real_bid=0.0002559240031242384&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,4,89,20,27,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=503431&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=8f7101fd-202d-4a09-acb8-16887f388bae&prev_step_diff=850
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218585&subid=1211831614&sid=1572509799&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=milf,adult,mature&user_fp=6241671574567358293&score=33.436680851035334&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3186575&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYZM8SQETPDhpgWNHLcmIFyDI0yLXLMkFEjZg4zZGqQGSPGhhkcOUQ4HONGoY4YOWDgcBimzhiMNGjgqBHVxkwcMGLgoJkDx0yhIsSkIQNVKlUaVmVg1crVqwywBu0sBIl2acY6YibKQGuDKZyLOmbc2NpQxBw4EnVEzWEjxowaDsvgofPlcGIRNTLbyJoU7Jg2gGvAmEFjBsWHZMwsLCzGjZuFpnHYqHEDsog2bjwqpqFUhkM4uHXfiAFjs8M6MTCioWNxjo4XL868cYE7zOE2Lsa8afNiTpswcixufFFmTI2eN22MgTE8zIwxOEGGoWEmBo0wK8tgVU9DDNowOOVQxkphFGeQf2XIYIMNNGRGBhk3DGeGGT_UMQdCSZDRww0w5ADgGDPgUEYNM5hRhhi0hSgDY2aUhgMOZoxR2w1izLhVDg2SYUMYNZSBk4n6iaFfZmPIRoYMZGTFRR0wwKBgG2W0IaQcGfZQAxs4FEGEWjaoEUUbamhxBxqgoZFHDFYEQYMQVjQBgxgv7pVSY4_lIIOCN9iQBh1BFFFHFGhEMWYeTrQgxRNiJCFHDGZYkcRwVriBBxI0TAFHHptF0QQbSzBBQxwlWRfGEkfYuQYRc9yBhQxfxJEGEnCEQUcOTzSVRhVtfDGFGyPVgYQeVcBhBR0yHKGGDTnc8YQeasChBg12qDEDFElMcYUZQlTxBhJaIGFFDlYM0eMZd6jxxRlVJEGEFFWksWSTCs7xRh1yjFFGlYvRWcO7TtoAhww9APWiSvwqCEcMPTjxRMH-ztADWGRsh1G0eFScncRDybrQFqZ18Vu9C8HgQpPFDQXcF3CArIPIJTkkhx2A8RbZGMCF7EJfItRRRxoYxUAbTR3ekENQDqUBmAg5xOBCUi7QIIMLPtMAVh1hYNTEG3qkwQYbYbxQw8ggoIBFDDHsAAITabhRBx4g4CHbFwya_bIOjI2cAghHlLfGGy_IkFWTxMUAghFpyOHjG3i8UDcMnj2lgwgKg_WGHF-M4TjkT4DFxuVFOAFxGXZ8YTgbE9E2WElYweDyGa_pQBMOhR0UuhhyLPSiQ7J_0cYbZLku22lkyPEGbA69YZRvGQmPRx4L2TbHyxgJT4esk7dQhxt7tsCgCzvdIPnzcjFEXIdb2bUTRgd90T1YdLQx0XA1yKBVDVNV1MZbR8Ev_1RTOTkDU2QQXRkO8wWN5c9n-6OfbUBXQDYghA5G4VgNPPYQMVzmIGZoChsk8pvNhWwouoFBHxQQEA%25253D%25253D%2526s%253Db64bb09f5786e9e22706fefa193b78baeba0646e3a96b713fba4a3b7bfbdadd61715218585%2526ev%253D0.0009915254237288134&icons=gmLlju_g134KEM_ouKBp5XGoWG1Ec77mxlbWE2Y0TySPXO1RjlP4lvXPVYiICCbuFn5MuIquBUbnt_Zod-CO-q9jY6gIWTDlC3xpLz27BaNICJbQ0MhzkfDnHzBlgpfK0a4Aj6nX_TwNk3QyVA0MGDieB0cW3wpHdhGHtN_lBAPBueNCnw&ext_cid=503431&px_id=55560190&min_cpm=0.044112791828882426&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=4485446328018259832&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.009262430168932696&cpm=0&verify_hash=40182ada5a54427ba4d6b7315d6a001a&is_native=2&real_bid=0.0002559240031242384&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,4,89,20,27,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=503431&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=8f7101fd-202d-4a09-acb8-16887f388bae&prev_step_diff=850 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:25 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

e9b729472c.39268ea911.com/939b87343a3eb6ec5a1c3e8c8c6f7c47.js

45.133.44.52

200 OK

77 kB

URL GET HTTP/2
e9b729472c.39268ea911.com/939b87343a3eb6ec5a1c3e8c8c6f7c47.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjecte9b729472c.39268ea911.com
FingerprintB5:9F:EF:07:F2:D5:84:63:A5:90:19:76:24:EB:38:B3:AB:84:6E:C8
ValidityMon, 06 May 2024 02:20:40 GMT - Sun, 04 Aug 2024 02:20:39 GMT

File type
gzip compressed data, from Unix
Size
77 kB (76969 bytes)
Hash
85605eaa2a0f231e99e45a596afdc06e
c46b448df80474def5dc122a54050020a7b6dd54
f98eee21866213827b0948454f31284095230fefc7a5ba07e3bc098b1c52caf4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /939b87343a3eb6ec5a1c3e8c8c6f7c47.js HTTP/1.1
Host: e9b729472c.39268ea911.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:24 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Thu, 09 May 2024 01:41:24 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
295c1ab534489dc31c4940823ae306a6
f64846d666665600e9b3191323707b0312ea2103
f71d58c2003e0da135fb8f57ef576b17eebe7916ced184c7bf99f603049eaddb

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 May 2024 01:36:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.amdahost.com/videos/1713402037_220228c6337210b3.mp4

104.21.40.89

206 Partial Content

1.0 MB

URL GET HTTP/3
www.amdahost.com/videos/1713402037_220228c6337210b3.mp4
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
data
Size
1.0 MB (1009253 bytes)
Hash
bc34792ce3f3de9fce8ac64151f5a839
9ada66fc8d8969a161f1230969d58c13d970a8d3
7357def740c2b9e8563baeb3ffa1b9203d71885c8184a237fcae1f91693161cb

HTTP Headers

GET /videos/1713402037_220228c6337210b3.mp4 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=39747584-
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Thu, 09 May 2024 01:36:25 GMT
content-type: video/mp4
content-length: 1009253
etag: "26de665-662070dd-8c2fb0;;;"
last-modified: Thu, 18 Apr 2024 01:01:17 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
content-range: bytes 39747584-40756836/40756837
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2FkGqmNITO7LUf5rYwsZli62rUzAu1OiZiLXRwVe4o8MJOfrDxlh%2Fw6uImX0rw537juALA3%2FYeu03MGKN4GizMo2Z6%2FiY5tlY4%2Brqh0dRJTRPsQKWZ1ZScOQQEatkzW%2BT8BI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df555edef5684-OSL
alt-svc: h3=":443"; ma=86400

storage.multstorage.com/log/count.html

172.67.174.51

200 OK

1.2 kB

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
172.67.174.51:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT

File type
HTML document, ASCII text, with very long lines (700)
Size
1.2 kB (1217 bytes)
Hash
b728ca9cd183d1b7c3f72116b19b22a3
c1fd73f6b02cf00b8bc60b09cc99495e8494b739
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:24 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: c78ace6a918e146b248c9003eac07546
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FZFQTO9%2FGWCpkvLm9LJEqpcbqKlZ6hSivCD3Bvp5rWauVitj%2Fj6odcxOucHiEBegCLzhALirg4eH%2F3XzjkDwkOZVHJpTwf%2BxT3zopRwx2HEtg6kylIxKal%2BDCbaCLzrPYgWjjkHdvE3qaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5581f89b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=88999959-f0d8-4709-b4fd-6ce6792de6d0&prev_step_diff=850

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=88999959-f0d8-4709-b4fd-6ce6792de6d0&prev_step_diff=850
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=88999959-f0d8-4709-b4fd-6ce6792de6d0&prev_step_diff=850 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:25 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Fri, 09 May 2025 01:36:25 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:25 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Fri, 09 May 2025 01:36:25 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

p.a64x.com/in/tip_shows/?katds_ep=HViHL4bvWc7UnmaHmutb-EJWeFEMNL8l4jHI8yMiyzYNCQkcuRr1Uc2x1MmDBa2oMXsZJbK3QxAMaLtYGSb_Bgb6pxSwP3fBz_AFQUZTx2YkM-u7OTKv1VaIzhLCPt8KS0fSdGAU2RZ_fo6_w_4U9ACkknTohD2_wPtAhTIxIfbO3nYytdidXReNwybEogOjVOBZde2LnE2ntIuAuAJDAwdT5qVK8ugBmzQNZXEdjrofs4F8aSe9c-sDU3_01WkOW7BzWw9KuxXnh1jp8H6QjaqBk0i0uQGycWD_P9_X4kRdNjYyyP4175Q4ZtkiekMiVzaLqQw1mFwzBCebUNA6LVf3ojQzGtQ_PODGaAQIEBjMglxP_WnotDWv44AREB5zXTrMrOD1S95tEIkxqMw2rNWoFibwRNFGkvuPTpVXdb9GBZkZP1_m-LiCICk38i9UxZW9NaTy8x8A-mn7u3-DgzODiHGdwPozaR7SMIzWhwaivVwZweMImpEsTxrtk2tr_YttJWDnCA2rOMzt2gcoPmn2uwT4u8-XED4GVkm5nBSBhcdkim2JGP1eZB3U0BDTSOnbHotlKhib87Pi70fx_oS1x3hfi7_8ol8smOofb2oudwR_hi3d_LywXer7BmhNp0iRlTxRVMCsAOIWbE40mH0QeTjXvtbqCOHca0aexCyha6mIixHIap_9GC20JBgI7WBs5-bomIfB7y0wj3ARJSBFvNceryg8K10F4_OBT_09-9srxlJPCjdRaoUtJD8yAZ-Wds4p_dlwyRmPgjbTo-Sdn6O6bKoiNSULuyBES6-nH6g6ZAnrRGilICEbMm1Uu7-JTJoyvvotIjKev5tAotdRYLCjyQhTHPt2GfNW--twKV__tfbTCQJ8ccis&bid=0.02844997486031586&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=5c747bc6-9f79-492a-8b85-28f862cdb0e3&prev_step_diff=850

172.67.185.171

302 Found

0 B

URL GET HTTP/2
p.a64x.com/in/tip_shows/?katds_ep=HViHL4bvWc7UnmaHmutb-EJWeFEMNL8l4jHI8yMiyzYNCQkcuRr1Uc2x1MmDBa2oMXsZJbK3QxAMaLtYGSb_Bgb6pxSwP3fBz_AFQUZTx2YkM-u7OTKv1VaIzhLCPt8KS0fSdGAU2RZ_fo6_w_4U9ACkknTohD2_wPtAhTIxIfbO3nYytdidXReNwybEogOjVOBZde2LnE2ntIuAuAJDAwdT5qVK8ugBmzQNZXEdjrofs4F8aSe9c-sDU3_01WkOW7BzWw9KuxXnh1jp8H6QjaqBk0i0uQGycWD_P9_X4kRdNjYyyP4175Q4ZtkiekMiVzaLqQw1mFwzBCebUNA6LVf3ojQzGtQ_PODGaAQIEBjMglxP_WnotDWv44AREB5zXTrMrOD1S95tEIkxqMw2rNWoFibwRNFGkvuPTpVXdb9GBZkZP1_m-LiCICk38i9UxZW9NaTy8x8A-mn7u3-DgzODiHGdwPozaR7SMIzWhwaivVwZweMImpEsTxrtk2tr_YttJWDnCA2rOMzt2gcoPmn2uwT4u8-XED4GVkm5nBSBhcdkim2JGP1eZB3U0BDTSOnbHotlKhib87Pi70fx_oS1x3hfi7_8ol8smOofb2oudwR_hi3d_LywXer7BmhNp0iRlTxRVMCsAOIWbE40mH0QeTjXvtbqCOHca0aexCyha6mIixHIap_9GC20JBgI7WBs5-bomIfB7y0wj3ARJSBFvNceryg8K10F4_OBT_09-9srxlJPCjdRaoUtJD8yAZ-Wds4p_dlwyRmPgjbTo-Sdn6O6bKoiNSULuyBES6-nH6g6ZAnrRGilICEbMm1Uu7-JTJoyvvotIjKev5tAotdRYLCjyQhTHPt2GfNW--twKV__tfbTCQJ8ccis&bid=0.02844997486031586&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=5c747bc6-9f79-492a-8b85-28f862cdb0e3&prev_step_diff=850
IP
172.67.185.171:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjecta64x.com
Fingerprint86:FD:2B:DD:CC:BD:8D:ED:C0:8D:41:81:C1:48:2D:45:D6:4F:67:88
ValidityTue, 19 Mar 2024 14:58:28 GMT - Mon, 17 Jun 2024 14:58:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/tip_shows/?katds_ep=HViHL4bvWc7UnmaHmutb-EJWeFEMNL8l4jHI8yMiyzYNCQkcuRr1Uc2x1MmDBa2oMXsZJbK3QxAMaLtYGSb_Bgb6pxSwP3fBz_AFQUZTx2YkM-u7OTKv1VaIzhLCPt8KS0fSdGAU2RZ_fo6_w_4U9ACkknTohD2_wPtAhTIxIfbO3nYytdidXReNwybEogOjVOBZde2LnE2ntIuAuAJDAwdT5qVK8ugBmzQNZXEdjrofs4F8aSe9c-sDU3_01WkOW7BzWw9KuxXnh1jp8H6QjaqBk0i0uQGycWD_P9_X4kRdNjYyyP4175Q4ZtkiekMiVzaLqQw1mFwzBCebUNA6LVf3ojQzGtQ_PODGaAQIEBjMglxP_WnotDWv44AREB5zXTrMrOD1S95tEIkxqMw2rNWoFibwRNFGkvuPTpVXdb9GBZkZP1_m-LiCICk38i9UxZW9NaTy8x8A-mn7u3-DgzODiHGdwPozaR7SMIzWhwaivVwZweMImpEsTxrtk2tr_YttJWDnCA2rOMzt2gcoPmn2uwT4u8-XED4GVkm5nBSBhcdkim2JGP1eZB3U0BDTSOnbHotlKhib87Pi70fx_oS1x3hfi7_8ol8smOofb2oudwR_hi3d_LywXer7BmhNp0iRlTxRVMCsAOIWbE40mH0QeTjXvtbqCOHca0aexCyha6mIixHIap_9GC20JBgI7WBs5-bomIfB7y0wj3ARJSBFvNceryg8K10F4_OBT_09-9srxlJPCjdRaoUtJD8yAZ-Wds4p_dlwyRmPgjbTo-Sdn6O6bKoiNSULuyBES6-nH6g6ZAnrRGilICEbMm1Uu7-JTJoyvvotIjKev5tAotdRYLCjyQhTHPt2GfNW--twKV__tfbTCQJ8ccis&bid=0.02844997486031586&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=5c747bc6-9f79-492a-8b85-28f862cdb0e3&prev_step_diff=850 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 09 May 2024 01:36:25 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZyhGsFVMR84Djjf5%2Fe2C03NSVkt4cf6jhQiHUgC2%2F0Fg98na4hwcFIr4W0RckXRmccB2twlHH6BdYB33h654iUizQ3aADGFrFHwhGTFDzDacm4q7Pas30Jc0NoaP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df560bcd656b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mpougdusr.com/chicken.gif?z=2020090&pb=e4cef2918c25997e58927f895f2764a61715225783&psp=ZF5l1rWwB7YLMkkmDWm-pfr7ccN3V55-omNqgKcwD9flULNmziGHqp_INuPaRZYYfNTlsVP6-S7yis1Ks6CXg-asse22z_aSB2AVm0ekKFXmlc5GhHw70jI1uLVJpOpebFkghv_-DKtSkOzi7dmrcDkjD4_Gxi8CdiywOlXwEFuea9vLAFNRgGjL0x48mNmWUvgzKgCCbQnI38feBoLwPFfJTniw_6PL9p4KiKi99kFOdIJeaZv7uaQ8DRg71DIyHs1qPa-vdIGvdzy0ckBSW2txWKeCOI2CCLetxJUzCkb0b7naiWWuNyARIkflu174wrHIJTfLgt3M5Qj_2eR6q-E8EoByFODlHoUzzOjxRZmCdiv2Z6pmwW6vfqGGa3h3rxyil7mC-bomx-HTjywXC0GQz8yysmVbOyDzLW9Wbqsc50eSc9fBcTss3EcttDdBpfM5Gkyu4_R6bpXaLPS7lwVEZ_yM2xvZF5xbxTEkscZzpdFAMVn80qw8HeG2XbsAdWhk4PyYqfhVkjNMPW04n-qjYKVzlzvua7IvI0feeEca5w2TS3gebIa3eEUgivcOPrq6IXPpIZDtz5yvct4G429adtUgqFgh1xViR3NsBJZoOtewHy5FNYp0nVFXOgDDRpagmMsg0cMOun7FTyBXDYC_TmHS_DK8VKGAcFwUjP7D6dRX1OUhb2EdL_1OpTJSWRB3fRsCp8m40me0dpdlO78awC585yyQghcpRwqBWxEUsao7aQhf76XsI6y7iEqexcXPvQQ1dY-SsQp_hSQDzdPCjko5I6cfswsbuv3z19HRAZfDGEBh9t4i_vKgB5K-czZUVB7aH98mYzRRo4xtkiHF39vyzfPYb26Z4PfDMaTkyFmPSGCfmp1ewGBszMeMV0qcK-usiwsUTK2jeXpgRKlIN8CufD-0OV38-f8KbVaPaNfG2sN0iPg_VEYjq2RTmeVHk4Xt6oSZnFhNEWPhiOgcxmrdOIet8rA4gW0aFzXIFARAzsZtU83-80qvVRmb1fRXieLh8ddVTQciJnuFVfBOwqHuUx37D_2WL_-XQwHNyH1iiccAZLIbKaVCBqGFXSWOQajXhZx8ecEP8833mwu89yMUV21N0gmLo0YrSJQTmsK49O6RUvHj0RSq3DGVWXrmRaHcW28mSnkzBa7COGUygnaNaN0IqYGZQLHpreZ22jnH0zt2UxGOqurzGlBzaNZb0T_SB_ZLzRmvt0rewkc7vEiopIspjKqSSKzJST0v-VqrnF7BUQttjhZebuGYOG7rr5pCMUa8vAnisLzS1-v1h7NHBLQ7XKWGlkdaYzzLshSklf__wQgo0hkGb6-SFykaln-_LQe-5isEnt-A1I5PdbXkk6_fxnL55T1Y7ohfkwRG1mgedtwbxI7CjGjgQq8vsvO8Wp2GvNdZsNnTYJt_HwJddtUnVVso87nNYWXBYMyShkgLtzPx2XSlDbWDW6hQjSeMGyadE7C-ssiz-5NPWzivm7V9cQrqCrcl4RUZCesxUaH5t2840t2lmUP7e7KxN8SvrWkrg8MCb8sr1qg7cNinOstVka2NU7TmVTyNNQgUsaUTdMAgh2uXgAn2BZxsCzNl8R2ErTrs0HO28QhvC228Qa8EnEDn0e8raicQ7VM7QH2QTCrfyhLpDK2HRL4epxqCcWazSMQKX4--oBuk9XmYiQ3iEHp0IjGgMIIYu_0MiA9IafsKM93kkjAFYhaVrXOhDpVsYD2uY5fz56y6SCoSnW9ZzfLhqlqSTLDfSx1sHgGz7ezN5Q==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5460433122569216&eclog=0&im=1

212.117.190.201

200 OK

43 B

URL GET HTTP/2
mpougdusr.com/chicken.gif?z=2020090&pb=e4cef2918c25997e58927f895f2764a61715225783&psp=ZF5l1rWwB7YLMkkmDWm-pfr7ccN3V55-omNqgKcwD9flULNmziGHqp_INuPaRZYYfNTlsVP6-S7yis1Ks6CXg-asse22z_aSB2AVm0ekKFXmlc5GhHw70jI1uLVJpOpebFkghv_-DKtSkOzi7dmrcDkjD4_Gxi8CdiywOlXwEFuea9vLAFNRgGjL0x48mNmWUvgzKgCCbQnI38feBoLwPFfJTniw_6PL9p4KiKi99kFOdIJeaZv7uaQ8DRg71DIyHs1qPa-vdIGvdzy0ckBSW2txWKeCOI2CCLetxJUzCkb0b7naiWWuNyARIkflu174wrHIJTfLgt3M5Qj_2eR6q-E8EoByFODlHoUzzOjxRZmCdiv2Z6pmwW6vfqGGa3h3rxyil7mC-bomx-HTjywXC0GQz8yysmVbOyDzLW9Wbqsc50eSc9fBcTss3EcttDdBpfM5Gkyu4_R6bpXaLPS7lwVEZ_yM2xvZF5xbxTEkscZzpdFAMVn80qw8HeG2XbsAdWhk4PyYqfhVkjNMPW04n-qjYKVzlzvua7IvI0feeEca5w2TS3gebIa3eEUgivcOPrq6IXPpIZDtz5yvct4G429adtUgqFgh1xViR3NsBJZoOtewHy5FNYp0nVFXOgDDRpagmMsg0cMOun7FTyBXDYC_TmHS_DK8VKGAcFwUjP7D6dRX1OUhb2EdL_1OpTJSWRB3fRsCp8m40me0dpdlO78awC585yyQghcpRwqBWxEUsao7aQhf76XsI6y7iEqexcXPvQQ1dY-SsQp_hSQDzdPCjko5I6cfswsbuv3z19HRAZfDGEBh9t4i_vKgB5K-czZUVB7aH98mYzRRo4xtkiHF39vyzfPYb26Z4PfDMaTkyFmPSGCfmp1ewGBszMeMV0qcK-usiwsUTK2jeXpgRKlIN8CufD-0OV38-f8KbVaPaNfG2sN0iPg_VEYjq2RTmeVHk4Xt6oSZnFhNEWPhiOgcxmrdOIet8rA4gW0aFzXIFARAzsZtU83-80qvVRmb1fRXieLh8ddVTQciJnuFVfBOwqHuUx37D_2WL_-XQwHNyH1iiccAZLIbKaVCBqGFXSWOQajXhZx8ecEP8833mwu89yMUV21N0gmLo0YrSJQTmsK49O6RUvHj0RSq3DGVWXrmRaHcW28mSnkzBa7COGUygnaNaN0IqYGZQLHpreZ22jnH0zt2UxGOqurzGlBzaNZb0T_SB_ZLzRmvt0rewkc7vEiopIspjKqSSKzJST0v-VqrnF7BUQttjhZebuGYOG7rr5pCMUa8vAnisLzS1-v1h7NHBLQ7XKWGlkdaYzzLshSklf__wQgo0hkGb6-SFykaln-_LQe-5isEnt-A1I5PdbXkk6_fxnL55T1Y7ohfkwRG1mgedtwbxI7CjGjgQq8vsvO8Wp2GvNdZsNnTYJt_HwJddtUnVVso87nNYWXBYMyShkgLtzPx2XSlDbWDW6hQjSeMGyadE7C-ssiz-5NPWzivm7V9cQrqCrcl4RUZCesxUaH5t2840t2lmUP7e7KxN8SvrWkrg8MCb8sr1qg7cNinOstVka2NU7TmVTyNNQgUsaUTdMAgh2uXgAn2BZxsCzNl8R2ErTrs0HO28QhvC228Qa8EnEDn0e8raicQ7VM7QH2QTCrfyhLpDK2HRL4epxqCcWazSMQKX4--oBuk9XmYiQ3iEHp0IjGgMIIYu_0MiA9IafsKM93kkjAFYhaVrXOhDpVsYD2uY5fz56y6SCoSnW9ZzfLhqlqSTLDfSx1sHgGz7ezN5Q==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5460433122569216&eclog=0&im=1
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66
ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

GET /chicken.gif?z=2020090&pb=e4cef2918c25997e58927f895f2764a61715225783&psp=ZF5l1rWwB7YLMkkmDWm-pfr7ccN3V55-omNqgKcwD9flULNmziGHqp_INuPaRZYYfNTlsVP6-S7yis1Ks6CXg-asse22z_aSB2AVm0ekKFXmlc5GhHw70jI1uLVJpOpebFkghv_-DKtSkOzi7dmrcDkjD4_Gxi8CdiywOlXwEFuea9vLAFNRgGjL0x48mNmWUvgzKgCCbQnI38feBoLwPFfJTniw_6PL9p4KiKi99kFOdIJeaZv7uaQ8DRg71DIyHs1qPa-vdIGvdzy0ckBSW2txWKeCOI2CCLetxJUzCkb0b7naiWWuNyARIkflu174wrHIJTfLgt3M5Qj_2eR6q-E8EoByFODlHoUzzOjxRZmCdiv2Z6pmwW6vfqGGa3h3rxyil7mC-bomx-HTjywXC0GQz8yysmVbOyDzLW9Wbqsc50eSc9fBcTss3EcttDdBpfM5Gkyu4_R6bpXaLPS7lwVEZ_yM2xvZF5xbxTEkscZzpdFAMVn80qw8HeG2XbsAdWhk4PyYqfhVkjNMPW04n-qjYKVzlzvua7IvI0feeEca5w2TS3gebIa3eEUgivcOPrq6IXPpIZDtz5yvct4G429adtUgqFgh1xViR3NsBJZoOtewHy5FNYp0nVFXOgDDRpagmMsg0cMOun7FTyBXDYC_TmHS_DK8VKGAcFwUjP7D6dRX1OUhb2EdL_1OpTJSWRB3fRsCp8m40me0dpdlO78awC585yyQghcpRwqBWxEUsao7aQhf76XsI6y7iEqexcXPvQQ1dY-SsQp_hSQDzdPCjko5I6cfswsbuv3z19HRAZfDGEBh9t4i_vKgB5K-czZUVB7aH98mYzRRo4xtkiHF39vyzfPYb26Z4PfDMaTkyFmPSGCfmp1ewGBszMeMV0qcK-usiwsUTK2jeXpgRKlIN8CufD-0OV38-f8KbVaPaNfG2sN0iPg_VEYjq2RTmeVHk4Xt6oSZnFhNEWPhiOgcxmrdOIet8rA4gW0aFzXIFARAzsZtU83-80qvVRmb1fRXieLh8ddVTQciJnuFVfBOwqHuUx37D_2WL_-XQwHNyH1iiccAZLIbKaVCBqGFXSWOQajXhZx8ecEP8833mwu89yMUV21N0gmLo0YrSJQTmsK49O6RUvHj0RSq3DGVWXrmRaHcW28mSnkzBa7COGUygnaNaN0IqYGZQLHpreZ22jnH0zt2UxGOqurzGlBzaNZb0T_SB_ZLzRmvt0rewkc7vEiopIspjKqSSKzJST0v-VqrnF7BUQttjhZebuGYOG7rr5pCMUa8vAnisLzS1-v1h7NHBLQ7XKWGlkdaYzzLshSklf__wQgo0hkGb6-SFykaln-_LQe-5isEnt-A1I5PdbXkk6_fxnL55T1Y7ohfkwRG1mgedtwbxI7CjGjgQq8vsvO8Wp2GvNdZsNnTYJt_HwJddtUnVVso87nNYWXBYMyShkgLtzPx2XSlDbWDW6hQjSeMGyadE7C-ssiz-5NPWzivm7V9cQrqCrcl4RUZCesxUaH5t2840t2lmUP7e7KxN8SvrWkrg8MCb8sr1qg7cNinOstVka2NU7TmVTyNNQgUsaUTdMAgh2uXgAn2BZxsCzNl8R2ErTrs0HO28QhvC228Qa8EnEDn0e8raicQ7VM7QH2QTCrfyhLpDK2HRL4epxqCcWazSMQKX4--oBuk9XmYiQ3iEHp0IjGgMIIYu_0MiA9IafsKM93kkjAFYhaVrXOhDpVsYD2uY5fz56y6SCoSnW9ZzfLhqlqSTLDfSx1sHgGz7ezN5Q==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5460433122569216&eclog=0&im=1 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=24050820363c9666b78772448c97a62f53c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:25 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777156/conversions/3b69WTpe-minify.jpg

45.133.44.24

200 OK

10 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777156/conversions/3b69WTpe-minify.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3
Size
10 kB (10147 bytes)
Hash
d27321438be78f72c18f84cecb85c11e
31084685ba871245f90f4ac23949bc4aa37ce39b
d08796c038822a8e5b0b8f249dda868ce114459c911091b0969acf32df501b98

HTTP Headers

GET /m/p/0/777/777156/conversions/3b69WTpe-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:25 GMT
content-type: image/jpeg
content-length: 10147
server: nginx
last-modified: Tue, 09 Apr 2024 19:44:54 GMT
etag: "66159ab6-27a3"
x-request-id: a42fb51f65ac1ae8733899620e4ac07b
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg

45.133.44.24

200 OK

3.0 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3
Size
3.0 kB (2972 bytes)
Hash
bbd50a964fd18363b647225883bbb908
960383ba8379454c49adc0ed9c0faf681a898d61
58deb046cbfa7bfae5ed5290686bda50b55be2bf0ea62f1577ca135a8fdeb10e

HTTP Headers

GET /m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:25 GMT
content-type: image/jpeg
content-length: 2972
server: nginx
last-modified: Tue, 09 Apr 2024 19:44:46 GMT
etag: "66159aae-b9c"
x-request-id: bcbe6ea9e5034af8477860eea5b5ead2
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=70343a7c-b323-43ca-bc0d-5f3ba9487ea2&subid=308553955&spot_id=529502&created_at=2024-05-09&timezone=0&ver=1.141.0

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=70343a7c-b323-43ca-bc0d-5f3ba9487ea2&subid=308553955&spot_id=529502&created_at=2024-05-09&timezone=0&ver=1.141.0
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=70343a7c-b323-43ca-bc0d-5f3ba9487ea2&subid=308553955&spot_id=529502&created_at=2024-05-09&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:26 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=55c2d0ed-9d6d-4ded-9290-8264b9d73d73&subid=14364679&spot_id=560192&created_at=2024-05-09&timezone=0&ver=1.141.0

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=55c2d0ed-9d6d-4ded-9290-8264b9d73d73&subid=14364679&spot_id=560192&created_at=2024-05-09&timezone=0&ver=1.141.0
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=55c2d0ed-9d6d-4ded-9290-8264b9d73d73&subid=14364679&spot_id=560192&created_at=2024-05-09&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:26 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

1.5 kB

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type
data
Size
1.5 kB (1472 bytes)
Hash
3bef3eda710f46fdf5cba0f93a6ae99e
0d75caf43cbe12d7fce7cfb86e81da733b84f935
9b2e9746cdc2c564afd2f23dc73afb5155d07438a70981bee754998c8cca9d3e

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
date: Thu, 09 May 2024 01:36:25 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJF%2FOns43JMWlAPlOD8TadHVNUsuehBNf9BY%2FUtGuuFa1L8fwH81929x0JIJgO85M9waxQH2Wg1Jsiz6GDeEx6pTnBwNSxBWtqz%2BRIiGkZozo2j32LGsKTq8uhh%2FzNCsLKWJBabfyBfZaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df55fec370b45-OSL
alt-svc: h3=":443"; ma=86400

mcpuwpsh.com/get/

94.130.197.240

200 OK

6.7 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
6.7 kB (6716 bytes)
Hash
40a114a833920aa40aab1749f291f885
7ae7aecfb44b0482db9ea87cf1af950c8cd876d1
f121371792f24c58c065349b22d972afed398aa7cfb36ce9ace23155abd00754

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1469
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Thu, 09 May 2024 01:36:26 GMT
content-type: application/json
content-length: 6716
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mcpuwpsh.com/get/

94.130.197.240

200 OK

6.7 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
6.7 kB (6721 bytes)
Hash
0f415bbc5878cf30f934d0e982df86b4
6d4c0fd1c9a9ab2e0410fa0919ebc02cdbf14c22
47883fbd246a2dfd98816d6b720830734060b8ca8d2b86f9daacd2223c34a3dc

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1470
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Thu, 09 May 2024 01:36:26 GMT
content-type: application/json
content-length: 6721
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/rum?

104.21.40.89

204 No Content

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/rum?
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1082
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a; cf_clearance=rkiZfgsCCjM3i0R2kHCeotMzLoE34ySZ9gVvAjVWBOQ-1715218583-1.0.1.1-jADs3UxfOr2ge1710cu8TwAE1Jv2z4qWpgjaRiS.sV4035AFLhY.nxhrsjSBFzAuDKQkKFMPYLKXBqmrSzvkHA; prefetchAd_7446033=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Thu, 09 May 2024 01:36:26 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 880df5659f755684-OSL
x-frame-options: DENY
x-content-type-options: nosniff

nereserv.com/in/dip?site=native-push&wl=1&event_id=bfe5f099-4260-49d8-b915-8e71d7a2991e&subid=1511354673&sid=2708905530&spot_id=529500&created_at=2024-05-09&timezone=0&ver=8.159.0&is_native=1

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=bfe5f099-4260-49d8-b915-8e71d7a2991e&subid=1511354673&sid=2708905530&spot_id=529500&created_at=2024-05-09&timezone=0&ver=8.159.0&is_native=1
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=bfe5f099-4260-49d8-b915-8e71d7a2991e&subid=1511354673&sid=2708905530&spot_id=529500&created_at=2024-05-09&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:29 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

e859321004.6423f6c6c4.com/in/multy

94.130.198.6

200 OK

0 B

URL POST HTTP/2
e859321004.6423f6c6c4.com/in/multy
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subject6423f6c6c4.com
Fingerprint2F:36:6C:E2:70:8D:26:9A:96:36:8B:43:26:81:52:60:C6:18:7B:31
ValiditySun, 05 May 2024 14:01:56 GMT - Sat, 03 Aug 2024 14:01:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: e859321004.6423f6c6c4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:29 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

e859321004.6423f6c6c4.com/in/multy

94.130.198.6

200 OK

8.7 kB

URL POST HTTP/2
e859321004.6423f6c6c4.com/in/multy
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subject6423f6c6c4.com
Fingerprint2F:36:6C:E2:70:8D:26:9A:96:36:8B:43:26:81:52:60:C6:18:7B:31
ValiditySun, 05 May 2024 14:01:56 GMT - Sat, 03 Aug 2024 14:01:55 GMT

File type
JSON text data
Size
8.7 kB (8727 bytes)
Hash
d03d5dafa379caf0625600c2a28f238c
3b70e5e15e674e1c20045e8c94e39e43032abe9b
bb76a09b71ef339ab140c4b5b024ed0966855e04e8d9f97d3752a241f2da7a6d

HTTP Headers

POST /in/multy HTTP/1.1
Host: e859321004.6423f6c6c4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2452
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:30 GMT
content-type: application/json
content-length: 8727
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=93b10a8a-0334-4b1f-86bb-c2e461cea5b4&prev_step_diff=815

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=93b10a8a-0334-4b1f-86bb-c2e461cea5b4&prev_step_diff=815
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=93b10a8a-0334-4b1f-86bb-c2e461cea5b4&prev_step_diff=815 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:30 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Fri, 09 May 2025 01:36:30 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

e859321004.6423f6c6c4.com/in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218589&subid=1511354673&sid=2708905530&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=mature,adult,milf&user_fp=10525439425521361963&score=66.00749589809814&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3186575&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYbMGrUKDMmRo0WY2rYuNGCBo0ZOVrkKCOGTAscNmzMuJHDDJkYOMzIEOFwjBuFOmLkgIHDYZg6YzDagGEjRwwZOWrMiDHDhgwYQGl8JSpCTBoyUqlaxaqVq1ewOMTCIGvQzkIZM2jYaJqxjpiJMvTacArnoo6dOGQ0FDEHjkQdLqvuHSyiDB46Xxo_FiGyBlsYc4u2MVwDRt6tTsmYWbhYjBs3C7firHGjhsM2bjxCpsFUhkM4uHXfiEEVhsM6MTCioWNxjo4XL868cYE7TOM2Lsa8afNiTpswcixufEGyhpiqZmyMgTE8zIwxPvGGoWEmBo0wN2aUwUF1DA0xeoXh00z5hUGVQQCWIUNONIhEBhk3DGeGGT_UMQdCSZDRA0g5CDjGDDiUoZUZNNEGIlY2mPESDkGNUdsNYryYWA4NkmFDGCP5ROJ-Yuwn0hg4kSEDGWBxUQdoC7ZRRhs9ypFhDzWwgUMRRMiAkxpRtKGGFnegMRoaecRgRRA0CGFFEzCIwWJgeuUwWQ4yLHiDDWnQEUQRdZChxBJ2KDEEFjXNgccRc-RhwxJwwKDGHXWc8QUMMqCRRhhaWCGFGUtE8UYSVWiRhhBZ0ECGHHUMEUYSZThBAxRCRGHEG1YkEcUaRUxxBRFNMAFDFjbUMIeNRNrwRBRNkKEGE2JUGgMZS1xBhhg1RIFEFTNAMcYQU-BBRRZB5EDFGHo4gQcZM3xxRhVJECFFFWkYiaQNc7xRhxxjlPFkZG7i5C6kNsAhQw845MBiDjfsuyAcMfTgxBMG9ztDD2SRsR1GdqiBx8XZTVxUGI9tsVUXv9G7EAwugEZVUcB9AYfIOpDclUNy2GEYbw6RBNzILlBWRx1pYKQYU0uJNENoIqRhmAhWubCUC2K5YBINZNURBkZNvKFHGmywEcYLNZQMAgpYxBDDDiAwkYYbdeABAh44fWEDDWTHrIObJacAwhEkrfHGC18RBxZYIBiRhhxlmPEGHi_QTfQYUekgwsJkvSHHF4xjBLlDbDQuQhFORFyGHV8QzsZEtN2AQ1f8GSeCHGfApoMMNeCw2EGgiyHHQiw6RPsXbbyB1us4USTCqG_E5tAbSPmWkRyH57GQbYzFjBHzdHAseQt1uFFnCyG5QIaLkc8hPWSg5RC0lTnorvlBX3x_A1l0tDHRcJ4BFXv6IsQ_VFL0y2B_wKabQWpCV4bGfIFj8zOJ_3Bwv5qBLgxsQAgdkOKxGoDsIWLYzEHM8BQ2SOQ3mRtZUXQDgz4oICA%25253D%2526s%253Da246c7ce7fd7e4724016d000259d47883444494353f322bbeb35b28fbb34c30e1715218589%2526ev%253D0.0007284484180660485&icons=oVdZjS0XM_85Y26oEUhE00xxTfAc2aWtGZOiAplOs8YXZcziHd144FxbTGNJOH0ZOvidAO5jO9NgkxlzH_nDHIJVic03mPMkuIh6ed5HJwXjMTEItrcGqJO62zmoivJAGklcVdFIDKW7EWUQ7jKCC5fm5h6YqgWq-e_dPTdH0yrkby1o8Q&ext_cid=503431&px_id=55529500&min_cpm=0.01573297624336781&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=6069129531362018420&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003303477013401336&cpm=0&verify_hash=9b9d4d397844cae9e361e2e262e7b312&is_native=2&real_bid=0.0002559240031242384&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=503431&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=237d8166-9a95-41df-af56-f0f6cce74583&prev_step_diff=815

94.130.198.6

200 OK

0 B

URL GET HTTP/2
e859321004.6423f6c6c4.com/in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218589&subid=1511354673&sid=2708905530&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=mature,adult,milf&user_fp=10525439425521361963&score=66.00749589809814&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3186575&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYbMGrUKDMmRo0WY2rYuNGCBo0ZOVrkKCOGTAscNmzMuJHDDJkYOMzIEOFwjBuFOmLkgIHDYZg6YzDagGEjRwwZOWrMiDHDhgwYQGl8JSpCTBoyUqlaxaqVq1ewOMTCIGvQzkIZM2jYaJqxjpiJMvTacArnoo6dOGQ0FDEHjkQdLqvuHSyiDB46Xxo_FiGyBlsYc4u2MVwDRt6tTsmYWbhYjBs3C7firHGjhsM2bjxCpsFUhkM4uHXfiEEVhsM6MTCioWNxjo4XL868cYE7TOM2Lsa8afNiTpswcixufEGyhpiqZmyMgTE8zIwxPvGGoWEmBo0wN2aUwUF1DA0xeoXh00z5hUGVQQCWIUNONIhEBhk3DGeGGT_UMQdCSZDRA0g5CDjGDDiUoZUZNNEGIlY2mPESDkGNUdsNYryYWA4NkmFDGCP5ROJ-Yuwn0hg4kSEDGWBxUQdoC7ZRRhs9ypFhDzWwgUMRRMiAkxpRtKGGFnegMRoaecRgRRA0CGFFEzCIwWJgeuUwWQ4yLHiDDWnQEUQRdZChxBJ2KDEEFjXNgccRc-RhwxJwwKDGHXWc8QUMMqCRRhhaWCGFGUtE8UYSVWiRhhBZ0ECGHHUMEUYSZThBAxRCRGHEG1YkEcUaRUxxBRFNMAFDFjbUMIeNRNrwRBRNkKEGE2JUGgMZS1xBhhg1RIFEFTNAMcYQU-BBRRZB5EDFGHo4gQcZM3xxRhVJECFFFWkYiaQNc7xRhxxjlPFkZG7i5C6kNsAhQw845MBiDjfsuyAcMfTgxBMG9ztDD2SRsR1GdqiBx8XZTVxUGI9tsVUXv9G7EAwugEZVUcB9AYfIOpDclUNy2GEYbw6RBNzILlBWRx1pYKQYU0uJNENoIqRhmAhWubCUC2K5YBINZNURBkZNvKFHGmywEcYLNZQMAgpYxBDDDiAwkYYbdeABAh44fWEDDWTHrIObJacAwhEkrfHGC18RBxZYIBiRhhxlmPEGHi_QTfQYUekgwsJkvSHHF4xjBLlDbDQuQhFORFyGHV8QzsZEtN2AQ1f8GSeCHGfApoMMNeCw2EGgiyHHQiw6RPsXbbyB1us4USTCqG_E5tAbSPmWkRyH57GQbYzFjBHzdHAseQt1uFFnCyG5QIaLkc8hPWSg5RC0lTnorvlBX3x_A1l0tDHRcJ4BFXv6IsQ_VFL0y2B_wKabQWpCV4bGfIFj8zOJ_3Bwv5qBLgxsQAgdkOKxGoDsIWLYzEHM8BQ2SOQ3mRtZUXQDgz4oICA%25253D%2526s%253Da246c7ce7fd7e4724016d000259d47883444494353f322bbeb35b28fbb34c30e1715218589%2526ev%253D0.0007284484180660485&icons=oVdZjS0XM_85Y26oEUhE00xxTfAc2aWtGZOiAplOs8YXZcziHd144FxbTGNJOH0ZOvidAO5jO9NgkxlzH_nDHIJVic03mPMkuIh6ed5HJwXjMTEItrcGqJO62zmoivJAGklcVdFIDKW7EWUQ7jKCC5fm5h6YqgWq-e_dPTdH0yrkby1o8Q&ext_cid=503431&px_id=55529500&min_cpm=0.01573297624336781&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=6069129531362018420&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003303477013401336&cpm=0&verify_hash=9b9d4d397844cae9e361e2e262e7b312&is_native=2&real_bid=0.0002559240031242384&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=503431&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=237d8166-9a95-41df-af56-f0f6cce74583&prev_step_diff=815
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subject6423f6c6c4.com
Fingerprint2F:36:6C:E2:70:8D:26:9A:96:36:8B:43:26:81:52:60:C6:18:7B:31
ValiditySun, 05 May 2024 14:01:56 GMT - Sat, 03 Aug 2024 14:01:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218589&subid=1511354673&sid=2708905530&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=mature,adult,milf&user_fp=10525439425521361963&score=66.00749589809814&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3186575&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYbMGrUKDMmRo0WY2rYuNGCBo0ZOVrkKCOGTAscNmzMuJHDDJkYOMzIEOFwjBuFOmLkgIHDYZg6YzDagGEjRwwZOWrMiDHDhgwYQGl8JSpCTBoyUqlaxaqVq1ewOMTCIGvQzkIZM2jYaJqxjpiJMvTacArnoo6dOGQ0FDEHjkQdLqvuHSyiDB46Xxo_FiGyBlsYc4u2MVwDRt6tTsmYWbhYjBs3C7firHGjhsM2bjxCpsFUhkM4uHXfiEEVhsM6MTCioWNxjo4XL868cYE7TOM2Lsa8afNiTpswcixufEGyhpiqZmyMgTE8zIwxPvGGoWEmBo0wN2aUwUF1DA0xeoXh00z5hUGVQQCWIUNONIhEBhk3DGeGGT_UMQdCSZDRA0g5CDjGDDiUoZUZNNEGIlY2mPESDkGNUdsNYryYWA4NkmFDGCP5ROJ-Yuwn0hg4kSEDGWBxUQdoC7ZRRhs9ypFhDzWwgUMRRMiAkxpRtKGGFnegMRoaecRgRRA0CGFFEzCIwWJgeuUwWQ4yLHiDDWnQEUQRdZChxBJ2KDEEFjXNgccRc-RhwxJwwKDGHXWc8QUMMqCRRhhaWCGFGUtE8UYSVWiRhhBZ0ECGHHUMEUYSZThBAxRCRGHEG1YkEcUaRUxxBRFNMAFDFjbUMIeNRNrwRBRNkKEGE2JUGgMZS1xBhhg1RIFEFTNAMcYQU-BBRRZB5EDFGHo4gQcZM3xxRhVJECFFFWkYiaQNc7xRhxxjlPFkZG7i5C6kNsAhQw845MBiDjfsuyAcMfTgxBMG9ztDD2SRsR1GdqiBx8XZTVxUGI9tsVUXv9G7EAwugEZVUcB9AYfIOpDclUNy2GEYbw6RBNzILlBWRx1pYKQYU0uJNENoIqRhmAhWubCUC2K5YBINZNURBkZNvKFHGmywEcYLNZQMAgpYxBDDDiAwkYYbdeABAh44fWEDDWTHrIObJacAwhEkrfHGC18RBxZYIBiRhhxlmPEGHi_QTfQYUekgwsJkvSHHF4xjBLlDbDQuQhFORFyGHV8QzsZEtN2AQ1f8GSeCHGfApoMMNeCw2EGgiyHHQiw6RPsXbbyB1us4USTCqG_E5tAbSPmWkRyH57GQbYzFjBHzdHAseQt1uFFnCyG5QIaLkc8hPWSg5RC0lTnorvlBX3x_A1l0tDHRcJ4BFXv6IsQ_VFL0y2B_wKabQWpCV4bGfIFj8zOJ_3Bwv5qBLgxsQAgdkOKxGoDsIWLYzEHM8BQ2SOQ3mRtZUXQDgz4oICA%25253D%2526s%253Da246c7ce7fd7e4724016d000259d47883444494353f322bbeb35b28fbb34c30e1715218589%2526ev%253D0.0007284484180660485&icons=oVdZjS0XM_85Y26oEUhE00xxTfAc2aWtGZOiAplOs8YXZcziHd144FxbTGNJOH0ZOvidAO5jO9NgkxlzH_nDHIJVic03mPMkuIh6ed5HJwXjMTEItrcGqJO62zmoivJAGklcVdFIDKW7EWUQ7jKCC5fm5h6YqgWq-e_dPTdH0yrkby1o8Q&ext_cid=503431&px_id=55529500&min_cpm=0.01573297624336781&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=6069129531362018420&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003303477013401336&cpm=0&verify_hash=9b9d4d397844cae9e361e2e262e7b312&is_native=2&real_bid=0.0002559240031242384&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=503431&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=237d8166-9a95-41df-af56-f0f6cce74583&prev_step_diff=815 HTTP/1.1
Host: e859321004.6423f6c6c4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:30 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

e859321004.6423f6c6c4.com/in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218589&subid=1511354673&sid=2708905530&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=mature,adult,milf&user_fp=10525439425521361963&score=66.00749589809814&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DtNFQWCaWY8d1JC_09s-7hbTPPo3EOk1jru31z94BG0L2bqn-GRv_lk-HHpa2WK_CGXlagiI8iKL3o4_RRRhzR-hRIZOZIkVvUbm2VmUuGQ4Pw3KXZPRUhMgV-wJHYqzbNwk-t1dexKdaPpy6vE4xskGrZ0AkXyjm5YgiJoQR_nwDrMymSbjgP4-QjkJ_Vm-WynAPY3eGvhjjvPUQfAbT6Dz4JX8OtXop_b5kuOFkLLMEsT97ou392elqvyT-fjjZRfDZffgXu-lBd10ueU1MBuHUts2CMEbd39_L_Pwhv3guLKWGU_CxSAn2xxeleUS5R02zm7CiBdc5bF2xVV54BzxzuveYMaXfyc6y1MIBRPiquI8gyMD6LO_WBV2rS9W-RAroUSAArPrc91HQ9V0-dalKaDh3eqvIYEg0KTykrbfEW7a6QBuYtgz7TChWeQ-JRDy9eOIHqhHbB6hnFFH64yGZMQBtkMpjvpLV0kiXt-O-RWeoGThDnNVM5NPYRl1PrKWD6VLjzWnFhKCcue7_5wWyaR7QpFsnP3nP9Cx5o-G714Dd2DgHMl4ZDcDpiTBIYGQFlVIAUM-ibj_qv8f8Nn2HRoA_RmFRW10q0aZM6FDGSSbKcaEqsIVKU2Kn4OGSM0vQsTyQmu7cJ-CuKm9bdCEpCQPk5WE7aA899A2TyIi3B_jRmE7HPrAVnTYQZQibvD2VHoSKGwrZ8thirnshVtYxzc4QfI3ZKbikI6xqEuqcEJmH9SVnFTDTj2EmMYoUTge7JHyF45B_bB6-MR-wFTUypfQ8g9KRDp7O9d93J2XcC2MFWsQtPxDrmuET2a3GMrBk5HdcuEJe6r1WvzSO0uz4l8OuA0yeA2WwlORNazn7gFIBm-gGz4zbL9_I_49IYrZ2vd_f0mf8DBgjlNK8ItEOjhOTROuumjkdiWbEExIwxajCjlY7ALqry1nSZfHAoSIlSX-UvFWvWtcKu9JQxq1nnVsgmSfpYYIxV_sKZHL-VMZMkJUHBD0QvTAMpc3XMjFF9X9Mz2f1k-8-6wkDpxtr3WFGrcLskFTP-ZWOBd1Str3Y1zE0jV0bmpUZb-3r-MESdVeW7UPr6ri3Bfdax31iHWQzXbqXcy_Ni7wgir7W32UOvwcNMSQBWS5Wwx1wydFuuqlrccCdvFN7RfTw8QDlhUK3_lT_rUabSvaK2i7U-mx_90u5M79pIdwJ1XBxhIWfLPRQe7pu4hCeCNBRbVqlxncMTJDxNdJYLNFt45tFwF8KxlUmZKirKpN1m6R2bJqcqIV5SdNhQyssZGJFZITvEMkmqlEiV0R_QQLPSqSllnz59ObvBZj6nmyWb1A6R4Y%26sp%3D0.0319&icons=t6drA5kMrSdFytDmkKp1vl2m4DQuAsVIpmQjB3YLOQvz3l1hrMb5kTjFHwYn4vthLfkcPh88hmvHld_tHKUPH40OwRsPyG6ZKknxCPPBjIfhd23_uu8CnWDCGU92sU-twlzQhCvVvtEWy2qMZdAn4i4y7nXBjLulkrdrcLWQc6FHk7vjCtHHRbvpv0hx2XoPro0ZLCJ10ibw8Qw6uX1wnkHP_N3L3fzadI9UB5NDFipytCB2GwiOeAWs3UZwhq2r8_RIwB0t2Zgsjm2Wl2hkbOkmAx_WPyvPz_Y73pUzm6WLL-g1B7HTDKocT_d31dj4mRtDsaXyEcB7kkBNxVObaPJsDyxt0VZQWBjfaCDCRfgCUf-r2vg22rMPm74CZVPFB2VcT_rwKZkP888Qtg-xOJeA_tN4DWejlKB_Q4MeEpHyLy9BhJ6DLGPtb0ObE3iv6Tph-JStWFyha71A9DNvpld_8WGJn5rwpvQMGKZj5NC33XBLMQeN3mfJBNXC6vgOYJ_xJ_YmM6zZTpb9oUeXm26IlDQ4E-wE7zYTtLGTLQZhNvDavVhZYOfFj5wJvsS6e2ELy8PB-0zuoF6wzVg-HjfpNYjtwYG_OkyRPNHRHB8s7bwvRVazPPR8lBa6ivSlMTKqWQs-XUIYtW24zDu-yco5SKIPdkCS4VjiWDZ3rVO5tidYkArTCCtjEg7nw_ps7z-1Tf_3FniO5z7J6r5nqR8TArMh973NC3RS4Zco_TIlB57JYOMmz8tJ2zW_hnMonZojEIS_5PTB0_ya1Gm99kmSvLyZtfvaDzUXQo5fraLliPGkXGQHVAJgoZXzhMOs_9_xIo5_7-WRgXsRKX-7Pg9ACqKf3n-dyrNUHBnFLu7Nknyrg5s8xBhDWRa7MVOVhBLZvGLBHm8tjQYgMvinmteCzU17Xo5OvhqQwWz36RzZxg-sOL2Cl6JPSBtujcftmlDhXtp_FmlIeX9am0X2Px7aklyyAUXpo_0OZn-cd-YN0fnlo7by7MrwwtMOhhSqoyLd3v6ZYyLSTo-oSMtg4A5M1tGLiWwKLps-Yf3cqOBZBbqcaUmyf9gcV93D_kXmLJSLgiuyt_EAgssFSet4fRdfITYxmrO-26y0EPleC2LFesT97jIla_lQMzVP9VsIWd7E2WHs4dcjhiwbtie-FG6WPzBX1cgLuTZY3ZjJaMm7faqOTElx_U2M5R0LwuVhg4b-_c5u5wVAnN7TNRkcZtRnxY04-dCuq2dnVRBl6D-hNot6dhvaN4rYj1wmYzwBZZuuqRxE-njCNCmiI_wRhF6o-X0lSvUF6dXmOER8RUPwbLbBpNZi0Hoc-Q&ext_cid=224906&px_id=31529500&min_cpm=0.011723317871302458&out_id=0&campaign_type=mq&aid=127&cid=12695&uniq=&mid=6069129531362018420&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.031600139677524494&cpm=0.0319&verify_hash=0c9e438a68f3e7fefad9149379dd95f4&is_native=1&real_bid=0.031600139677524494&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=5,33,98,101,4&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=1715391389&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=24f4a956-fe7d-4254-84dc-64d89a0d21ea&prev_step_diff=814

94.130.198.6

200 OK

0 B

URL GET HTTP/2
e859321004.6423f6c6c4.com/in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218589&subid=1511354673&sid=2708905530&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=mature,adult,milf&user_fp=10525439425521361963&score=66.00749589809814&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DtNFQWCaWY8d1JC_09s-7hbTPPo3EOk1jru31z94BG0L2bqn-GRv_lk-HHpa2WK_CGXlagiI8iKL3o4_RRRhzR-hRIZOZIkVvUbm2VmUuGQ4Pw3KXZPRUhMgV-wJHYqzbNwk-t1dexKdaPpy6vE4xskGrZ0AkXyjm5YgiJoQR_nwDrMymSbjgP4-QjkJ_Vm-WynAPY3eGvhjjvPUQfAbT6Dz4JX8OtXop_b5kuOFkLLMEsT97ou392elqvyT-fjjZRfDZffgXu-lBd10ueU1MBuHUts2CMEbd39_L_Pwhv3guLKWGU_CxSAn2xxeleUS5R02zm7CiBdc5bF2xVV54BzxzuveYMaXfyc6y1MIBRPiquI8gyMD6LO_WBV2rS9W-RAroUSAArPrc91HQ9V0-dalKaDh3eqvIYEg0KTykrbfEW7a6QBuYtgz7TChWeQ-JRDy9eOIHqhHbB6hnFFH64yGZMQBtkMpjvpLV0kiXt-O-RWeoGThDnNVM5NPYRl1PrKWD6VLjzWnFhKCcue7_5wWyaR7QpFsnP3nP9Cx5o-G714Dd2DgHMl4ZDcDpiTBIYGQFlVIAUM-ibj_qv8f8Nn2HRoA_RmFRW10q0aZM6FDGSSbKcaEqsIVKU2Kn4OGSM0vQsTyQmu7cJ-CuKm9bdCEpCQPk5WE7aA899A2TyIi3B_jRmE7HPrAVnTYQZQibvD2VHoSKGwrZ8thirnshVtYxzc4QfI3ZKbikI6xqEuqcEJmH9SVnFTDTj2EmMYoUTge7JHyF45B_bB6-MR-wFTUypfQ8g9KRDp7O9d93J2XcC2MFWsQtPxDrmuET2a3GMrBk5HdcuEJe6r1WvzSO0uz4l8OuA0yeA2WwlORNazn7gFIBm-gGz4zbL9_I_49IYrZ2vd_f0mf8DBgjlNK8ItEOjhOTROuumjkdiWbEExIwxajCjlY7ALqry1nSZfHAoSIlSX-UvFWvWtcKu9JQxq1nnVsgmSfpYYIxV_sKZHL-VMZMkJUHBD0QvTAMpc3XMjFF9X9Mz2f1k-8-6wkDpxtr3WFGrcLskFTP-ZWOBd1Str3Y1zE0jV0bmpUZb-3r-MESdVeW7UPr6ri3Bfdax31iHWQzXbqXcy_Ni7wgir7W32UOvwcNMSQBWS5Wwx1wydFuuqlrccCdvFN7RfTw8QDlhUK3_lT_rUabSvaK2i7U-mx_90u5M79pIdwJ1XBxhIWfLPRQe7pu4hCeCNBRbVqlxncMTJDxNdJYLNFt45tFwF8KxlUmZKirKpN1m6R2bJqcqIV5SdNhQyssZGJFZITvEMkmqlEiV0R_QQLPSqSllnz59ObvBZj6nmyWb1A6R4Y%26sp%3D0.0319&icons=t6drA5kMrSdFytDmkKp1vl2m4DQuAsVIpmQjB3YLOQvz3l1hrMb5kTjFHwYn4vthLfkcPh88hmvHld_tHKUPH40OwRsPyG6ZKknxCPPBjIfhd23_uu8CnWDCGU92sU-twlzQhCvVvtEWy2qMZdAn4i4y7nXBjLulkrdrcLWQc6FHk7vjCtHHRbvpv0hx2XoPro0ZLCJ10ibw8Qw6uX1wnkHP_N3L3fzadI9UB5NDFipytCB2GwiOeAWs3UZwhq2r8_RIwB0t2Zgsjm2Wl2hkbOkmAx_WPyvPz_Y73pUzm6WLL-g1B7HTDKocT_d31dj4mRtDsaXyEcB7kkBNxVObaPJsDyxt0VZQWBjfaCDCRfgCUf-r2vg22rMPm74CZVPFB2VcT_rwKZkP888Qtg-xOJeA_tN4DWejlKB_Q4MeEpHyLy9BhJ6DLGPtb0ObE3iv6Tph-JStWFyha71A9DNvpld_8WGJn5rwpvQMGKZj5NC33XBLMQeN3mfJBNXC6vgOYJ_xJ_YmM6zZTpb9oUeXm26IlDQ4E-wE7zYTtLGTLQZhNvDavVhZYOfFj5wJvsS6e2ELy8PB-0zuoF6wzVg-HjfpNYjtwYG_OkyRPNHRHB8s7bwvRVazPPR8lBa6ivSlMTKqWQs-XUIYtW24zDu-yco5SKIPdkCS4VjiWDZ3rVO5tidYkArTCCtjEg7nw_ps7z-1Tf_3FniO5z7J6r5nqR8TArMh973NC3RS4Zco_TIlB57JYOMmz8tJ2zW_hnMonZojEIS_5PTB0_ya1Gm99kmSvLyZtfvaDzUXQo5fraLliPGkXGQHVAJgoZXzhMOs_9_xIo5_7-WRgXsRKX-7Pg9ACqKf3n-dyrNUHBnFLu7Nknyrg5s8xBhDWRa7MVOVhBLZvGLBHm8tjQYgMvinmteCzU17Xo5OvhqQwWz36RzZxg-sOL2Cl6JPSBtujcftmlDhXtp_FmlIeX9am0X2Px7aklyyAUXpo_0OZn-cd-YN0fnlo7by7MrwwtMOhhSqoyLd3v6ZYyLSTo-oSMtg4A5M1tGLiWwKLps-Yf3cqOBZBbqcaUmyf9gcV93D_kXmLJSLgiuyt_EAgssFSet4fRdfITYxmrO-26y0EPleC2LFesT97jIla_lQMzVP9VsIWd7E2WHs4dcjhiwbtie-FG6WPzBX1cgLuTZY3ZjJaMm7faqOTElx_U2M5R0LwuVhg4b-_c5u5wVAnN7TNRkcZtRnxY04-dCuq2dnVRBl6D-hNot6dhvaN4rYj1wmYzwBZZuuqRxE-njCNCmiI_wRhF6o-X0lSvUF6dXmOER8RUPwbLbBpNZi0Hoc-Q&ext_cid=224906&px_id=31529500&min_cpm=0.011723317871302458&out_id=0&campaign_type=mq&aid=127&cid=12695&uniq=&mid=6069129531362018420&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.031600139677524494&cpm=0.0319&verify_hash=0c9e438a68f3e7fefad9149379dd95f4&is_native=1&real_bid=0.031600139677524494&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=5,33,98,101,4&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=1715391389&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=24f4a956-fe7d-4254-84dc-64d89a0d21ea&prev_step_diff=814
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subject6423f6c6c4.com
Fingerprint2F:36:6C:E2:70:8D:26:9A:96:36:8B:43:26:81:52:60:C6:18:7B:31
ValiditySun, 05 May 2024 14:01:56 GMT - Sat, 03 Aug 2024 14:01:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218589&subid=1511354673&sid=2708905530&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=mature,adult,milf&user_fp=10525439425521361963&score=66.00749589809814&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DtNFQWCaWY8d1JC_09s-7hbTPPo3EOk1jru31z94BG0L2bqn-GRv_lk-HHpa2WK_CGXlagiI8iKL3o4_RRRhzR-hRIZOZIkVvUbm2VmUuGQ4Pw3KXZPRUhMgV-wJHYqzbNwk-t1dexKdaPpy6vE4xskGrZ0AkXyjm5YgiJoQR_nwDrMymSbjgP4-QjkJ_Vm-WynAPY3eGvhjjvPUQfAbT6Dz4JX8OtXop_b5kuOFkLLMEsT97ou392elqvyT-fjjZRfDZffgXu-lBd10ueU1MBuHUts2CMEbd39_L_Pwhv3guLKWGU_CxSAn2xxeleUS5R02zm7CiBdc5bF2xVV54BzxzuveYMaXfyc6y1MIBRPiquI8gyMD6LO_WBV2rS9W-RAroUSAArPrc91HQ9V0-dalKaDh3eqvIYEg0KTykrbfEW7a6QBuYtgz7TChWeQ-JRDy9eOIHqhHbB6hnFFH64yGZMQBtkMpjvpLV0kiXt-O-RWeoGThDnNVM5NPYRl1PrKWD6VLjzWnFhKCcue7_5wWyaR7QpFsnP3nP9Cx5o-G714Dd2DgHMl4ZDcDpiTBIYGQFlVIAUM-ibj_qv8f8Nn2HRoA_RmFRW10q0aZM6FDGSSbKcaEqsIVKU2Kn4OGSM0vQsTyQmu7cJ-CuKm9bdCEpCQPk5WE7aA899A2TyIi3B_jRmE7HPrAVnTYQZQibvD2VHoSKGwrZ8thirnshVtYxzc4QfI3ZKbikI6xqEuqcEJmH9SVnFTDTj2EmMYoUTge7JHyF45B_bB6-MR-wFTUypfQ8g9KRDp7O9d93J2XcC2MFWsQtPxDrmuET2a3GMrBk5HdcuEJe6r1WvzSO0uz4l8OuA0yeA2WwlORNazn7gFIBm-gGz4zbL9_I_49IYrZ2vd_f0mf8DBgjlNK8ItEOjhOTROuumjkdiWbEExIwxajCjlY7ALqry1nSZfHAoSIlSX-UvFWvWtcKu9JQxq1nnVsgmSfpYYIxV_sKZHL-VMZMkJUHBD0QvTAMpc3XMjFF9X9Mz2f1k-8-6wkDpxtr3WFGrcLskFTP-ZWOBd1Str3Y1zE0jV0bmpUZb-3r-MESdVeW7UPr6ri3Bfdax31iHWQzXbqXcy_Ni7wgir7W32UOvwcNMSQBWS5Wwx1wydFuuqlrccCdvFN7RfTw8QDlhUK3_lT_rUabSvaK2i7U-mx_90u5M79pIdwJ1XBxhIWfLPRQe7pu4hCeCNBRbVqlxncMTJDxNdJYLNFt45tFwF8KxlUmZKirKpN1m6R2bJqcqIV5SdNhQyssZGJFZITvEMkmqlEiV0R_QQLPSqSllnz59ObvBZj6nmyWb1A6R4Y%26sp%3D0.0319&icons=t6drA5kMrSdFytDmkKp1vl2m4DQuAsVIpmQjB3YLOQvz3l1hrMb5kTjFHwYn4vthLfkcPh88hmvHld_tHKUPH40OwRsPyG6ZKknxCPPBjIfhd23_uu8CnWDCGU92sU-twlzQhCvVvtEWy2qMZdAn4i4y7nXBjLulkrdrcLWQc6FHk7vjCtHHRbvpv0hx2XoPro0ZLCJ10ibw8Qw6uX1wnkHP_N3L3fzadI9UB5NDFipytCB2GwiOeAWs3UZwhq2r8_RIwB0t2Zgsjm2Wl2hkbOkmAx_WPyvPz_Y73pUzm6WLL-g1B7HTDKocT_d31dj4mRtDsaXyEcB7kkBNxVObaPJsDyxt0VZQWBjfaCDCRfgCUf-r2vg22rMPm74CZVPFB2VcT_rwKZkP888Qtg-xOJeA_tN4DWejlKB_Q4MeEpHyLy9BhJ6DLGPtb0ObE3iv6Tph-JStWFyha71A9DNvpld_8WGJn5rwpvQMGKZj5NC33XBLMQeN3mfJBNXC6vgOYJ_xJ_YmM6zZTpb9oUeXm26IlDQ4E-wE7zYTtLGTLQZhNvDavVhZYOfFj5wJvsS6e2ELy8PB-0zuoF6wzVg-HjfpNYjtwYG_OkyRPNHRHB8s7bwvRVazPPR8lBa6ivSlMTKqWQs-XUIYtW24zDu-yco5SKIPdkCS4VjiWDZ3rVO5tidYkArTCCtjEg7nw_ps7z-1Tf_3FniO5z7J6r5nqR8TArMh973NC3RS4Zco_TIlB57JYOMmz8tJ2zW_hnMonZojEIS_5PTB0_ya1Gm99kmSvLyZtfvaDzUXQo5fraLliPGkXGQHVAJgoZXzhMOs_9_xIo5_7-WRgXsRKX-7Pg9ACqKf3n-dyrNUHBnFLu7Nknyrg5s8xBhDWRa7MVOVhBLZvGLBHm8tjQYgMvinmteCzU17Xo5OvhqQwWz36RzZxg-sOL2Cl6JPSBtujcftmlDhXtp_FmlIeX9am0X2Px7aklyyAUXpo_0OZn-cd-YN0fnlo7by7MrwwtMOhhSqoyLd3v6ZYyLSTo-oSMtg4A5M1tGLiWwKLps-Yf3cqOBZBbqcaUmyf9gcV93D_kXmLJSLgiuyt_EAgssFSet4fRdfITYxmrO-26y0EPleC2LFesT97jIla_lQMzVP9VsIWd7E2WHs4dcjhiwbtie-FG6WPzBX1cgLuTZY3ZjJaMm7faqOTElx_U2M5R0LwuVhg4b-_c5u5wVAnN7TNRkcZtRnxY04-dCuq2dnVRBl6D-hNot6dhvaN4rYj1wmYzwBZZuuqRxE-njCNCmiI_wRhF6o-X0lSvUF6dXmOER8RUPwbLbBpNZi0Hoc-Q&ext_cid=224906&px_id=31529500&min_cpm=0.011723317871302458&out_id=0&campaign_type=mq&aid=127&cid=12695&uniq=&mid=6069129531362018420&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.031600139677524494&cpm=0.0319&verify_hash=0c9e438a68f3e7fefad9149379dd95f4&is_native=1&real_bid=0.031600139677524494&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=5,33,98,101,4&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=1715391389&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=24f4a956-fe7d-4254-84dc-64d89a0d21ea&prev_step_diff=814 HTTP/1.1
Host: e859321004.6423f6c6c4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:30 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg

45.133.44.24

200 OK

11 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3
Size
11 kB (11228 bytes)
Hash
7a0f4319e0c7d4e0ec42eae657ba39fd
e2940c23868c5975a1dc1a3c963609b34abbe6b5
6c0278ead1dce8c37b6b233d5251184cd820586eeb5d30db860c1c7315d5dba0

HTTP Headers

GET /m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:30 GMT
content-type: image/jpeg
content-length: 11228
server: nginx
last-modified: Tue, 09 Apr 2024 19:56:57 GMT
etag: "66159d89-2bdc"
x-request-id: 13aea49745d30295dcee0faf2bf8a0c1
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

p.a64x.com/in/tip_shows/?katds_ep=U2s-Epdf3uTe8iVheiPUliH_Fv3zVEEcKprsVpe9M1X95sq_kgzWsyJGigazaJ2h7Rou6lEtC646n4X86dHowD6DYUxfGvznnXR1LlRp0BQwrPMLsBRQZ89Nr9UThMxpcLGcs60BTDs0o5pLNNafdm-iJy8cL0SB7t4lz6637dWVxYGh6hxE1k_HozbDz3bv4K4OeOYEFEwZiLozkTh8FCqZNr0d8JDhkEsemZT6hJZLR-HEAzYVlTD8z_3gtlKCMxzrY8Gm4ImUU4Ttmkn8V3VwbB7jhFnp7mBJd793JLneuHWC7EVaZEpP9QkFi0LANLlPJ34AaXbt8jN6qNsJh6y8ZkNCRmBCGyOmloBJb-71q9jPHwh9ElLsqbi2a_8eNC65a5ZlQk_q2dUZU3XxFz2F57IXRVCBREQ7YAFykaVqP3QrzG_25Kdvx5UB2NVhmmqXoVr69m4pJrAWK8LG_SwaQHl4GTm0feFxpFNYNPuRDBQo6kcloYKJabXWPtv4tJ4dnLXcUzCUHRxUh8YxFv6DE5-2pXidGliycIgVmxxZNYSd3VreAH3ZAhTVZXxA5MY08Jj_qKmuedXDPhzNHqMx8z1o_eviGJ0DsTgj8pfDpi7-KR1pIa5ClJSNppsmb4U0dV0V6P8Gd-l2UXk9mqZWg2C_gzYtSWDkmjmzdiPE8iYBPzpLrM0A5XKfVixBtBLr8Wcwf5dtI9-PNVDCvRoFhoErdNQ1jzjIgPMHNmSMXuTYa60fXPsXEw9W1CBwzlFPKWnLLZ7U0hOgSxXVLd3bCTgRQVQgaRFAvPvSBOIKz_gavITTK3a7BPHoGbBZU0cH8NaD42VRNDbceyDGwUJ3C0h2oVQtsZOLv6M2DNE0ba8fMOS0svw4oOs-m2nZL8KeYmAKo2iZFLw&sp=0.0319&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=c1ae4171-6af5-4bec-bce0-e520c8e83556&prev_step_diff=814

172.67.185.171

302 Found

0 B

URL GET HTTP/3
p.a64x.com/in/tip_shows/?katds_ep=U2s-Epdf3uTe8iVheiPUliH_Fv3zVEEcKprsVpe9M1X95sq_kgzWsyJGigazaJ2h7Rou6lEtC646n4X86dHowD6DYUxfGvznnXR1LlRp0BQwrPMLsBRQZ89Nr9UThMxpcLGcs60BTDs0o5pLNNafdm-iJy8cL0SB7t4lz6637dWVxYGh6hxE1k_HozbDz3bv4K4OeOYEFEwZiLozkTh8FCqZNr0d8JDhkEsemZT6hJZLR-HEAzYVlTD8z_3gtlKCMxzrY8Gm4ImUU4Ttmkn8V3VwbB7jhFnp7mBJd793JLneuHWC7EVaZEpP9QkFi0LANLlPJ34AaXbt8jN6qNsJh6y8ZkNCRmBCGyOmloBJb-71q9jPHwh9ElLsqbi2a_8eNC65a5ZlQk_q2dUZU3XxFz2F57IXRVCBREQ7YAFykaVqP3QrzG_25Kdvx5UB2NVhmmqXoVr69m4pJrAWK8LG_SwaQHl4GTm0feFxpFNYNPuRDBQo6kcloYKJabXWPtv4tJ4dnLXcUzCUHRxUh8YxFv6DE5-2pXidGliycIgVmxxZNYSd3VreAH3ZAhTVZXxA5MY08Jj_qKmuedXDPhzNHqMx8z1o_eviGJ0DsTgj8pfDpi7-KR1pIa5ClJSNppsmb4U0dV0V6P8Gd-l2UXk9mqZWg2C_gzYtSWDkmjmzdiPE8iYBPzpLrM0A5XKfVixBtBLr8Wcwf5dtI9-PNVDCvRoFhoErdNQ1jzjIgPMHNmSMXuTYa60fXPsXEw9W1CBwzlFPKWnLLZ7U0hOgSxXVLd3bCTgRQVQgaRFAvPvSBOIKz_gavITTK3a7BPHoGbBZU0cH8NaD42VRNDbceyDGwUJ3C0h2oVQtsZOLv6M2DNE0ba8fMOS0svw4oOs-m2nZL8KeYmAKo2iZFLw&sp=0.0319&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=c1ae4171-6af5-4bec-bce0-e520c8e83556&prev_step_diff=814
IP
172.67.185.171:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjecta64x.com
Fingerprint86:FD:2B:DD:CC:BD:8D:ED:C0:8D:41:81:C1:48:2D:45:D6:4F:67:88
ValidityTue, 19 Mar 2024 14:58:28 GMT - Mon, 17 Jun 2024 14:58:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/tip_shows/?katds_ep=U2s-Epdf3uTe8iVheiPUliH_Fv3zVEEcKprsVpe9M1X95sq_kgzWsyJGigazaJ2h7Rou6lEtC646n4X86dHowD6DYUxfGvznnXR1LlRp0BQwrPMLsBRQZ89Nr9UThMxpcLGcs60BTDs0o5pLNNafdm-iJy8cL0SB7t4lz6637dWVxYGh6hxE1k_HozbDz3bv4K4OeOYEFEwZiLozkTh8FCqZNr0d8JDhkEsemZT6hJZLR-HEAzYVlTD8z_3gtlKCMxzrY8Gm4ImUU4Ttmkn8V3VwbB7jhFnp7mBJd793JLneuHWC7EVaZEpP9QkFi0LANLlPJ34AaXbt8jN6qNsJh6y8ZkNCRmBCGyOmloBJb-71q9jPHwh9ElLsqbi2a_8eNC65a5ZlQk_q2dUZU3XxFz2F57IXRVCBREQ7YAFykaVqP3QrzG_25Kdvx5UB2NVhmmqXoVr69m4pJrAWK8LG_SwaQHl4GTm0feFxpFNYNPuRDBQo6kcloYKJabXWPtv4tJ4dnLXcUzCUHRxUh8YxFv6DE5-2pXidGliycIgVmxxZNYSd3VreAH3ZAhTVZXxA5MY08Jj_qKmuedXDPhzNHqMx8z1o_eviGJ0DsTgj8pfDpi7-KR1pIa5ClJSNppsmb4U0dV0V6P8Gd-l2UXk9mqZWg2C_gzYtSWDkmjmzdiPE8iYBPzpLrM0A5XKfVixBtBLr8Wcwf5dtI9-PNVDCvRoFhoErdNQ1jzjIgPMHNmSMXuTYa60fXPsXEw9W1CBwzlFPKWnLLZ7U0hOgSxXVLd3bCTgRQVQgaRFAvPvSBOIKz_gavITTK3a7BPHoGbBZU0cH8NaD42VRNDbceyDGwUJ3C0h2oVQtsZOLv6M2DNE0ba8fMOS0svw4oOs-m2nZL8KeYmAKo2iZFLw&sp=0.0319&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=c1ae4171-6af5-4bec-bce0-e520c8e83556&prev_step_diff=814 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Thu, 09 May 2024 01:36:30 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P97PEpBE37ckNABtTF%2FkvjGujAKnxJ4wx7VDSc5uvjTp%2FWL7nfs2ZTziiQ0n0h9KBgMjAscqELihHaKmWRdejxUtAfP5OyH0Nlw1Ppyq2nv3ejyqdWAnX2J%2BgyUv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df57e9969b51e-OSL
alt-svc: h3=":443"; ma=86400

imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg

45.133.44.24

200 OK

2.5 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3
Size
2.5 kB (2460 bytes)
Hash
9eb726ecf5e85e3b48f854490ff8284a
d08b4f022e64d06f2642c5c9217d35b7851516d5
30bd73405bb72856107c9e940bece489b670970c3d2e4d6b592cc138a67a3c05

HTTP Headers

GET /m/p/0/777/777181/conversions/PguV688J-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:30 GMT
content-type: image/jpeg
content-length: 2460
server: nginx
last-modified: Tue, 09 Apr 2024 19:56:49 GMT
etag: "66159d81-99c"
x-request-id: 064bc710493213dae1825c3b2f5e7289
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

pyknrhm5c.com/chicken.gif?z=2025683&pb=e4cef2918c25997e58927f895f2764a61715225783&psp=UEz2eq4F85Hf49UVj1q9GgF8XUvkAeACrv4CRc50-sPr1eezevdjXfXmA4ZysUgvIF-PdLuk4ut9RguifBjnJmY7Q-SuMeXFwt3AuckqXMSTYoYbSWpSq_OWBu48yEqGNsp26u-hD6GsTFIvshlRC__Dkc6SByNxVoa89JdkUbpm8zZzKpGLBZ8JE7JAS3jv3UuZvTwScLtDAp0_4p8QNZMYV3FOcK5bzARZ6QqsXZSGYsHPO0YhQi1pNBugMh43ILdpXZW-iTR4p9mlyzQAolSO3v0bs0iBwnRJWX8Lr0EQhaQTL8uu74rq5JJwsvPCSD_Ul4Ki13yY_zBWbD7bSygan8FLtiGZAY-crzYUrA5LDRM04EA3_jtaLFyODIAjkms2cpBIMgHSliKjQEkJmE0_FZULEyYbsBMVN7T1PAAnnDFOFzSwMk5g8rdTucSVlQi2JZr0uzfS9veSb367REF6_9zgmVdV74SWTtWDmJYRRu1a87O2-XoNPlz4j2aOHL0iRDcPE9cJtJqXvvjHUM7d8TCvdp3dV6RTlpnzijvljOZYgs_57wLUOySWkAdZpxiuw6B-5goWc3Nk4lYdclRg4ZzC0ViKA6tvXQ1ByqVcRVEJU61-liXV-Q96_cZXpRKFGtVXX_e5hjWiXup2r1DsPWmFS2J0bAlDcIhrKzezUl_rb2LtoX-CD9A_UKbrb5xYdvjah_hW4EGOv8z33Ec3C-eXkAmmg9R8YD4sledtPA==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=3771583262359040&eclog=0&im=1&_=0.9062106579882281

212.117.190.201

200 OK

43 B

URL GET HTTP/2
pyknrhm5c.com/chicken.gif?z=2025683&pb=e4cef2918c25997e58927f895f2764a61715225783&psp=UEz2eq4F85Hf49UVj1q9GgF8XUvkAeACrv4CRc50-sPr1eezevdjXfXmA4ZysUgvIF-PdLuk4ut9RguifBjnJmY7Q-SuMeXFwt3AuckqXMSTYoYbSWpSq_OWBu48yEqGNsp26u-hD6GsTFIvshlRC__Dkc6SByNxVoa89JdkUbpm8zZzKpGLBZ8JE7JAS3jv3UuZvTwScLtDAp0_4p8QNZMYV3FOcK5bzARZ6QqsXZSGYsHPO0YhQi1pNBugMh43ILdpXZW-iTR4p9mlyzQAolSO3v0bs0iBwnRJWX8Lr0EQhaQTL8uu74rq5JJwsvPCSD_Ul4Ki13yY_zBWbD7bSygan8FLtiGZAY-crzYUrA5LDRM04EA3_jtaLFyODIAjkms2cpBIMgHSliKjQEkJmE0_FZULEyYbsBMVN7T1PAAnnDFOFzSwMk5g8rdTucSVlQi2JZr0uzfS9veSb367REF6_9zgmVdV74SWTtWDmJYRRu1a87O2-XoNPlz4j2aOHL0iRDcPE9cJtJqXvvjHUM7d8TCvdp3dV6RTlpnzijvljOZYgs_57wLUOySWkAdZpxiuw6B-5goWc3Nk4lYdclRg4ZzC0ViKA6tvXQ1ByqVcRVEJU61-liXV-Q96_cZXpRKFGtVXX_e5hjWiXup2r1DsPWmFS2J0bAlDcIhrKzezUl_rb2LtoX-CD9A_UKbrb5xYdvjah_hW4EGOv8z33Ec3C-eXkAmmg9R8YD4sledtPA==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=3771583262359040&eclog=0&im=1&_=0.9062106579882281
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87
ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

GET /chicken.gif?z=2025683&pb=e4cef2918c25997e58927f895f2764a61715225783&psp=UEz2eq4F85Hf49UVj1q9GgF8XUvkAeACrv4CRc50-sPr1eezevdjXfXmA4ZysUgvIF-PdLuk4ut9RguifBjnJmY7Q-SuMeXFwt3AuckqXMSTYoYbSWpSq_OWBu48yEqGNsp26u-hD6GsTFIvshlRC__Dkc6SByNxVoa89JdkUbpm8zZzKpGLBZ8JE7JAS3jv3UuZvTwScLtDAp0_4p8QNZMYV3FOcK5bzARZ6QqsXZSGYsHPO0YhQi1pNBugMh43ILdpXZW-iTR4p9mlyzQAolSO3v0bs0iBwnRJWX8Lr0EQhaQTL8uu74rq5JJwsvPCSD_Ul4Ki13yY_zBWbD7bSygan8FLtiGZAY-crzYUrA5LDRM04EA3_jtaLFyODIAjkms2cpBIMgHSliKjQEkJmE0_FZULEyYbsBMVN7T1PAAnnDFOFzSwMk5g8rdTucSVlQi2JZr0uzfS9veSb367REF6_9zgmVdV74SWTtWDmJYRRu1a87O2-XoNPlz4j2aOHL0iRDcPE9cJtJqXvvjHUM7d8TCvdp3dV6RTlpnzijvljOZYgs_57wLUOySWkAdZpxiuw6B-5goWc3Nk4lYdclRg4ZzC0ViKA6tvXQ1ByqVcRVEJU61-liXV-Q96_cZXpRKFGtVXX_e5hjWiXup2r1DsPWmFS2J0bAlDcIhrKzezUl_rb2LtoX-CD9A_UKbrb5xYdvjah_hW4EGOv8z33Ec3C-eXkAmmg9R8YD4sledtPA==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=3771583262359040&eclog=0&im=1&_=0.9062106579882281 HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=240508203630b0b2818a6b4f298caaff7f0c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:31 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/rum?

104.21.40.89

204 No Content

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/rum?
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 520
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Thu, 09 May 2024 01:36:47 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 880df5ea8bd35684-OSL
x-frame-options: DENY
x-content-type-options: nosniff

32879.2481april2024.com/jS1CDIUwOQ_nZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmq-lubiKcwcfSL9O66GQYCCqIXtgkBLjMrUdQg?kws=video%2Cmilf%2Cobciaga%2Ckutasa%2Ckierowcy%2Cmpk%2Cpolish%2Cgrupowa%2Cpart&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20May%2009%202024%2001%3A36%3A23%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1

88.208.22.4

200 OK

1.5 kB

URL GET HTTP/2
32879.2481april2024.com/jS1CDIUwOQ_nZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmq-lubiKcwcfSL9O66GQYCCqIXtgkBLjMrUdQg?kws=video%2Cmilf%2Cobciaga%2Ckutasa%2Ckierowcy%2Cmpk%2Cpolish%2Cgrupowa%2Cpart&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20May%2009%202024%2001%3A36%3A23%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
IP
88.208.22.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subject*.2481april2024.com
FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49
ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT

File type
ASCII text, with very long lines (1549), with no line terminators
Size
1.5 kB (1549 bytes)
Hash
510fc1f32282084eb6a742382e579b25
30fe3b0adb4206320ca8097e2218b73cb09f41ae
c619715ebe902ec21bafc0f9d3eda6d5dc694623a04ed958960925aec38e5314

HTTP Headers

GET /jS1CDIUwOQ_nZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmq-lubiKcwcfSL9O66GQYCCqIXtgkBLjMrUdQg?kws=video%2Cmilf%2Cobciaga%2Ckutasa%2Ckierowcy%2Cmpk%2Cpolish%2Cgrupowa%2Cpart&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20May%2009%202024%2001%3A36%3A23%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:26 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Thu, 09 May 2024 01:36:26 UTC
expires: Thu, 09 May 2024 01:36:26 UTC
content-encoding: gzip
X-Firefox-Spdy: h2

e275260174.05ae41c3fc.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxOTg0NjUzMTQ5OTgxNTU2NzAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjE2MTg1NSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjU1LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9

45.133.44.53

200 OK

0 B

URL GET HTTP/2
e275260174.05ae41c3fc.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxOTg0NjUzMTQ5OTgxNTU2NzAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjE2MTg1NSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjU1LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjecte275260174.05ae41c3fc.com
Fingerprint91:7A:C9:0C:9C:3B:D5:9C:7E:DC:91:F5:95:96:9C:15:4F:61:37:FE
ValidityMon, 06 May 2024 02:50:55 GMT - Sun, 04 Aug 2024 02:50:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxOTg0NjUzMTQ5OTgxNTU2NzAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjE2MTg1NSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjU1LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: e275260174.05ae41c3fc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:24 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxOTg0NjUzMTQ5OTgxNTU2NzAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjE3OTk3Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjcyLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9

138.201.236.216

200 OK

0 B

URL GET HTTP/2
metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxOTg0NjUzMTQ5OTgxNTU2NzAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjE3OTk3Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjcyLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
IP
138.201.236.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxOTg0NjUzMTQ5OTgxNTU2NzAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjE3OTk3Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjcyLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 09 May 2024 01:36:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

www.amdahost.com/includes/update_visits.php

0.0.0.0

0 B

URL POST
www.amdahost.com/includes/update_visits.php
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /includes/update_visits.php HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 50
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a; cf_clearance=rkiZfgsCCjM3i0R2kHCeotMzLoE34ySZ9gVvAjVWBOQ-1715218583-1.0.1.1-jADs3UxfOr2ge1710cu8TwAE1Jv2z4qWpgjaRiS.sV4035AFLhY.nxhrsjSBFzAuDKQkKFMPYLKXBqmrSzvkHA; prefetchAd_7446033=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:44 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8MUKYOwUUD%2FPli7mlQZyB%2F62IrgKJDhU4mOdb87LbykPscsCdj7XxHJdPx9uR7TkGfX184HBclyZ7ynH2z%2F4wQiD05Mdtn%2BsaTfH%2FCwFdDVRSko6o2ib%2F%2BskvcToP6qimexl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5d30b925684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

js.mbidinp.com/skins/nmain.m.js

45.133.44.53

200 OK

470 kB

URL GET HTTP/2
js.mbidinp.com/skins/nmain.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectjs.mbidinp.com
FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C
ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT

File type

Size
470 kB (470121 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /skins/nmain.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:24 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Thu, 09 May 2024 01:41:24 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png

104.22.59.221

200 OK

48 kB

URL GET HTTP/2
cdn.pncloudfl.com/pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png
IP
104.22.59.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectcdn.pncloudfl.com
Fingerprint50:5F:A0:91:53:C9:C9:E3:5D:EA:53:42:E8:5B:81:FB:DE:7B:1E:2C
ValiditySun, 28 Apr 2024 04:53:51 GMT - Sat, 27 Jul 2024 04:53:50 GMT

File type
RIFF (little-endian) data, Web/P image
Size
48 kB (47678 bytes)
Hash
faa49393df3208c063f655607da54633
3de75eda9ed337e13622611cdda3d5bf615b311f
5b8090f769afc76f83e8635a46499a1e467be6c44aee86f5f53b7ca51baa53de

HTTP Headers

GET /pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: image/webp
content-length: 47678
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=74321
content-disposition: inline; filename="1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.webp"
etag: e7242897f9459085037ffcbcd74c060f
expires: Fri, 10 May 2024 16:55:56 GMT
last-modified: Mon, 23 Dec 2019 09:01:22 GMT
vary: Accept
x-openstack-request-id: tx6522abc861fc4738a75fe-0061b0bcf9
x-proxy-cache: HIT
x-timestamp: 1577091681.42646
x-trans-id: tx6522abc861fc4738a75fe-0061b0bcf9
cf-cache-status: HIT
age: 31227
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 880df5544d1d56a8-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.fluidplayer.com/v3/current/fluidplayer.min.js

185.76.9.18

200 OK

233 kB

URL GET HTTP/2
cdn.fluidplayer.com/v3/current/fluidplayer.min.js
IP
185.76.9.18:443
ASN
#60068 Datacamp Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectfluidplayer.com
Fingerprint46:64:4F:F1:3B:B5:54:D2:21:6F:9B:66:05:DF:D9:AC:7D:3C:8E:D0
ValidityMon, 06 May 2024 08:37:10 GMT - Sun, 04 Aug 2024 08:37:09 GMT

File type
JavaScript source, ASCII text, with very long lines (65463)
Size
233 kB (232616 bytes)
Hash
9829e8e730a9125e695789512d85177a
e20a0d55ab1722ef3ad13741a2b8975413d43909
7c38ede4727de973827091514a83d24a039bda1d0d4cac219eb20571a2cc3698

HTTP Headers

GET /v3/current/fluidplayer.min.js HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:22 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 13:23:13 GMT
etag: W/"65fc34c1-38ca8"
expires: Fri, 22 Mar 2024 21:42:05 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-77-nzt: EwwBuUwJDQH3uTYAAAwBuUwKDAH3AAAAAAwBJRPCMQH3AAAAAA
x-77-nzt-ray: c0a4cc28520b262196283c66e056b911
x-accel-expires: @1715290973
x-accel-date: 1715204573
x-77-cache: HIT
x-77-age: 14009
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 14009
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

js.mbidpp.com/popunder-admanager/build.m.js

45.133.44.53

200 OK

101 kB

URL GET HTTP/2
js.mbidpp.com/popunder-admanager/build.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectjs.mbidpp.com
Fingerprint5B:B3:95:84:D0:2B:0C:9A:68:98:53:B0:A4:A5:68:88:B2:A5:5F:82
ValidityThu, 18 Apr 2024 03:01:11 GMT - Wed, 17 Jul 2024 03:01:10 GMT

File type

Size
101 kB (100855 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /popunder-admanager/build.m.js HTTP/1.1
Host: js.mbidpp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:24 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 06 May 2024 08:27:28 GMT
etag: W/"66389470-189f7"
content-encoding: gzip
expires: Thu, 09 May 2024 01:41:24 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Archivo+Black&display=swap

142.250.74.106

200 OK

819 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Archivo+Black&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (837), with no line terminators
Size
819 B (819 bytes)
Hash
fa0b91b21b81c25b4d2bb89c6d9d84fb
1788d71d75cf429352999edca5573800814aba3f
5385a711b1675e90eb76b002d80f1c53e71449889caf26b5ee6ec34f3df23fa7

HTTP Headers

GET /css2?family=Archivo+Black&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:36:22 GMT
date: Thu, 09 May 2024 01:36:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.mbidadm.com/static/scripts.js

45.133.44.53

200 OK

1.7 kB

URL GET HTTP/2
js.mbidadm.com/static/scripts.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectjs.mbidadm.com
FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80
ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT

File type
JavaScript source, ASCII text, with very long lines (1884), with no line terminators
Size
1.7 kB (1732 bytes)
Hash
920f349834adf2faa94a7c6047814e52
34557304112fe9d61f23b8f89ceead6db43b98d4
2ddd6ffb00a0971092562d2c424678425e8496d315e38967a4ca2e26fdcfeafc

HTTP Headers

GET /static/scripts.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:22 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 08 May 2024 10:50:16 GMT
etag: W/"663b58e8-6c4"
content-encoding: gzip
expires: Thu, 09 May 2024 01:41:22 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

glakaits.net/?rb=m-hsVzMh2AQXuKlFGeHuEnwxeMSxOIJptk01V-Wf77xVqipj9srpGxT6OXi7SNjOMfniFUByLJ5k75qnkV6i6ZkoKy6RX9UQc-_QNPIPpKq6lfVsU3_ur6lmJBVPgg-RnzV7RDhHQM8AU0EjiinTEoeh6bbG9ouv_1zs-Tjl94WdQfjwBivtizwL6JSElrVNM3Q6UyOl-DUTHDPkEl3dHhYOAiVCTXUZCauAj81uFyyMQcnz_dM74lUtc9Q3kRJiax7yW4njT_2tClDP&request_ab2=0&zoneid=7446033&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=3&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=3583c2b3-2893-4662-8b48-7e302a24f70f&wasm=1&userId=008057ec3f9a499bfb66d990df603b07&m=link

139.45.197.242

200 OK

2.7 kB

URL GET HTTP/2
glakaits.net/?rb=m-hsVzMh2AQXuKlFGeHuEnwxeMSxOIJptk01V-Wf77xVqipj9srpGxT6OXi7SNjOMfniFUByLJ5k75qnkV6i6ZkoKy6RX9UQc-_QNPIPpKq6lfVsU3_ur6lmJBVPgg-RnzV7RDhHQM8AU0EjiinTEoeh6bbG9ouv_1zs-Tjl94WdQfjwBivtizwL6JSElrVNM3Q6UyOl-DUTHDPkEl3dHhYOAiVCTXUZCauAj81uFyyMQcnz_dM74lUtc9Q3kRJiax7yW4njT_2tClDP&request_ab2=0&zoneid=7446033&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=3&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=3583c2b3-2893-4662-8b48-7e302a24f70f&wasm=1&userId=008057ec3f9a499bfb66d990df603b07&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectglakaits.net
Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02
ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2772), with no line terminators
Size
2.7 kB (2742 bytes)
Hash
05b2ca8339b70122bd7fc2f5bdabcebe
b3b12c66826313d893a7971457f21753a8d79996
d3db22ddb6179593ef7718833d571d46037c0f2f9d54c14c08d37e4464bbf1b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=m-hsVzMh2AQXuKlFGeHuEnwxeMSxOIJptk01V-Wf77xVqipj9srpGxT6OXi7SNjOMfniFUByLJ5k75qnkV6i6ZkoKy6RX9UQc-_QNPIPpKq6lfVsU3_ur6lmJBVPgg-RnzV7RDhHQM8AU0EjiinTEoeh6bbG9ouv_1zs-Tjl94WdQfjwBivtizwL6JSElrVNM3Q6UyOl-DUTHDPkEl3dHhYOAiVCTXUZCauAj81uFyyMQcnz_dM74lUtc9Q3kRJiax7yW4njT_2tClDP&request_ab2=0&zoneid=7446033&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=3&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=3583c2b3-2893-4662-8b48-7e302a24f70f&wasm=1&userId=008057ec3f9a499bfb66d990df603b07&m=link HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Cookie: OAID=008057ec3f9a499bfb66d990df603b07; oaidts=1715218584
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:25 GMT
content-type: application/json
x-trace-id: 8f4aef961f61fecc4337534f41e95625
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008057ec3f9a499bfb66d990df603b07; expires=Fri, 09 May 2025 01:36:24 GMT; path=/; secure; SameSite=None
oaidts=1715218584; expires=Fri, 09 May 2025 01:36:24 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 16 May 2024 01:36:24 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans

142.250.74.106

200 OK

5.8 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Open+Sans
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (5866), with no line terminators
Size
5.8 kB (5776 bytes)
Hash
9a9a7fec0410c78b8c7601306b9fa182
7d736470060c2cbab18d2a59c043202c2d3dbaac
6a2126bd16491c04d2f664d8acb3a7ad24ec144e02bffd62db7254bee91567f0

HTTP Headers

GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:36:31 GMT
date: Thu, 09 May 2024 01:36:31 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.amdahost.com/media/apple-touch-icon.png

104.21.40.89

200 OK

40 kB

URL GET HTTP/3
www.amdahost.com/media/apple-touch-icon.png
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
40 kB (40332 bytes)
Hash
3a0b8d799ca52ea360286be206ff8fb3
2dc98f04f62990a7ab58494b8cc4c9d34f88d82b
a18a7554000483027f4297e642dd6ffa175ee4028844be6e7888cd31c165972d

HTTP Headers

GET /media/apple-touch-icon.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a; cf_clearance=rkiZfgsCCjM3i0R2kHCeotMzLoE34ySZ9gVvAjVWBOQ-1715218583-1.0.1.1-jADs3UxfOr2ge1710cu8TwAE1Jv2z4qWpgjaRiS.sV4035AFLhY.nxhrsjSBFzAuDKQkKFMPYLKXBqmrSzvkHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:24 GMT
content-type: image/png
content-length: 40332
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2656
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FMv%2FLaSjv8iIQcKU7NduIh26dmeAhOFUo5A7w49A1mv%2FDgfAegCklnRYq7wiFHlbwQmcr0WGO1%2FjWlRXHFpsq04O8%2Bn%2Bc0ZRhP9icq5V0xAcDf%2BFLm%2BrGMJmZqGGga3msFtx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df557bf0a5684-OSL
alt-svc: h3=":443"; ma=86400

zovidree.com/tag.min.js

104.21.16.31

200 OK

90 kB

URL GET HTTP/2
zovidree.com/tag.min.js
IP
104.21.16.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectzovidree.com
FingerprintE7:A2:02:40:34:64:74:90:8F:C4:F5:DA:6D:7F:08:2D:33:29:9A:FD
ValidityMon, 22 Apr 2024 15:25:10 GMT - Sun, 21 Jul 2024 15:25:09 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89866 bytes)
Hash
76c2a69970c22493395c731940cfe07c
c009ced71ef13eccbca3583729ede2e58156894e
0cd441d1f29495f38b588ddb04e10283e04ea626e2c5b79783710998031576d6

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: zovidree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 8672c8e135d4d3583bc5aced48aea3c2
cache-control: max-age=86400
last-modified: Wed, 08 May 2024 11:49:49 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 09 May 2024 13:59:05 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 41838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J%2Bv4jphG76KrdW4SGsUkyBSURuc6bYEj%2BX3NDvnGHG18%2F5E9gblyLXLcji7ehJsfed46xNC%2BopvJVtBsqsJSFd3ip0VkaUfhdrcHL4tBHAL%2F%2FedD%2FVN13POS35bocjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df5512ffab4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bid.mbidtg.com/tags/179977?version_name=b

45.133.44.25

200 OK

2.2 kB

URL GET HTTP/2
bid.mbidtg.com/tags/179977?version_name=b
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectbid.mbidtg.com
Fingerprint62:EA:1B:EE:02:E5:88:CC:26:72:9B:BA:BF:B3:B6:2B:67:14:74:67
ValidityWed, 01 May 2024 03:00:45 GMT - Tue, 30 Jul 2024 03:00:44 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2494), with no line terminators
Size
2.2 kB (2202 bytes)
Hash
6dd06c3be91240ac87d476628c579d45
7c9f39156f3db5c6c71d1ea5a218d3b5846fa8e8
3c8c08c131dffa0910f3b5e37167775faebe95977cd2752a5471c60963851c13

HTTP Headers

GET /tags/179977?version_name=b HTTP/1.1
Host: bid.mbidtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: application/json
server: nginx/1.24.0
cache-control: max-age=300, public
x-proxy-cache: EXPIRED
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Karla&display=swap

142.250.74.106

200 OK

802 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Karla&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (820), with no line terminators
Size
802 B (802 bytes)
Hash
19b781ab6f09786f5d9e86ac26de083d
11ca72183489143542fafe4efb122b11f9b4c1d9
e17e04ca3c38fa955e6789b4818c7c24ffd3a99eae0830a01ca51ed8e968db8a

HTTP Headers

GET /css2?family=Karla&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:36:22 GMT
date: Thu, 09 May 2024 01:36:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

b57dqedu4.com/get/2020088?zoneid=2020088&jp=_clsqfowinemogygwfxh6d4&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897483169191936&eclog=0&im=1&uf=0

212.117.190.201

200 OK

2.9 kB

URL GET HTTP/2
b57dqedu4.com/get/2020088?zoneid=2020088&jp=_clsqfowinemogygwfxh6d4&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897483169191936&eclog=0&im=1&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B
ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
ASCII text, with very long lines (3259), with no line terminators
Size
2.9 kB (2919 bytes)
Hash
29d11291dc2927e1e4c1a87fe688e2cb
ce1fc4f78d9a7fe5a2b7e5fc90c8ad239bda1600
59921187232077febcab998a2844e8478896f05e03aff8f33961577eb5ab34c3

HTTP Headers

GET /get/2020088?zoneid=2020088&jp=_clsqfowinemogygwfxh6d4&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897483169191936&eclog=0&im=1&uf=0 HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:23 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Thu, 12 Jun 2025 01:36:23 GMT; Secure; SameSite=None
UID=24050820360dfe812a91bf44eeb774ad6ed5; Path=/; Expires=Thu, 12 Jun 2025 01:36:23 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

mpougdusr.com/bultykh/ipp24/7/bazinga/2020090

212.117.190.201

200 OK

158 kB

URL GET HTTP/2
mpougdusr.com/bultykh/ipp24/7/bazinga/2020090
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66
ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65107)
Size
158 kB (158045 bytes)
Hash
c6ea5aedb4469e81f7d41b0eec41f409
7d7edc7b87462fb56c5e3c17c86bebad542d1d6f
72ad45cf0dd548c1f9611c35289dec90c22375b45bf1aa33d6a14ac7f896865b

HTTP Headers

GET /bultykh/ipp24/7/bazinga/2020090 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:22 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-269a3"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js

212.117.190.201

200 OK

106 kB

URL GET HTTP/2
b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B
ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65106)
Size
106 kB (106460 bytes)
Hash
5c1245ce45f7e0a8ff772bf695857a27
fad29ae9877616251044562b679427d9450199f7
9eee888953ac3827e3a1951d646e67fd6c34a47c7f4ff861c8b875218889513b

HTTP Headers

GET /t/9/fret/meow4/2020088/0d68ddef.js HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:22 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-1a022"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Lobster&display=swap

142.250.74.106

200 OK

1.8 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Lobster&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1825), with no line terminators
Size
1.8 kB (1780 bytes)
Hash
785af4cad14c8087afd0b4ca069742ba
b81dc83d9ec505a925e3da6bac340491a13460af
dc804cd560b63c44aea3659ce684d8b21a4ccbe7180f953716be1e3e1c4f5274

HTTP Headers

GET /css2?family=Lobster&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:36:22 GMT
date: Thu, 09 May 2024 01:36:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13820, version 1.0
Size
14 kB (13820 bytes)
Hash
2dd698f2699a5ef991625825011bff90
523ff9357131751e57dd78cb92b218a49a130d1d
02f5dfc0c21e92f3c724260f035833e627513a1b91230cc490a1ea756c95e5e5

HTTP Headers

GET /s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:34:50 GMT
expires: Fri, 02 May 2025 02:34:50 GMT
cache-control: public, max-age=31536000
age: 601292
last-modified: Thu, 24 Aug 2023 21:28:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mpougdusr.com/get/2020090?zoneid=2020090&jp=_clh8kcov1yplv098772txm&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5460433122569216&eclog=0&im=1&freq=0&uf=0

212.117.190.201

200 OK

6.6 kB

URL GET HTTP/2
mpougdusr.com/get/2020090?zoneid=2020090&jp=_clh8kcov1yplv098772txm&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5460433122569216&eclog=0&im=1&freq=0&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66
ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
ASCII text, with very long lines (6724), with no line terminators
Size
6.6 kB (6614 bytes)
Hash
adac7d76eea78b8926099828f9c8d89d
f0ceb565dd2770f32f1fd26502a15307ba5ea5b3
8707eefce6799cc4dcac0dcec3b86ea75e075c62f60f3dfb032bdbd59418672c

HTTP Headers

GET /get/2020090?zoneid=2020090&jp=_clh8kcov1yplv098772txm&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5460433122569216&eclog=0&im=1&freq=0&uf=0 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:36:23 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Thu, 12 Jun 2025 01:36:23 GMT; Secure; SameSite=None
UID=24050820363c9666b78772448c97a62f53c2; Path=/; Expires=Thu, 12 Jun 2025 01:36:23 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js

104.21.40.89

200 OK

7.9 kB

URL GET HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
JavaScript source, ASCII text, with very long lines (7876), with no line terminators
Size
7.9 kB (7876 bytes)
Hash
8ef28710178eb40a0f27abe9f9154acc
32936d9e9f0618b2fca0c17e4c8d6b9a030f982e
f756a38924482f7ca3b5bb935d0998704e568f3da03f701a5dda2e3677c67281

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nGKU0bQGOT62Y0LhRnqG%2FdRVy4JVoXOm%2BSi%2BWkkir%2B0xdxKYJalWk481SRcxQgurZl2hIUI78UaMjVMl4fKI%2F9DrugSIQObMOramw4vHNzHZKsOUbc0B9NfimTyIxlDeBmdm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df5545cf05684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.amdahost.com/watch_direct.php?id=820f3e3f67

104.21.40.89

200 OK

15 kB

URL User Request GET HTTP/2
www.amdahost.com/watch_direct.php?id=820f3e3f67
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
15 kB (15267 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch_direct.php?id=820f3e3f67 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:21 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=cea75715da71e72bdaa2a424ce9a043a; path=/; domain=.amdahost.com
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ldeIw%2Ful6wbai2epSP4B6cN3Nhyk2NpqLN64Us%2Fn4u4nvbixzv3pW6qDq25vWwU1FPvnK%2BbQVinvLareEimzYQErkAfu6AEsKjyXyGK5lOypz7evxkuC4zcv67Fp2%2BW5lqbo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df546cfe1b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

173.194.222.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
173.194.222.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:i3K5EwK4Xriv8vG2aBderX3sypdWdw:4t6ri2HbQBGhUKqr; Expires=Sat, 09-May-2026 01:36:25 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 09 May 2024 01:36:25 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzM2e1V9YIpV8-OnI6G90nuP5v86TiLoHIO9LrQhrc4BcqxB1IS2vnswOsKLxdzUwJHnCgvsw
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-kxL4npYEIx4p0oWAnrq2Gg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mbdippex.com/in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218585&subid=1211831614&sid=1572509799&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=milf,adult,mature&user_fp=6241671574567358293&score=33.436680851035334&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DAjwTQ_BZNbhYX67MJ3nEzc5-6S_O7ISeK4thf15qEZ-MV-tXMPjCXaRaW7Wk53O2_lrvPP9eKzNVrXNFAP6QrBnVhTDuk0PjQuQpAmKE4JYJAE8URwah_ylMlbrK4umM2rboYvlHzmIMuLHRCf_LIZHdX7LHlHsVi3guRDrffoOE9Y1XYewRQjQ2L9TrwkfWjtBp7b1uVAS5JX2ozaeyhnMMxbZy5P22tl4U33wlKcoHI-TLh5ZK6EgbsYlf1hopILuAuBAv-BNDE8MpYyFKTks1ZiRFjiN5GxJvzxGaSAMxQ_IaOfnYFCe7D9OBYzzgtqxzsKqwU-Tat2lAkXZ3R2u6wNQkfMzKMxJBObIW3eh6hd3UG3Sg5oZ5i7zQVnxFeyiOQOFOCS2HzGoVrvaFlEmwj4R5BwS8u4e3uRa8dp8ZhdItk0hhQOoy9f6rbkIrsVQKXC2R9xzIuErn79MJbTRpe0ynPZlq9zfYxejghmJ4n6wRg-mhB_whg3tDXqhaWK8lPLZgdIEmDITc1DCJqKIwufGgyuPFqPiLh_H73cK0FSyC5dI6BPPDg6-zudfDAe9e9nF7zqKMXXObHFqRQT0KQRHm9GiwXdKKvq4a9XCsfQaWFNh8DGTA-bdU_GoexQf2-s_yk7vtuEUlluhBRKcDmqHfsfszNoUvyIkLwRcMOKA0k-zruU9pmFVnNXIFJ3nInzHK975YLydESM1cILwkgAgbIcfaqI8hf8dKXEUoGaB6-8zb7Nb0GPkIRdRmkIpwMxMyIpmwjJ3hjviI6lt0AaIC24v6A9YWjm8Ib0Wsy36rBEyngwBd1vgtMTZN_OmS_WEtmRYaAeDkkemt3oqC6IK22wcH7OnXvbsDAuX0hzSg0u3iTLNMVwLoWQdWw4e9-iYPoKeLt0bgJpsxq02LUg4JmqNEW2ZNx5C3kk-UcbMLpSnTE2Kj5aeu_59wvkBhoywdJCWIVvooBMa8gCvL_m4p_7DpLy2WWDgGBg_pqvU4gWs-KATZ4UwmSQyJwUMpSc4Pnq20Hi8J_fWVh4mNrAuj-O-LuoA7cBmckLX44cSp91KCAdX4Jci9HDTrunUKekLc4-l3uRCrpDcvxX7MgHyJevjxs2sATQVnDJKu292jzRcZu1UQwktsjRXL8TjsR5u8BFR45KRy3g1xh9mUaZlsfwC6AJrqsbUC0IO_Jmb8w6FHZtXkVmivmbveuiUOAfFd6lOF4wiQxLkX7V1UV11tR1Cd4tIk_l8J3wrRcI48lF2W-NtHdIH8tNakzPor8nX15HOJo_xfnm5YosHBbFE6GDYbJTKaFpCoPospf0ZW%26bid%3D0.02844997486031586&icons=lFI-b5OHhoS9fs25Pb5x3_E8C0vjqyAt_XONSBwuLnq5b0j8wlodmSHRJV2qhi5nGjkfVGUxeAl-6Q-DORfvX1UVQu8rdZHKDDDo62zNc3H6kNQ_f1OiPJOU1i8PjImqKmyVCWQtcCNnnHZLTyElR2TJ4YRTSaBT6-Om6v2PFmz4jRLbQ7zAN5PHPumnawNrdeM6b-dTXtISX2PxCQnRs3Xd7ItR4ED-Q9oxh7hEK03_4yWTQrfXheFxXrLqww3hFl7YmL1yrvzWWDgKuAk442NLonevY4gl2L0qFXqfOjEwzBDibbBdKl5lpfnImfBsy8JUrIaItlvziuFNGvgbYFPgM4PjxUHwtBUMQgCLHiyogc7-_xsRzcZT_gBAPG4YSuGfeEd3JhTry1s8pq8JIgJ9WPFqoPQYwFutLzKZT2YcSRBP3L0dx_9doqBgx-BEg3oG6DzL_la05YE47oB2fAm71B_xdU5LEnXmCdbi9KgqF5CXYgfbDfB2TOmWXRLgf45c36punu0ImdA_nu5ghJQzKZR5Nczywz_5a405p1GxzyuTGQLkmDVB9W1aU8Sqoqajox38uA1m0L4FmA3euW39YbgXSx_M-prm6v3SL1O4LeyOn--ornxmgNlO1wt1D9PyunqByyx_VikpUOoYbNELFHP0C51SqrJ7LOsaPTNkjrROIixCHhSLqwuI9yVt8QXZtOD6jd9jqiXK4kfv6kVccV_IaA6sRJQmr2Qvp2RvG7oJUsVpsRnaLXX6LpJFzXu1O2H9s5HAfUqEwbRZCcRfaDPW_RdX8RFJNkOf6NqE04eVAZ0kb34K7rSxz6dSWsvmVqyc21beQVuW5hr_NEQZlpFEeyqlHTqsBP--3aCgAF19sJAeNriwa7CFvHNUliuSp3qbUc8CBetxtCVPrtkEDRcpz-qciJMip2eLEqOKynv0fTl7G_pSeWLD8q_buQE14HH1ZMys2A3c2eNBMAziZrSyoHASgCqR-EhXyswl4wb7uO5BVimJz8btrixCHy37mARS-KUtKTlaNCn5vHVTLxEG0glTHqPzzjHJk7R_Ze0nvWznf0KuDXgd3-ZOR_jCAZGfhTNViTQaaWRvzM1ub3V0kb-rJWU4Xx7o_YFmTBAPi6IO54ZH1h9YmDNoQt05PqeWTzlcg9E93i7SOpNgFD1kVPMTw-tSkzesxTP22t-9sSghiRy4P_DWVAVVsASfBpcBPxfddH9s7_H90HcjbmCAypaoxlIcu3sqKyNQWMbBOzb5nFjhYT7Aw9NiivZ-SSwpfNhSMLWNWjesWwDifAJ8Ay_vAsjblEbapfpQk8boZ_s&ext_cid=224906&px_id=73560190&min_cpm=0.0014517139900371951&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=4485446328018259832&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03162566010952003&cpm=0.02844997486031586&verify_hash=67a86131374b3e86b5520eaff34dc662&is_native=1&real_bid=0.02820530517419245&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,33,98,130&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715391385&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=c5cf935c-545d-4f51-a5da-34a24e558e44&prev_step_diff=850

94.130.198.6

200 OK

0 B

URL GET HTTP/2
mbdippex.com/in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218585&subid=1211831614&sid=1572509799&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=milf,adult,mature&user_fp=6241671574567358293&score=33.436680851035334&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DAjwTQ_BZNbhYX67MJ3nEzc5-6S_O7ISeK4thf15qEZ-MV-tXMPjCXaRaW7Wk53O2_lrvPP9eKzNVrXNFAP6QrBnVhTDuk0PjQuQpAmKE4JYJAE8URwah_ylMlbrK4umM2rboYvlHzmIMuLHRCf_LIZHdX7LHlHsVi3guRDrffoOE9Y1XYewRQjQ2L9TrwkfWjtBp7b1uVAS5JX2ozaeyhnMMxbZy5P22tl4U33wlKcoHI-TLh5ZK6EgbsYlf1hopILuAuBAv-BNDE8MpYyFKTks1ZiRFjiN5GxJvzxGaSAMxQ_IaOfnYFCe7D9OBYzzgtqxzsKqwU-Tat2lAkXZ3R2u6wNQkfMzKMxJBObIW3eh6hd3UG3Sg5oZ5i7zQVnxFeyiOQOFOCS2HzGoVrvaFlEmwj4R5BwS8u4e3uRa8dp8ZhdItk0hhQOoy9f6rbkIrsVQKXC2R9xzIuErn79MJbTRpe0ynPZlq9zfYxejghmJ4n6wRg-mhB_whg3tDXqhaWK8lPLZgdIEmDITc1DCJqKIwufGgyuPFqPiLh_H73cK0FSyC5dI6BPPDg6-zudfDAe9e9nF7zqKMXXObHFqRQT0KQRHm9GiwXdKKvq4a9XCsfQaWFNh8DGTA-bdU_GoexQf2-s_yk7vtuEUlluhBRKcDmqHfsfszNoUvyIkLwRcMOKA0k-zruU9pmFVnNXIFJ3nInzHK975YLydESM1cILwkgAgbIcfaqI8hf8dKXEUoGaB6-8zb7Nb0GPkIRdRmkIpwMxMyIpmwjJ3hjviI6lt0AaIC24v6A9YWjm8Ib0Wsy36rBEyngwBd1vgtMTZN_OmS_WEtmRYaAeDkkemt3oqC6IK22wcH7OnXvbsDAuX0hzSg0u3iTLNMVwLoWQdWw4e9-iYPoKeLt0bgJpsxq02LUg4JmqNEW2ZNx5C3kk-UcbMLpSnTE2Kj5aeu_59wvkBhoywdJCWIVvooBMa8gCvL_m4p_7DpLy2WWDgGBg_pqvU4gWs-KATZ4UwmSQyJwUMpSc4Pnq20Hi8J_fWVh4mNrAuj-O-LuoA7cBmckLX44cSp91KCAdX4Jci9HDTrunUKekLc4-l3uRCrpDcvxX7MgHyJevjxs2sATQVnDJKu292jzRcZu1UQwktsjRXL8TjsR5u8BFR45KRy3g1xh9mUaZlsfwC6AJrqsbUC0IO_Jmb8w6FHZtXkVmivmbveuiUOAfFd6lOF4wiQxLkX7V1UV11tR1Cd4tIk_l8J3wrRcI48lF2W-NtHdIH8tNakzPor8nX15HOJo_xfnm5YosHBbFE6GDYbJTKaFpCoPospf0ZW%26bid%3D0.02844997486031586&icons=lFI-b5OHhoS9fs25Pb5x3_E8C0vjqyAt_XONSBwuLnq5b0j8wlodmSHRJV2qhi5nGjkfVGUxeAl-6Q-DORfvX1UVQu8rdZHKDDDo62zNc3H6kNQ_f1OiPJOU1i8PjImqKmyVCWQtcCNnnHZLTyElR2TJ4YRTSaBT6-Om6v2PFmz4jRLbQ7zAN5PHPumnawNrdeM6b-dTXtISX2PxCQnRs3Xd7ItR4ED-Q9oxh7hEK03_4yWTQrfXheFxXrLqww3hFl7YmL1yrvzWWDgKuAk442NLonevY4gl2L0qFXqfOjEwzBDibbBdKl5lpfnImfBsy8JUrIaItlvziuFNGvgbYFPgM4PjxUHwtBUMQgCLHiyogc7-_xsRzcZT_gBAPG4YSuGfeEd3JhTry1s8pq8JIgJ9WPFqoPQYwFutLzKZT2YcSRBP3L0dx_9doqBgx-BEg3oG6DzL_la05YE47oB2fAm71B_xdU5LEnXmCdbi9KgqF5CXYgfbDfB2TOmWXRLgf45c36punu0ImdA_nu5ghJQzKZR5Nczywz_5a405p1GxzyuTGQLkmDVB9W1aU8Sqoqajox38uA1m0L4FmA3euW39YbgXSx_M-prm6v3SL1O4LeyOn--ornxmgNlO1wt1D9PyunqByyx_VikpUOoYbNELFHP0C51SqrJ7LOsaPTNkjrROIixCHhSLqwuI9yVt8QXZtOD6jd9jqiXK4kfv6kVccV_IaA6sRJQmr2Qvp2RvG7oJUsVpsRnaLXX6LpJFzXu1O2H9s5HAfUqEwbRZCcRfaDPW_RdX8RFJNkOf6NqE04eVAZ0kb34K7rSxz6dSWsvmVqyc21beQVuW5hr_NEQZlpFEeyqlHTqsBP--3aCgAF19sJAeNriwa7CFvHNUliuSp3qbUc8CBetxtCVPrtkEDRcpz-qciJMip2eLEqOKynv0fTl7G_pSeWLD8q_buQE14HH1ZMys2A3c2eNBMAziZrSyoHASgCqR-EhXyswl4wb7uO5BVimJz8btrixCHy37mARS-KUtKTlaNCn5vHVTLxEG0glTHqPzzjHJk7R_Ze0nvWznf0KuDXgd3-ZOR_jCAZGfhTNViTQaaWRvzM1ub3V0kb-rJWU4Xx7o_YFmTBAPi6IO54ZH1h9YmDNoQt05PqeWTzlcg9E93i7SOpNgFD1kVPMTw-tSkzesxTP22t-9sSghiRy4P_DWVAVVsASfBpcBPxfddH9s7_H90HcjbmCAypaoxlIcu3sqKyNQWMbBOzb5nFjhYT7Aw9NiivZ-SSwpfNhSMLWNWjesWwDifAJ8Ay_vAsjblEbapfpQk8boZ_s&ext_cid=224906&px_id=73560190&min_cpm=0.0014517139900371951&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=4485446328018259832&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03162566010952003&cpm=0.02844997486031586&verify_hash=67a86131374b3e86b5520eaff34dc662&is_native=1&real_bid=0.02820530517419245&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,33,98,130&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715391385&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=c5cf935c-545d-4f51-a5da-34a24e558e44&prev_step_diff=850
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D820f3e3f67&refdom=www.amdahost.com&auction_time=1715218585&subid=1211831614&sid=1572509799&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-09&iabcat=IAB25-3&keywords=milf,adult,mature&user_fp=6241671574567358293&score=33.436680851035334&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D820f3e3f67%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DAjwTQ_BZNbhYX67MJ3nEzc5-6S_O7ISeK4thf15qEZ-MV-tXMPjCXaRaW7Wk53O2_lrvPP9eKzNVrXNFAP6QrBnVhTDuk0PjQuQpAmKE4JYJAE8URwah_ylMlbrK4umM2rboYvlHzmIMuLHRCf_LIZHdX7LHlHsVi3guRDrffoOE9Y1XYewRQjQ2L9TrwkfWjtBp7b1uVAS5JX2ozaeyhnMMxbZy5P22tl4U33wlKcoHI-TLh5ZK6EgbsYlf1hopILuAuBAv-BNDE8MpYyFKTks1ZiRFjiN5GxJvzxGaSAMxQ_IaOfnYFCe7D9OBYzzgtqxzsKqwU-Tat2lAkXZ3R2u6wNQkfMzKMxJBObIW3eh6hd3UG3Sg5oZ5i7zQVnxFeyiOQOFOCS2HzGoVrvaFlEmwj4R5BwS8u4e3uRa8dp8ZhdItk0hhQOoy9f6rbkIrsVQKXC2R9xzIuErn79MJbTRpe0ynPZlq9zfYxejghmJ4n6wRg-mhB_whg3tDXqhaWK8lPLZgdIEmDITc1DCJqKIwufGgyuPFqPiLh_H73cK0FSyC5dI6BPPDg6-zudfDAe9e9nF7zqKMXXObHFqRQT0KQRHm9GiwXdKKvq4a9XCsfQaWFNh8DGTA-bdU_GoexQf2-s_yk7vtuEUlluhBRKcDmqHfsfszNoUvyIkLwRcMOKA0k-zruU9pmFVnNXIFJ3nInzHK975YLydESM1cILwkgAgbIcfaqI8hf8dKXEUoGaB6-8zb7Nb0GPkIRdRmkIpwMxMyIpmwjJ3hjviI6lt0AaIC24v6A9YWjm8Ib0Wsy36rBEyngwBd1vgtMTZN_OmS_WEtmRYaAeDkkemt3oqC6IK22wcH7OnXvbsDAuX0hzSg0u3iTLNMVwLoWQdWw4e9-iYPoKeLt0bgJpsxq02LUg4JmqNEW2ZNx5C3kk-UcbMLpSnTE2Kj5aeu_59wvkBhoywdJCWIVvooBMa8gCvL_m4p_7DpLy2WWDgGBg_pqvU4gWs-KATZ4UwmSQyJwUMpSc4Pnq20Hi8J_fWVh4mNrAuj-O-LuoA7cBmckLX44cSp91KCAdX4Jci9HDTrunUKekLc4-l3uRCrpDcvxX7MgHyJevjxs2sATQVnDJKu292jzRcZu1UQwktsjRXL8TjsR5u8BFR45KRy3g1xh9mUaZlsfwC6AJrqsbUC0IO_Jmb8w6FHZtXkVmivmbveuiUOAfFd6lOF4wiQxLkX7V1UV11tR1Cd4tIk_l8J3wrRcI48lF2W-NtHdIH8tNakzPor8nX15HOJo_xfnm5YosHBbFE6GDYbJTKaFpCoPospf0ZW%26bid%3D0.02844997486031586&icons=lFI-b5OHhoS9fs25Pb5x3_E8C0vjqyAt_XONSBwuLnq5b0j8wlodmSHRJV2qhi5nGjkfVGUxeAl-6Q-DORfvX1UVQu8rdZHKDDDo62zNc3H6kNQ_f1OiPJOU1i8PjImqKmyVCWQtcCNnnHZLTyElR2TJ4YRTSaBT6-Om6v2PFmz4jRLbQ7zAN5PHPumnawNrdeM6b-dTXtISX2PxCQnRs3Xd7ItR4ED-Q9oxh7hEK03_4yWTQrfXheFxXrLqww3hFl7YmL1yrvzWWDgKuAk442NLonevY4gl2L0qFXqfOjEwzBDibbBdKl5lpfnImfBsy8JUrIaItlvziuFNGvgbYFPgM4PjxUHwtBUMQgCLHiyogc7-_xsRzcZT_gBAPG4YSuGfeEd3JhTry1s8pq8JIgJ9WPFqoPQYwFutLzKZT2YcSRBP3L0dx_9doqBgx-BEg3oG6DzL_la05YE47oB2fAm71B_xdU5LEnXmCdbi9KgqF5CXYgfbDfB2TOmWXRLgf45c36punu0ImdA_nu5ghJQzKZR5Nczywz_5a405p1GxzyuTGQLkmDVB9W1aU8Sqoqajox38uA1m0L4FmA3euW39YbgXSx_M-prm6v3SL1O4LeyOn--ornxmgNlO1wt1D9PyunqByyx_VikpUOoYbNELFHP0C51SqrJ7LOsaPTNkjrROIixCHhSLqwuI9yVt8QXZtOD6jd9jqiXK4kfv6kVccV_IaA6sRJQmr2Qvp2RvG7oJUsVpsRnaLXX6LpJFzXu1O2H9s5HAfUqEwbRZCcRfaDPW_RdX8RFJNkOf6NqE04eVAZ0kb34K7rSxz6dSWsvmVqyc21beQVuW5hr_NEQZlpFEeyqlHTqsBP--3aCgAF19sJAeNriwa7CFvHNUliuSp3qbUc8CBetxtCVPrtkEDRcpz-qciJMip2eLEqOKynv0fTl7G_pSeWLD8q_buQE14HH1ZMys2A3c2eNBMAziZrSyoHASgCqR-EhXyswl4wb7uO5BVimJz8btrixCHy37mARS-KUtKTlaNCn5vHVTLxEG0glTHqPzzjHJk7R_Ze0nvWznf0KuDXgd3-ZOR_jCAZGfhTNViTQaaWRvzM1ub3V0kb-rJWU4Xx7o_YFmTBAPi6IO54ZH1h9YmDNoQt05PqeWTzlcg9E93i7SOpNgFD1kVPMTw-tSkzesxTP22t-9sSghiRy4P_DWVAVVsASfBpcBPxfddH9s7_H90HcjbmCAypaoxlIcu3sqKyNQWMbBOzb5nFjhYT7Aw9NiivZ-SSwpfNhSMLWNWjesWwDifAJ8Ay_vAsjblEbapfpQk8boZ_s&ext_cid=224906&px_id=73560190&min_cpm=0.0014517139900371951&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=4485446328018259832&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03162566010952003&cpm=0.02844997486031586&verify_hash=67a86131374b3e86b5520eaff34dc662&is_native=1&real_bid=0.02820530517419245&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,33,98,130&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715391385&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=c5cf935c-545d-4f51-a5da-34a24e558e44&prev_step_diff=850 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 09 May 2024 01:36:25 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap

142.250.74.106

200 OK

789 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (807), with no line terminators
Size
789 B (789 bytes)
Hash
6f717af0e726a10479b7e8bed93e5142
a115121febff939512aba08376c87856e8eb7d81
3f2d568b6fb6321a2e59f992275a60a22c904f5e8d84b7c6e43b1bb702ae86db

HTTP Headers

GET /css2?family=Poppins:wght@600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:36:22 GMT
date: Thu, 09 May 2024 01:36:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

104.16.79.73

200 OK

19 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
FingerprintCE:62:08:77:7A:C9:4F:2B:EB:19:EA:54:43:3D:9F:10:06:33:69:E8
ValidityWed, 08 May 2024 03:07:03 GMT - Tue, 06 Aug 2024 03:07:02 GMT

File type
JavaScript source, ASCII text, with very long lines (19189), with no line terminators
Size
19 kB (19189 bytes)
Hash
4c980ee97cb5c001b4d19e2895fa5603
2c6fe998aa7486c4becd74cf253bdd82666a64c3
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

HTTP Headers

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:22 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Mon, 06 May 2024 19:01:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df54aca5f56b1-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

js.mbidinp.com/npc/sdk/wpu/npush.m.js

45.133.44.53

200 OK

169 kB

URL GET HTTP/2
js.mbidinp.com/npc/sdk/wpu/npush.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectjs.mbidinp.com
FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C
ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT

File type

Size
169 kB (168568 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:24 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Thu, 09 May 2024 01:41:24 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Comic+Neue&display=swap

142.250.74.106

200 OK

420 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Comic+Neue&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (429), with no line terminators
Size
420 B (420 bytes)
Hash
75f97bdeb174d8b64c2078ceff6726a3
beb63d63eb0398c4e6f15b6f2ad83c9fd7ef272d
0dd00245b771e2aada55e76fe50ee64c186e9413f70b1fc54da284a2cab024c6

HTTP Headers

GET /css2?family=Comic+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:36:22 GMT
date: Thu, 09 May 2024 01:36:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Bungee+Spice&display=swap

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bungee+Spice&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1310), with no line terminators
Size
1.3 kB (1280 bytes)
Hash
6ed7e36a675f79912a60041296e6712c
90726391e4efdc836774a463094dbce3f980c761
59214048cf850c5c635c4bd6669db6222a200dd806e8ec2b2e8f504fa0b9393d

HTTP Headers

GET /css2?family=Bungee+Spice&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:36:22 GMT
date: Thu, 09 May 2024 01:36:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.tailwindcss.com/3.4.3

104.22.21.144

200 OK

366 kB

URL GET HTTP/2
cdn.tailwindcss.com/3.4.3
IP
104.22.21.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (52292)
Size
366 kB (365681 bytes)
Hash
4bdcdace639cc6c0f08a15c295482172
6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31
d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c

HTTP Headers

GET /3.4.3 HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:22 GMT
content-type: text/javascript
cache-control: max-age=31536000
content-encoding: br
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::rn74h-1711569125689-ef02b3caf33b
last-modified: Wed, 27 Mar 2024 19:52:06 GMT
cf-cache-status: HIT
age: 710670
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df54b0f01b4ff-OSL
X-Firefox-Spdy: h2

js.mbidadm.com/static/scripts.m.js

45.133.44.53

200 OK

109 kB

URL GET HTTP/2
js.mbidadm.com/static/scripts.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerLet's Encrypt
Subjectjs.mbidadm.com
FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80
ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT

File type

Size
109 kB (109384 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/scripts.m.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:23 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 08 May 2024 10:50:20 GMT
etag: W/"663b58ec-1ab48"
content-encoding: gzip
expires: Thu, 09 May 2024 01:41:23 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQw9d9o-odMtE8f_SsceW6WT9amJ3VviBkJMKQtrVyQNAFsjrZLycYFssMYpDuE5PQBquECHYA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1158309721%3A1715218585570872&theme=mn&ddm=0

173.194.222.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQw9d9o-odMtE8f_SsceW6WT9amJ3VviBkJMKQtrVyQNAFsjrZLycYFssMYpDuE5PQBquECHYA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1158309721%3A1715218585570872&theme=mn&ddm=0
IP
173.194.222.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=820f3e3f67
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A
ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQw9d9o-odMtE8f_SsceW6WT9amJ3VviBkJMKQtrVyQNAFsjrZLycYFssMYpDuE5PQBquECHYA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1158309721%3A1715218585570872&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 09 May 2024 01:36:25 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-k7KbiQThXCLu3FjaWdb7jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML