Report - www.amdahost.com/watch.php?id=a336b4df9f

Report Overview

Submitted URL
www.amdahost.com/watch.php?id=a336b4df9f
IP
172.67.183.69
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 21:59:19
Access
public
Website Title
Video [sweetcat-grupa-z-facetem-sex-2]
Final URL
www.amdahost.com/watch.php?id=a336b4df9f
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vjs.zencdn.net	4968	2011-12-27	2012-05-21	2024-05-07	423 B	13 kB	151.101.130.217
js.mbidadm.com	unknown	2023-02-20	2023-02-21	2024-05-01	832 B	44 kB	45.133.44.53
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2024-05-06	2.1 kB	1.6 kB	157.90.84.242
8d80fcb421.a700fb9c8d.com	unknown	unknown	No data	No data	1.8 kB	428 kB	45.133.44.53
js.mbidinp.com	unknown	2023-02-20	2023-04-25	2024-05-06	820 B	518 kB	45.133.44.52
zovidree.com	unknown	2024-02-23	2024-02-24	2024-04-22	400 B	91 kB	172.67.166.14
o.pki.goog	unknown	2016-06-13	2024-04-24	2024-05-06	650 B	1.4 kB	142.250.74.131
63cc093d48.f336d0935e.com	unknown	2024-04-07	2024-05-07	2024-05-07	9.1 kB	7.3 kB	157.90.84.246
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-07	445 B	18 kB	151.101.129.229
cdn.fluidplayer.com	33284	2016-09-22	2017-08-29	2024-05-06	891 B	238 kB	185.76.9.24
cdn.pncloudfl.com	13313	2021-04-20	2021-06-07	2024-05-04	473 B	144 kB	104.22.58.221
js.capndr.com	316718	2021-08-30	2021-08-30	2024-05-06	403 B	374 B	45.133.44.53
6fbb07e2de.7aa82805b9.com	unknown	unknown	No data	No data	829 B	320 B	45.133.44.53
nereserv.com	40015	2020-12-21	2020-12-21	2024-05-06	2.8 kB	1.6 kB	94.130.198.6
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	3.5 kB	52 kB	142.250.74.106
pyknrhm5c.com	unknown	unknown	No data	No data	2.7 kB	46 kB	212.117.190.201
glakaits.net	unknown	unknown	No data	No data	1.1 kB	3.5 kB	139.45.197.242
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2024-05-07	528 B	1.6 kB	104.21.30.242
32879.2481april2024.com	unknown	unknown	No data	No data	1.8 kB	9.4 kB	88.208.22.4
b57dqedu4.com	unknown	unknown	No data	No data	1.9 kB	175 kB	212.117.190.201
metricswpsh.com	unknown	2021-10-29	2021-11-02	2024-05-02	819 B	320 B	88.198.136.228
static.bookmsg.com	47495	2020-09-15	2020-11-24	2024-05-07	1.8 kB	3.0 kB	45.133.44.24
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-05-06	498 B	20 kB	104.16.80.73
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-07	431 B	31 kB	142.250.74.170
bid.mbidtg.com	unknown	2023-03-09	2023-03-09	2024-05-02	448 B	2.4 kB	45.133.44.24
www.amdahost.com	unknown	2024-03-17	2024-03-21	2024-04-18	7.7 kB	357 kB	172.67.183.69
cdn.tailwindcss.com	422202	2017-07-20	2018-07-09	2024-05-06	809 B	156 kB	172.67.41.16
imdn.pics	unknown	2023-09-14	2023-09-14	2024-05-04	1.7 kB	28 kB	45.133.44.25
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-06	465 B	745 B	139.45.195.8
mbddip.com	unknown	2023-04-26	2023-07-14	2024-05-02	608 B	320 B	94.130.198.6
js.mbidpp.com	unknown	2023-02-20	2023-04-22	2024-02-23	418 B	31 kB	45.133.44.53
zokaukree.net	unknown	unknown	No data	No data	466 B	4.2 kB	139.45.197.245
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-06	1.7 kB	4.9 kB	74.125.131.84
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20	2024-05-07	429 B	788 B	142.250.74.162
mbdippex.com	unknown	2023-04-26	2023-06-06	2024-03-26	9.0 kB	7.3 kB	94.130.198.6
storage.mbidstorage.com	unknown	2024-02-27	2024-03-05	2024-04-27	540 B	1.7 kB	172.67.164.241
mpougdusr.com	unknown	unknown	No data	No data	6.1 kB	175 kB	212.117.190.201
mcpuwpsh.com	unknown	2022-08-12	2022-08-12	2024-05-05	970 B	14 kB	94.130.197.240
p.a64x.com	unknown	2023-07-27	2023-07-27	2024-05-06	3.0 kB	4.3 kB	172.67.185.171

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	7aa82805b9.com	Sinkholed
2024-05-07	medium	a700fb9c8d.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	a700fb9c8d.com	Sinkholed
2024-05-07	medium	zokaukree.net	Sinkholed
2024-05-07	medium	a700fb9c8d.com	Sinkholed
2024-05-07	medium	a700fb9c8d.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (28)

	URL	Size	First Seen	Last Seen
	8d80fcb421.a700fb9c8d.com/63864341c121fc80a909f55d1d6303d1.js	109 kB	2024-05-07	2024-05-08
Pretty URL 8d80fcb421.a700fb9c8d.com/63864341c121fc80a909f55d1d6303d1.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 15:50:14 Last Seen2024-05-08 10:46:12 Times Seen53 Hash a1e224a8e52887d745fa52fef1c2387a a9da064636d2a4af29d63c0667f902ae19417e11 d82282a432e0c5f65df9b379bd3d016d49a936f70c8d831e1dc1756e455888ea Loading...

	js.capndr.com/advertising.js	0 B	2023-03-07	2024-05-19
Pretty URL js.capndr.com/advertising.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 22:53:20 Times Seen37845891 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	storage.multstorage.com/log/count.html	718 B	2023-09-18	2024-05-19
Pretty URL storage.multstorage.com/log/count.html IP 104.21.30.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19:52 Last Seen2024-05-19 22:47:32 Times Seen5575 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	unknown	247 B	2024-05-07	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 23:59:27 Last Seen2024-05-07 23:59:27 Times Seen1 Hash 5cb28d594fdd588f71541fbb8ae0b5a1 f2bebb1babf0a4ee420a3e698c5bf007dd83f2d7 4af9cc57d72930a36b6f393b29ed7ba383467f491c939d32cb578b09fc9c59bc Loading...

	pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js	91 kB	2024-05-05	2024-05-09
Pretty URL pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 00:39:25 Last Seen2024-05-09 15:53:35 Times Seen26 Hash e0411427d3a21e45aeedb135ad163c3b fa7604ba1e0c74bb7f8ffb0d229ec10677872813 30e20e87ce0312c597365ca972e0e0bc4470a1ac11b6f6c026d5aa342d6576cd Loading...

	www.amdahost.com/watch.php?id=a336b4df9f	561 B	2024-04-29	2024-05-08
Pretty URL www.amdahost.com/watch.php?id=a336b4df9f IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-29 10:28:04 Last Seen2024-05-08 04:51:47 Times Seen19 Hash 66de4b95a7fd34474fb50687a683753b ff4b480fa33782a2cc4d752a8e735866ca29d175 c2a218082700c505e53d1907f3f32e3aa761b2774e42b81c5139a4b86ebe2667 Loading...

	www.amdahost.com/watch.php?id=a336b4df9f	696 B	2024-05-07	2024-05-07
Pretty URL www.amdahost.com/watch.php?id=a336b4df9f IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 23:59:27 Last Seen2024-05-07 23:59:27 Times Seen1 Hash ce1a97320632e9d8d3a91cb1264c59df 7c77b5f6e6a7ae7a9bb63d1ec762e7ee8f226629 38cc3f84ff9fc74398c3d290de8d6a4882b918e4e81871b7dc37853f47e2b0ae Loading...

	js.mbidinp.com/skins/nmain.m.js	470 kB	2024-04-16	2024-05-19
Pretty URL js.mbidinp.com/skins/nmain.m.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:37:10 Last Seen2024-05-19 22:47:33 Times Seen1380 Hash 2902e331e5e735ad63e7510dfc434c5b 8f276d26159f74561fb370144b8cafba8bcc8bd3 26106440376cfc59241a9ef152d26483d436f1c155744bda92a41d3906e60ba2 Loading...

	www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.8 kB	2024-05-07	2024-05-07
Pretty URL www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 23:38:36 Last Seen2024-05-07 23:59:29 Times Seen4 Hash f65d1a128e31b1a12fbf0d7c8b5f3b04 0b0fc0ef12cdfb05b2f34d2975c3ab8ecec5d52f 3f81a9f0e7594ff0a8aba24e68288a01938a519e2c88bcd259871a82de7678dc Loading...

	8d80fcb421.a700fb9c8d.com/9f8781cc63b095275470f5973e6f8461.js	169 kB	2024-04-25	2024-05-16
Pretty URL 8d80fcb421.a700fb9c8d.com/9f8781cc63b095275470f5973e6f8461.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:48:27 Last Seen2024-05-16 08:49:21 Times Seen1042 Hash e164f0fc509991890121aa763019689d 16f901a89a57f87c90d6cea80cff9f8bd32756dc fdd439b2c8d28676c5e03847afc19252a3d6d88a670ba48db4ac020866c6b6ec Loading...

	zovidree.com/tag.min.js	90 kB	2024-05-05	2024-05-08
Pretty URL zovidree.com/tag.min.js IP 172.67.166.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 20:08:02 Last Seen2024-05-08 04:20:45 Times Seen75 Hash 7573260aff69fe8406b0115ab4bcefaa f7f5c31f2481bd176a9b79deff1b7c0d4878f87c 280186476a1f8103793e2139d4654b16f61a2a1d393966388f55b8ed795ebba3 Loading...

	cdn.fluidplayer.com/v3/current/fluidplayer.min.js	233 kB	2024-04-06	2024-05-19
Pretty URL cdn.fluidplayer.com/v3/current/fluidplayer.min.js IP 185.76.9.24 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-06 22:07:12 Last Seen2024-05-19 04:40:27 Times Seen154 Hash 9829e8e730a9125e695789512d85177a e20a0d55ab1722ef3ad13741a2b8975413d43909 7c38ede4727de973827091514a83d24a039bda1d0d4cac219eb20571a2cc3698 Loading...

	static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387	19 kB	2024-04-24	2024-05-19
Pretty URL static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:56:41 Last Seen2024-05-19 22:22:37 Times Seen2568 Hash 4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192 Loading...

	b57dqedu4.com/get/2020088?zoneid=2020088&jp=_cled0ko2f5ih4144hwdyb7&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6023376558333952&eclog=0&im=1&uf=0	2.9 kB	2024-05-07	2024-05-07
Pretty URL b57dqedu4.com/get/2020088?zoneid=2020088&jp=_cled0ko2f5ih4144hwdyb7&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6023376558333952&eclog=0&im=1&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 23:59:27 Last Seen2024-05-07 23:59:28 Times Seen1 Hash 0fa896e85bfa5178e58e28d3a28ad363 715510550a0bc03fbc86ca59c8d4b979e9aaae0f 5508754dbef03ffc69b99ee95aeaba79526eb154cec96e615713c31782cc5384 Loading...

	32879.2481april2024.com/4/js/233169	17 kB	2024-05-07	2024-05-07
Pretty URL 32879.2481april2024.com/4/js/233169 IP 88.208.22.4 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 23:59:28 Last Seen2024-05-07 23:59:28 Times Seen2 Hash e3ada234eb7b665867856d381de2cbd9 d4d6a570ba7c45afc58e7cbd4b1e6a08ce371d9a 80c30a7584f57c9acf64de1b96e7e307495e1375721b435189a51eb8ade75b01 Loading...

	www.amdahost.com/watch.php?id=a336b4df9f	192 B	2024-05-07	2024-05-09
Pretty URL www.amdahost.com/watch.php?id=a336b4df9f IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 06:09:42 Last Seen2024-05-09 03:42:21 Times Seen9 Hash 983cf614c8d893b18d7f62c5f5cf37eb 0dd65aae75b152bf5663aa6eaf2281fa35fbc918 b9fff563451906887c412e545903684bb80c61c369c8b11e5256f5fcbed91647 Loading...

	www.amdahost.com/watch.php?id=a336b4df9f	6.4 kB	2024-04-21	2024-05-09
Pretty URL www.amdahost.com/watch.php?id=a336b4df9f IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-21 00:00:40 Last Seen2024-05-09 15:53:33 Times Seen38 Hash 729b602ae59da0a8a578c627f0c8e252 55588035e45b31ca4c5066d0155bd092a6fabcda b5ce04d261257f877cfa642ea13d645c29e8c474ef571d0f300c81900d226302 Loading...

	cdn.tailwindcss.com/	366 kB	2024-03-28	2024-05-19
Pretty URL cdn.tailwindcss.com/ IP 172.67.41.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 05:53:51 Last Seen2024-05-19 17:41:52 Times Seen507 Hash 4bdcdace639cc6c0f08a15c295482172 6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31 d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c Loading...

	b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js	106 kB	2024-05-03	2024-05-09
Pretty URL b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:40:35 Last Seen2024-05-09 15:53:33 Times Seen34 Hash 5c1245ce45f7e0a8ff772bf695857a27 fad29ae9877616251044562b679427d9450199f7 9eee888953ac3827e3a1951d646e67fd6c34a47c7f4ff861c8b875218889513b Loading...

	js.mbidadm.com/static/scripts.m.js	109 kB	2024-05-07	2024-05-08
Pretty URL js.mbidadm.com/static/scripts.m.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 23:59:28 Last Seen2024-05-08 04:51:47 Times Seen7 Hash 6a133514aa17f62ade6d637fb2c0693f 30ec6cffa2fd557334979cc58d5054bf04b7d686 814eb324daf8e63b8a19b29985c940a560f9bbcac7bf4ebda621e9e2ec8fc5cd Loading...

	pyknrhm5c.com/get/2025683?p=2025683&jp=_cl0vllyk0w5z6hpemcoofb&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275176372025344&eclog=0&im=1&freq=0&uf=0	12 kB	2024-05-07	2024-05-07
Pretty URL pyknrhm5c.com/get/2025683?p=2025683&jp=_cl0vllyk0w5z6hpemcoofb&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275176372025344&eclog=0&im=1&freq=0&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 23:59:28 Last Seen2024-05-07 23:59:28 Times Seen1 Hash bcf52a5cf89e49ff8444d7f081f2aa07 270f2f9881706aac460754d642104a759f472850 3ebad640ff3409f29c134d1bd4eac5f530b7de16715333365448d8067f3627c6 Loading...

	mpougdusr.com/get/2020090?zoneid=2020090&jp=_clgnd7cvvv0ygmlukipgah&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1801251907638272&eclog=0&im=1&freq=0&uf=0	14 kB	2024-05-07	2024-05-07
Pretty URL mpougdusr.com/get/2020090?zoneid=2020090&jp=_clgnd7cvvv0ygmlukipgah&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1801251907638272&eclog=0&im=1&freq=0&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 23:59:28 Last Seen2024-05-07 23:59:29 Times Seen2 Hash cbd110594b0e7eec9012de7422dacb3b 643b54202bcf2f7cc2046cfb1334b403778f91d2 d61f7feacac2df98d2a3ea7982d8df81bcfb3cebd19c1dc4294ff35c139ff037 Loading...

	js.mbidadm.com/static/scripts.js	1.7 kB	2024-04-12	2024-05-18
Pretty URL js.mbidadm.com/static/scripts.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 00:52:21 Last Seen2024-05-18 23:11:41 Times Seen65 Hash 7e14d1597d1dd442175d8ee15cb07f07 de55b2463f332f2096d788047f8a7b07a776e437 cf31e107e8cb091c9477fe99de3a57a65486fe87becf0e8f469846949beff9f3 Loading...

	mpougdusr.com/bultykh/ipp24/7/bazinga/2020090	158 kB	2024-05-03	2024-05-09
Pretty URL mpougdusr.com/bultykh/ipp24/7/bazinga/2020090 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:40:35 Last Seen2024-05-09 15:53:33 Times Seen37 Hash c6ea5aedb4469e81f7d41b0eec41f409 7d7edc7b87462fb56c5e3c17c86bebad542d1d6f 72ad45cf0dd548c1f9611c35289dec90c22375b45bf1aa33d6a14ac7f896865b Loading...

	www.amdahost.com/watch.php?id=a336b4df9f	1.1 kB	2024-05-07	2024-05-07
Pretty URL www.amdahost.com/watch.php?id=a336b4df9f IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 23:59:28 Last Seen2024-05-07 23:59:28 Times Seen1 Hash 05f4c3de38ddc07b0394b2d3def9990c 7e6729fab0c50059ac993a207fc89160e81310e5 7befdce26c35c589e8c556a99fcf237a9c1d8e33d50754b5d495da5b883d84af Loading...

	8d80fcb421.a700fb9c8d.com/110a65cc169b283c3c7819a3fe77e180.js	101 kB	2024-05-06	2024-05-16
Pretty URL 8d80fcb421.a700fb9c8d.com/110a65cc169b283c3c7819a3fe77e180.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-06 11:08:30 Last Seen2024-05-16 07:55:12 Times Seen535 Hash 0cbfae16446f6ff17f3f18758b41e37c fdcba827008b6f52caa67735b295f7fab6f26a04 4f5cece30fb18d801a39950fe09419aa3280c654a323e72733b3204ad11a7a33 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js	88 kB	2023-08-31	2024-05-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 16:03:19 Last Seen2024-05-19 21:18:08 Times Seen9848 Hash 2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Loading...

	www.amdahost.com/watch.php?id=a336b4df9f	109 B	2024-01-26	2024-05-09
Pretty URL www.amdahost.com/watch.php?id=a336b4df9f IP 172.67.183.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-26 19:51:30 Last Seen2024-05-09 15:53:33 Times Seen39 Hash abd3eda1d5f4b0fe7f9c99f43eb150b1 284cfcd4d397568f57e7119072af359d0e9690a0 fa9aeea174a0931635c6509c1484d92671e2adbd83146b79ddce59040cc32760 Loading...

HTTP Transactions (95)

URL IP Response Size

www.amdahost.com/thumbnails/1714450060_49ed01d670d03666.jpg

172.67.183.69

200 OK

38 kB

URL GET HTTP/3
www.amdahost.com/thumbnails/1714450060_49ed01d670d03666.jpg
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 960x540, components 3
Size
38 kB (38017 bytes)
Hash
a5ba6c01f1b97ef900d9d2687581e0ba
76796bd10a4cdf18c6a6fd46bbd35face430200e
fce1ce350e63a16b223b154b816833f25aeae412287cbeca82dccac06d4492ab

HTTP Headers

GET /thumbnails/1714450060_49ed01d670d03666.jpg HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch.php?id=a336b4df9f
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 21:58:50 GMT
content-type: image/jpeg
content-length: 38017
cache-control: public, max-age=604800
expires: Mon, 13 May 2024 21:07:39 GMT
etag: "9481-66306e8c-8c1665;;;"
last-modified: Tue, 30 Apr 2024 04:07:40 GMT
cf-cache-status: HIT
age: 89471
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iwOXdTGoCm19mAFZVoZZSaZNCYTuj%2F5c2OGzR4H%2BcvNvS%2FfgroNt9NZgTH9zk20tjrdnNeadXajGg4vk4DkgEWGgvEZSbqNt0Krw5%2BuEIWkRb0oDSwpojLexgRvu2sZ6Kjyt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880479432938b52d-OSL
alt-svc: h3=":443"; ma=86400

cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css

151.101.129.229

200 OK

17 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
17 kB (16743 bytes)
Hash
373c68d52e3daa5cd7e1ae058fb6bd70
30a01afb8338555278162655e4a8e7ac57774f35
f53b0f6c14c09b5c263713876dfe7185531a3a424a91d192dfee3c5fa03493dd

HTTP Headers

GET /npm/remixicon@4.0.0/fonts/remixicon.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.0.0
x-jsd-version-type: version
etag: W/"200b1-MKAa+4M4VVJ4FiZV5KjnrFd3TzU"
content-encoding: br
accept-ranges: bytes
date: Tue, 07 May 2024 21:58:50 GMT
age: 5251420
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16743
X-Firefox-Spdy: h2

vjs.zencdn.net/8.10.0/video-js.css

151.101.130.217

200 OK

13 kB

URL GET HTTP/2
vjs.zencdn.net/8.10.0/video-js.css
IP
151.101.130.217:443
ASN
#54113 FASTLY

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGlobalSign nv-sa
Subjectvjs.zencdn.net
Fingerprint6B:3F:11:07:D7:05:FD:AF:4D:46:B4:BA:1C:8A:60:70:95:37:35:17
ValidityWed, 06 Mar 2024 21:50:11 GMT - Mon, 07 Apr 2025 21:50:10 GMT

File type
ASCII text, with very long lines (7288)
Size
13 kB (12695 bytes)
Hash
27818e70d5704691d9264fe0083c5b08
b4dffd90528e8f63d54ad3a859b749344e6e00ad
92e11fbc7753b5be23fd489ba4e09c0d62d0b8c64e466845b4534934c46c85d6

HTTP Headers

GET /8.10.0/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 17 Jan 2024 12:53:07 GMT
etag: "27818e70d5704691d9264fe0083c5b08"
x-amz-server-side-encryption: AES256
content-type: text/css
content-encoding: gzip
date: Tue, 07 May 2024 21:58:50 GMT
x-served-by: cache-hel1410031-HEL
x-cache: HIT
x-cache-hits: 9
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 12695
X-Firefox-Spdy: h2

32879.2481april2024.com/4/js/233169

88.208.22.4

200 OK

6.6 kB

URL GET HTTP/2
32879.2481april2024.com/4/js/233169
IP
88.208.22.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subject*.2481april2024.com
FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49
ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT

File type
JavaScript source, ASCII text, with very long lines (16647), with no line terminators
Size
6.6 kB (6574 bytes)
Hash
e3ada234eb7b665867856d381de2cbd9
d4d6a570ba7c45afc58e7cbd4b1e6a08ce371d9a
80c30a7584f57c9acf64de1b96e7e307495e1375721b435189a51eb8ade75b01

HTTP Headers

GET /4/js/233169 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:50 GMT
content-type: application/javascript; charset=UTF-8
content-length: 6574
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2

cdn.tailwindcss.com/3.4.3

172.67.41.16

200 OK

114 kB

URL GET HTTP/2
cdn.tailwindcss.com/3.4.3
IP
172.67.41.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (52292)
Size
114 kB (113634 bytes)
Hash
4bdcdace639cc6c0f08a15c295482172
6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31
d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c

HTTP Headers

GET /3.4.3 HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:50 GMT
content-type: text/javascript
cache-control: max-age=31536000
content-encoding: br
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::rn74h-1711569125689-ef02b3caf33b
last-modified: Wed, 27 Mar 2024 19:52:06 GMT
cf-cache-status: HIT
age: 611218
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804794398005695-OSL
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js

142.250.74.170

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
30 kB (30462 bytes)
Hash
2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

HTTP Headers

GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30462
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:53:27 GMT
expires: Fri, 02 May 2025 01:53:27 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 504323
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.fluidplayer.com/v3/current/6aef4fee473c54e96ff8.svg

185.76.9.24

200 OK

4.6 kB

URL GET HTTP/2
cdn.fluidplayer.com/v3/current/6aef4fee473c54e96ff8.svg
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectfluidplayer.com
Fingerprint46:64:4F:F1:3B:B5:54:D2:21:6F:9B:66:05:DF:D9:AC:7D:3C:8E:D0
ValidityMon, 06 May 2024 08:37:10 GMT - Sun, 04 Aug 2024 08:37:09 GMT

File type
gzip compressed data, from Unix
Size
4.6 kB (4564 bytes)
Hash
c3f6e69bd6b11a4f17690ca68a32f860
598a0a644130bae6fae0bf4373a0a14faad65119
4aaef4f0a69f950cac5592bddc4e36e5b33fd183fce754dc414920313644592f

HTTP Headers

GET /v3/current/6aef4fee473c54e96ff8.svg HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 13:23:12 GMT
etag: W/"65fc34c0-4880"
expires: Fri, 22 Mar 2024 21:45:09 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3BwMAAAwBuUwKDAH3AAAAAAwBisclxAGzgVEBAA
x-77-nzt-ray: af58563076014f8d1ba43a660c5ca300
x-accel-expires: @1715204756
x-accel-date: 1715118356
x-77-cache: HIT
x-77-age: 775
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 775
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Lobster&display=swap

142.250.74.106

200 OK

31 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Lobster&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
31 kB (31257 bytes)
Hash
d02a693f06ae8f1cd37482cbf239cd83
bef7e7da153d6846a31cb7e357692ac99b54bc50
d67d80b8ef6cffc22d8d60ffe5957ce4d97182f1272295e5ddf0fda590cbde5a

HTTP Headers

GET /css2?family=Lobster&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 21:58:50 GMT
date: Tue, 07 May 2024 21:58:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Karla&display=swap

142.250.74.106

200 OK

6.0 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Karla&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
6.0 kB (6006 bytes)
Hash
399fb99d1950d3f690be9e64b7ddeecf
610e656ad09f8da201940a11d20cce4413cd0569
6ae4d0fabe2c65f46b232e942719d0ca365d62e427f2b648021002a251520df5

HTTP Headers

GET /css2?family=Karla&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 21:58:50 GMT
date: Tue, 07 May 2024 21:58:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.mbidadm.com/static/scripts.m.js

45.133.44.53

200 OK

41 kB

URL GET HTTP/2
js.mbidadm.com/static/scripts.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectjs.mbidadm.com
FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80
ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT

File type
gzip compressed data, from Unix
Size
41 kB (41195 bytes)
Hash
5271474f089859c346e212ad4efd485d
218a68acda14f903e4a737b539fc2428ff7d0778
9fbf737b70aa1273daddb59f7bef1fffe874b68b0356cafc963246cbc521f9c7

HTTP Headers

GET /static/scripts.m.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 07 May 2024 12:02:58 GMT
etag: W/"663a1872-1ab61"
content-encoding: gzip
expires: Tue, 07 May 2024 22:03:51 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.183.69

302 Found

0 B

URL GET HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Tue, 07 May 2024 21:58:51 GMT
content-length: 0
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
cache-control: max-age=300, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fe0n%2B%2FAR1vSbN%2FJHFRvXtPBSzrlXuOGe6mu%2F3%2BFm6XgIaX5lU6rfLDdygK4X4Hrg%2FWLoMipH0ycE0wnf6sBvvGOFBM0K9tj%2B9tCLEmhJPavW4hrSh94OG0eEk0iCvEk9qbiu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804794a3efcb52d-OSL
alt-svc: h3=":443"; ma=86400

pyknrhm5c.com/get/2025683?p=2025683&jp=_cl0vllyk0w5z6hpemcoofb&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275176372025344&eclog=0&im=1&freq=0&uf=0

212.117.190.201

200 OK

8.2 kB

URL GET HTTP/2
pyknrhm5c.com/get/2025683?p=2025683&jp=_cl0vllyk0w5z6hpemcoofb&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275176372025344&eclog=0&im=1&freq=0&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87
ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT

File type
gzip compressed data, from Unix
Size
8.2 kB (8195 bytes)
Hash
7797c92764c133711e2ca41efa80aef6
03365cc1092789896e4b8fbc608f91c031bd9de3
b81ae0b3e2df889f9958bea8eee999c53044965cb0eeca0ccb91551d4719bf2b

HTTP Headers

GET /get/2025683?p=2025683&jp=_cl0vllyk0w5z6hpemcoofb&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275176372025344&eclog=0&im=1&freq=0&uf=0 HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=24050716583fb8745cc7d746efa700daa7d6; Path=/; Expires=Tue, 10 Jun 2025 21:58:51 GMT; Secure; SameSite=None
CHCK=1; Path=/; Expires=Tue, 10 Jun 2025 21:58:51 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/60e/2ff/94b/60e2ff94b54c66aa2f634b00630b994c2fe7936d.gif

104.22.58.221

200 OK

143 kB

URL GET HTTP/2
cdn.pncloudfl.com/pn/60e/2ff/94b/60e2ff94b54c66aa2f634b00630b994c2fe7936d.gif
IP
104.22.58.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectcdn.pncloudfl.com
Fingerprint50:5F:A0:91:53:C9:C9:E3:5D:EA:53:42:E8:5B:81:FB:DE:7B:1E:2C
ValiditySun, 28 Apr 2024 04:53:51 GMT - Sat, 27 Jul 2024 04:53:50 GMT

File type
RIFF (little-endian) data, Web/P image
Size
143 kB (142898 bytes)
Hash
a3ef7f4652e064704fb9063bd2c44761
f83f6204fcc6dd4d51a6f737641961ca5a7ce1b3
ee156c275bc22e471034353c9756885a303aed35c194098a42e017d07b0d40a8

HTTP Headers

GET /pn/60e/2ff/94b/60e2ff94b54c66aa2f634b00630b994c2fe7936d.gif HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: image/webp
content-length: 142898
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=gif, origSize=367393
content-disposition: inline; filename="60e2ff94b54c66aa2f634b00630b994c2fe7936d.webp"
etag: 9fb78950119432648d8d5fb853c3eba4
expires: Thu, 09 May 2024 21:58:31 GMT
last-modified: Tue, 02 May 2023 12:11:05 GMT
vary: Accept
x-openstack-request-id: tx607d5e6bd8c04629a2dab-0064ad512f
x-proxy-cache: HIT
x-timestamp: 1683029464.37580
x-trans-id: tx607d5e6bd8c04629a2dab-0064ad512f
cf-cache-status: HIT
age: 20
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 8804794bbfdc56bd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

b57dqedu4.com/get/2020088?zoneid=2020088&jp=_cled0ko2f5ih4144hwdyb7&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6023376558333952&eclog=0&im=1&uf=0

212.117.190.201

200 OK

131 kB

URL GET HTTP/2
b57dqedu4.com/get/2020088?zoneid=2020088&jp=_cled0ko2f5ih4144hwdyb7&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6023376558333952&eclog=0&im=1&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B
ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
gzip compressed data, from Unix
Size
131 kB (130664 bytes)
Hash
cb803a0a49759d6162e0245f5edbb5a2
3e9e81cd927e40ae8242b762b834379bf3f4d68c
5b621f105974992898053cd8fc6b23fa944ffa99aa0e36887bae0fc785ebdf6f

HTTP Headers

GET /get/2020088?zoneid=2020088&jp=_cled0ko2f5ih4144hwdyb7&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6023376558333952&eclog=0&im=1&uf=0 HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Tue, 10 Jun 2025 21:58:51 GMT; Secure; SameSite=None
UID=24050716588ae68193f1884e0b9a0445d40f; Path=/; Expires=Tue, 10 Jun 2025 21:58:51 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

js.capndr.com/advertising.js

45.133.44.53

200 OK

0 B

URL GET HTTP/2
js.capndr.com/advertising.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectjs.capndr.com
Fingerprint0D:30:A1:FB:7E:A0:EC:89:85:17:27:67:37:21:DA:E0:CB:E3:26:06
ValiditySun, 21 Apr 2024 03:00:41 GMT - Sat, 20 Jul 2024 03:00:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Tue, 07 May 2024 22:03:51 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

www.amdahost.com/media/favicon-16x16.png

172.67.183.69

200 OK

936 B

URL GET HTTP/3
www.amdahost.com/media/favicon-16x16.png
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
936 B (936 bytes)
Hash
ac0cd4d64276fa91e68993406abcd43d
c9af1132645f2bccfb9295a4e45cc95e8e78b7b6
bf852eabb9e0bbeb89b360a2dc4ccc1b86f2ffea3dfa78f0c2bb8747be598382

HTTP Headers

GET /media/favicon-16x16.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch.php?id=a336b4df9f
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816; cf_clearance=TTIDFMGz1SyWV314.WvyzZfSEVvM0Va2UVfK.AJyRDE-1715119131-1.0.1.1-XvwRSqv6dRwRMWpDM.1YlsjRqHr2BIIr6vVa0aQTgY9AqlUtERg6JinYJeQAS7vWsHX5eV1YJxqvDUBOChpIqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: image/png
content-length: 936
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 139
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o1uDb12YgLIhSYFCXNOtuxaLGdoV41qZoKeqAplwjRBV8F02PSrs5hv8Ai4v8gyt%2B%2Bx%2FdkCXipfagm%2BtD18%2FXaSolJFT%2FdUqPfE%2FhSO26jCADMzqEz84pYMkLCfF%2BCmzDF1Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804794eea3bb52d-OSL
alt-svc: h3=":443"; ma=86400

cdn.tailwindcss.com/

172.67.41.16

302 Found

42 kB

URL GET HTTP/2
cdn.tailwindcss.com/
IP
172.67.41.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
42 kB (41752 bytes)
Hash
8378f7aafb8bbf5c6344b3518c0ea513
b98c05cd5aaa2de302377873501d9ed889368e14
0ceaccdc2daec15a0258b5b94a6ad30ac479bb9a65e106bbe7f784225a0d28fd

HTTP Headers

GET / HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 07 May 2024 21:58:50 GMT
cache-control: max-age=14400
location: /3.4.3
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::gp8jz-1715118765410-f913489df696
cf-cache-status: HIT
age: 287
vary: Accept-Encoding
server: cloudflare
cf-ray: 880479434fda5695-OSL
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=161855

157.90.84.242

204 No Content

0 B

URL OPTIONS HTTP/1.1
fp.metricswpsh.com/fp?tag_id=161855
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=161855 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Tue, 07 May 2024 21:58:52 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

6fbb07e2de.7aa82805b9.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI0MTY0MzE1MDMyMDIzNjk5NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjEiLCJ0YWdfaWQiOjE2MTg1NSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjQ4LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9

45.133.44.53

200 OK

0 B

URL GET HTTP/2
6fbb07e2de.7aa82805b9.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI0MTY0MzE1MDMyMDIzNjk5NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjEiLCJ0YWdfaWQiOjE2MTg1NSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjQ4LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subject6fbb07e2de.7aa82805b9.com
Fingerprint04:79:31:D9:05:83:F5:83:EF:F1:9B:85:1E:09:BF:D5:E3:ED:14:67
ValiditySat, 04 May 2024 02:50:36 GMT - Fri, 02 Aug 2024 02:50:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI0MTY0MzE1MDMyMDIzNjk5NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjEiLCJ0YWdfaWQiOjE2MTg1NSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjQ4LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: 6fbb07e2de.7aa82805b9.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:52 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.250.74.162

200 OK

0 B

URL HEAD HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.250.74.162:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B
ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Tue, 07 May 2024 21:58:52 GMT
expires: Tue, 07 May 2024 21:58:52 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 2011977934151048792
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51548
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=161855

157.90.84.242

204 No Content

58 B

URL OPTIONS HTTP/1.1
fp.metricswpsh.com/fp?tag_id=161855
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
201328753d359ed6101fd718f40a0987
92830b97da5731bde623915dbee83f1442cd6d28
ec9c14d29249320bd6e9194a07a354616f9df7f39e4b899460dbe1ad1b686d36

HTTP Headers

POST /fp?tag_id=161855 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1835
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 07 May 2024 21:58:52 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=17140135897630349840; Expires=Wed, 07 May 2025 21:58:52 GMT; Secure; SameSite=None
Vary: Origin

fp.metricswpsh.com/fp?tag_id=179977

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=179977
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Tue, 07 May 2024 21:58:52 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI0MTY0MzE1MDMyMDIzNjk5NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjEiLCJ0YWdfaWQiOjE3OTk3Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjYyLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9

88.198.136.228

200 OK

0 B

URL GET HTTP/2
metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI0MTY0MzE1MDMyMDIzNjk5NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjEiLCJ0YWdfaWQiOjE3OTk3Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjYyLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
IP
88.198.136.228:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI0MTY0MzE1MDMyMDIzNjk5NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjEiLCJ0YWdfaWQiOjE3OTk3Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjYyLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 21:58:52 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=179977

157.90.84.242

200 OK

58 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=179977
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1835
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 07 May 2024 21:58:52 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=10305841945270701; Expires=Wed, 07 May 2025 21:58:52 GMT; Secure; SameSite=None
Vary: Origin

my.rtmark.net/gid.js?userId=0080556fa6f641c4fcbb798cc9b6c36c

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0080556fa6f641c4fcbb798cc9b6c36c
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
6a16378505db0affc425d3027a40686d
07b6602c01ff2e51927f67f7fce36259145c934c
6ac310ab9e74ab64b6e3b055aad04d42245e38f0ca46ed166a0cae2d9bd140b7

HTTP Headers

GET /gid.js?userId=0080556fa6f641c4fcbb798cc9b6c36c HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:52 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080556fa6f641c4fcbb798cc9b6c36c; expires=Wed, 07 May 2025 21:58:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=6ef160fd-7461-408a-828d-a57571e89557&subid=308553955&spot_id=529502&created_at=2024-05-07&timezone=0&ver=1.141.0

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=6ef160fd-7461-408a-828d-a57571e89557&subid=308553955&spot_id=529502&created_at=2024-05-07&timezone=0&ver=1.141.0
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=6ef160fd-7461-408a-828d-a57571e89557&subid=308553955&spot_id=529502&created_at=2024-05-07&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:52 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=afd46660-1836-4a02-83fb-6cf43ad0bf29&subid=14364679&spot_id=560192&created_at=2024-05-07&timezone=0&ver=1.141.0

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=afd46660-1836-4a02-83fb-6cf43ad0bf29&subid=14364679&spot_id=560192&created_at=2024-05-07&timezone=0&ver=1.141.0
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=afd46660-1836-4a02-83fb-6cf43ad0bf29&subid=14364679&spot_id=560192&created_at=2024-05-07&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:52 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mbdippex.com/in/multy

94.130.198.6

200 OK

0 B

URL POST HTTP/2
mbdippex.com/in/multy
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:52 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mbddip.com/in/dip?site=native-push&wl=1&event_id=35b7b5e6-7723-4c44-a55e-42976f6a23da&subid=1211831614&sid=2734670709&spot_id=560190&created_at=2024-05-07&timezone=0&ver=8.159.0&is_native=1

94.130.198.6

200 OK

0 B

URL GET HTTP/2
mbddip.com/in/dip?site=native-push&wl=1&event_id=35b7b5e6-7723-4c44-a55e-42976f6a23da&subid=1211831614&sid=2734670709&spot_id=560190&created_at=2024-05-07&timezone=0&ver=8.159.0&is_native=1
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=35b7b5e6-7723-4c44-a55e-42976f6a23da&subid=1211831614&sid=2734670709&spot_id=560190&created_at=2024-05-07&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: mbddip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:52 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

8d80fcb421.a700fb9c8d.com/63864341c121fc80a909f55d1d6303d1.js

45.133.44.53

200 OK

155 kB

URL GET HTTP/2
8d80fcb421.a700fb9c8d.com/63864341c121fc80a909f55d1d6303d1.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subject8d80fcb421.a700fb9c8d.com
Fingerprint42:A0:FF:40:15:C5:29:E2:8E:7E:8F:55:FE:A4:8A:15:E0:17:77:CF
ValiditySat, 04 May 2024 02:20:27 GMT - Fri, 02 Aug 2024 02:20:26 GMT

File type
gzip compressed data, from Unix
Size
155 kB (155307 bytes)
Hash
70da3c5ca922895fbd6e61456acb606b
5912632acac53aec4f662721e63e52c0f695d77b
62e44645e0f0fead205e2c179cf124a471e6e9df16a89ff9642fe34ee288dd3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /63864341c121fc80a909f55d1d6303d1.js HTTP/1.1
Host: 8d80fcb421.a700fb9c8d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 07 May 2024 12:02:58 GMT
etag: W/"663a1872-1ab3e"
content-encoding: gzip
expires: Tue, 07 May 2024 22:03:51 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5991db4ffbfc4b57b0f99a35a0e6a3d0
1b74b56ddc178de4587ef8898436cff19cc2c66b
17904ae58c5cfd605b9b96ef28a59c0b158141c0d69922267a677ff041ca24d9

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 07 May 2024 21:58:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mbdippex.com/in/multy

94.130.198.6

200 OK

6.0 kB

URL POST HTTP/2
mbdippex.com/in/multy
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
6.0 kB (5961 bytes)
Hash
04fdd9bdb87e9be2985bf1c96ed15e1c
7dbcc5c7dbc603123a25bb4b5e4c237761d2cb71
1555bfa75a01c303ea2a6a5b941eb958c1ba92ad65844c20ef1e3462fb27f512

HTTP Headers

POST /in/multy HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2185
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:53 GMT
content-type: application/json
content-length: 5961
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

172.67.164.241

301 Moved Permanently

1.1 kB

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
172.67.164.241:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.1 kB (1134 bytes)
Hash
e92708eeec7a4f42e33c58a81bc4d366
3df64b050f9d94dc80c04a7364a5f5c77edcf594
5b53e2bfdc6b5e529985335a205f947d68342bc1c1b7a93c3bc5b5c92ab7b2ad

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
date: Tue, 07 May 2024 21:58:52 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vBXeByUVj4UpgtsZfTAjCb2XfWDbiRVvzWLDKzVqg2xrcXOUEViNf4WMka1WtGB%2FVcX%2FqkUPtZe%2FAWRlZ9FhfM9F5nuEmYM16%2FsHvrtMh44j1bfMr88XIlz7IDtvqwVX4eRHdapYK2%2BnZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88047952d90a56c0-OSL
alt-svc: h3=":443"; ma=86400

pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js

212.117.190.201

200 OK

35 kB

URL GET HTTP/2
pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87
ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65107)
Size
35 kB (35068 bytes)
Hash
e0411427d3a21e45aeedb135ad163c3b
fa7604ba1e0c74bb7f8ffb0d229ec10677872813
30e20e87ce0312c597365ca972e0e0bc4470a1ac11b6f6c026d5aa342d6576cd

HTTP Headers

GET /q/tdl/95/dnt/2025683/kep.js HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:50 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-164ab"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

mbdippex.com/in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&refdom=www.amdahost.com&auction_time=1715119132&subid=1211831614&sid=2734670709&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=36.73906512521945&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3D_jQUrj0GjkXgvnlAARgS7KoXXsHFzEuyxFyw90Q01xTPsRoQjl4xVc_cOTAAwXbqF55rnxX9YV3RPd91rRK7irtM-dyx0rmQII_1jbDhXMtj5LBzxN9IiVogAUKTa-HKIwIpf4j8VQT0R-PIogMtbg3FhW7_pDfbre7HGHWEzScxq7WZB2IEXVuB_UQTseSsIv2pzPJTjaJrCPdqm4QWu1_21q_wqgQNfle7oxPw9nYJcg0yip3i1j2xggrKUe-l9bl2fSIJMlEIKbjD9jXZQ1652I5mhLG7zU4T9SzhKzTVEKdnFRoUHKe34qCm8O4ZuDGWzkyPcZgHnJh3PkoKxZLthu_Xi0yBbhHllAZQ0PH-4MUtFf6X8JCcIRkPe2Nyju8GZYrOLyg-tdg03N77u14lDC15HL8v4TnY0gOs5zZ9hELXmxajF40zC5mleYGFlq3Cnly1ZeqsES65KdNpuXXWXtBpCtjOdJ_gLqIbewyCGdLEejK-9yUxrGJPRo15BuxCJXSYDOZdolL1kUuA_clYQHtJdFYy6SfIY5ZyOAgeI0Py2czK-rTAPOJXn97tw20XcSfPuaGSKWIaXM3ICdJw6PWDrahfMkpWUh-IRFUlFwKW6PrZ0V11FHmKfpjYkTRKPDi1Cs31ifNiXIFYkk3U0U1rRdJQYyM1QTV3CaXYSYSFYTEyIb-Ka1zbcU9Wlgph-1RKGtmf_kaXLCfCpb4JlKQIrOoTx16IorlGEDo5RPuOXSEmw7e3ZUT38tOCV9MVxYVH1RU7jl4Ogta-Xa3Shl1ogk3HfFCDYwNIlR8i-s2XQYHyyGLylhstU_KToK4WZZyYX7ocFAC8TvO7enrR56Fonzm8PlsCLsS_0PfAc_ZKVoEHy8PTALlDfHAfFWBjf1O3OGLlc56iyOh5Q9gbn1EBPIdySEC6FyX_paEacxXKrBGkQktViD6GzWbxSXDae40sHG6aOLVKyL17l1zaz3TM3HdvPcR4iHdLawCmLxYgxAJwQftVz-2OU55uxHDjHGFzZNbPbhMQXbq_vCnMoswUViTVbnUH_1HlQdSUEksmZGq-eR49Gv2YYQQir20t75iLD-ljx7IG560jQdyszYF98f6Cq-c0psfKR3nj4cEemUmMyUnVJEzi3mT654GMMPZotyycuZpJFFM6EIPlH3-FraF2tQM16ZgSzJZsAh25trSeWuzJRWocn1mSUeIN4Y7cuBzotttibbwocPRXV02-mR0zIUj_HE1qL_hCNUiatN__w5BRckcKcXdfPijPW2jrsXfGtiji19q7R8OqqVnipYwogpWwp47ND9ALMGxn%26bid%3D0.0218843052409496&icons=JHoh5zR__WkbS5zm4hrdaC2ZK97vmcu84IZrSaYwn9CocCXznWysPZ4s4sWuHy-GWHZd7NZhuIFyD4viJmB8XGDueTuiljcKIMm_SqPvArfQRiAthfB0rSPR86AZxXP1TJ7ULPpVvleLKUDocRAlpOVfI5fvjRuamO57B-Kzp4tXeZYg83losJIO1jqBPPpjSieBa5Oz6dVp3W6goPTP_51ivgYqQLFhzK4TIDPD7OYe0oaaE9HjbgQMsDxNFzsMU3xZ2rDX8RJKPXypQAz65QZI0LQgy4p2-yfkhB0SVchRz67e2E1fY6lUFE-afoeEMgoKvRhgmQEhh5X_BQr4-7hmLGILQR8G7HHMY5hLqYyv7HZVw9ilzMF3vgxRZVzr3wU22wvQFmPBEi0WtIEMDJW2dTkkVxxuBStbVCgPTu808duCjXdsRLQFPxwzTGXraB84kwOMciR7hdYL_0Wm_WPL1gyiNi_2yX9U0wK4oks2bbl8sUwM-L7wI7MjvpWaNuIY1EL7XduxIlal2Ut8fTRr_FhOc6XpGJYIFhjT4vFSY2mJppT3VCsUpe6PP34Ibvbf775hSTqHwJMFkVnsf2CFtHOlObKEat_1dvUEYUfvnBCPCsosRplzr-yQAJBgnXkg1yN1JsrdNmBzD4W_0xTaF6kKmo1r82K94pn9bzPOVNpL6cccEBo9y8GcJFS1r8Nh9R2xjhfBMGDzFiIkoDJOXidF0IqvuxPN4C8gjygastHHFHNNBiGMw7Nh83u7YOFT3AQWgOBscqG-hDQV5a6YYQG6LK91DOE-rCRURrd-W929ymiezRuhId93cqs9p3pjvcDV80ciXC6dsF4oEn9gDX6c0ypRwgQEh13ZJSo6XjMhf4k4Q62HW4Ak9qZXKEDZM1YrURCgb8YxATYSfPY1eqsB74TXTtN-whAO0xcIL31wZh3dbHLB5AYCDLD7YTjtnjiUEil0jU0IgcCENAa9qVb2gOfAaFahg_9seUd25dTnt5tFmXKV0CWOW6lj_7xyPvz-KTiedXnmrYteHMj459zZIsmYD8PIRQbqhx75AEJbDbKo3AO81s-WOB7LxZdn8GwaQFqr2uadDxaAUb_33RZxV12gM7hyJfJ9m2owZsu-XcliCzyD_enfHCwO1BjTp1ARFG4-g_xaG8v8yU-zGDso7SdnUILb_v7mO_HV5MIofHEmwNtglNmcelgowHu30pUrK9YF50VY-p1xhZO4Zp8w3oPlaj3-B1RdqkcYIbFQOTPGZOfGJp5meJfYi-edus61-kYXvlsCS-Im1m36dP2l6UQO6Xxu8mQoIvEnoFkZmA&ext_cid=224906&px_id=73560190&min_cpm=0.0038056109265296764&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=1475945489521637793&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03176602058410654&cpm=0.0218843052409496&verify_hash=26eff891a001f03cfd187fbaa362965a&is_native=1&real_bid=0.021792391559651278&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,33,98,130&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715291932&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=c242ab5b-4b35-4239-ae2e-4d40665c0acd&prev_step_diff=865

94.130.198.6

200 OK

0 B

URL GET HTTP/2
mbdippex.com/in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&refdom=www.amdahost.com&auction_time=1715119132&subid=1211831614&sid=2734670709&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=36.73906512521945&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3D_jQUrj0GjkXgvnlAARgS7KoXXsHFzEuyxFyw90Q01xTPsRoQjl4xVc_cOTAAwXbqF55rnxX9YV3RPd91rRK7irtM-dyx0rmQII_1jbDhXMtj5LBzxN9IiVogAUKTa-HKIwIpf4j8VQT0R-PIogMtbg3FhW7_pDfbre7HGHWEzScxq7WZB2IEXVuB_UQTseSsIv2pzPJTjaJrCPdqm4QWu1_21q_wqgQNfle7oxPw9nYJcg0yip3i1j2xggrKUe-l9bl2fSIJMlEIKbjD9jXZQ1652I5mhLG7zU4T9SzhKzTVEKdnFRoUHKe34qCm8O4ZuDGWzkyPcZgHnJh3PkoKxZLthu_Xi0yBbhHllAZQ0PH-4MUtFf6X8JCcIRkPe2Nyju8GZYrOLyg-tdg03N77u14lDC15HL8v4TnY0gOs5zZ9hELXmxajF40zC5mleYGFlq3Cnly1ZeqsES65KdNpuXXWXtBpCtjOdJ_gLqIbewyCGdLEejK-9yUxrGJPRo15BuxCJXSYDOZdolL1kUuA_clYQHtJdFYy6SfIY5ZyOAgeI0Py2czK-rTAPOJXn97tw20XcSfPuaGSKWIaXM3ICdJw6PWDrahfMkpWUh-IRFUlFwKW6PrZ0V11FHmKfpjYkTRKPDi1Cs31ifNiXIFYkk3U0U1rRdJQYyM1QTV3CaXYSYSFYTEyIb-Ka1zbcU9Wlgph-1RKGtmf_kaXLCfCpb4JlKQIrOoTx16IorlGEDo5RPuOXSEmw7e3ZUT38tOCV9MVxYVH1RU7jl4Ogta-Xa3Shl1ogk3HfFCDYwNIlR8i-s2XQYHyyGLylhstU_KToK4WZZyYX7ocFAC8TvO7enrR56Fonzm8PlsCLsS_0PfAc_ZKVoEHy8PTALlDfHAfFWBjf1O3OGLlc56iyOh5Q9gbn1EBPIdySEC6FyX_paEacxXKrBGkQktViD6GzWbxSXDae40sHG6aOLVKyL17l1zaz3TM3HdvPcR4iHdLawCmLxYgxAJwQftVz-2OU55uxHDjHGFzZNbPbhMQXbq_vCnMoswUViTVbnUH_1HlQdSUEksmZGq-eR49Gv2YYQQir20t75iLD-ljx7IG560jQdyszYF98f6Cq-c0psfKR3nj4cEemUmMyUnVJEzi3mT654GMMPZotyycuZpJFFM6EIPlH3-FraF2tQM16ZgSzJZsAh25trSeWuzJRWocn1mSUeIN4Y7cuBzotttibbwocPRXV02-mR0zIUj_HE1qL_hCNUiatN__w5BRckcKcXdfPijPW2jrsXfGtiji19q7R8OqqVnipYwogpWwp47ND9ALMGxn%26bid%3D0.0218843052409496&icons=JHoh5zR__WkbS5zm4hrdaC2ZK97vmcu84IZrSaYwn9CocCXznWysPZ4s4sWuHy-GWHZd7NZhuIFyD4viJmB8XGDueTuiljcKIMm_SqPvArfQRiAthfB0rSPR86AZxXP1TJ7ULPpVvleLKUDocRAlpOVfI5fvjRuamO57B-Kzp4tXeZYg83losJIO1jqBPPpjSieBa5Oz6dVp3W6goPTP_51ivgYqQLFhzK4TIDPD7OYe0oaaE9HjbgQMsDxNFzsMU3xZ2rDX8RJKPXypQAz65QZI0LQgy4p2-yfkhB0SVchRz67e2E1fY6lUFE-afoeEMgoKvRhgmQEhh5X_BQr4-7hmLGILQR8G7HHMY5hLqYyv7HZVw9ilzMF3vgxRZVzr3wU22wvQFmPBEi0WtIEMDJW2dTkkVxxuBStbVCgPTu808duCjXdsRLQFPxwzTGXraB84kwOMciR7hdYL_0Wm_WPL1gyiNi_2yX9U0wK4oks2bbl8sUwM-L7wI7MjvpWaNuIY1EL7XduxIlal2Ut8fTRr_FhOc6XpGJYIFhjT4vFSY2mJppT3VCsUpe6PP34Ibvbf775hSTqHwJMFkVnsf2CFtHOlObKEat_1dvUEYUfvnBCPCsosRplzr-yQAJBgnXkg1yN1JsrdNmBzD4W_0xTaF6kKmo1r82K94pn9bzPOVNpL6cccEBo9y8GcJFS1r8Nh9R2xjhfBMGDzFiIkoDJOXidF0IqvuxPN4C8gjygastHHFHNNBiGMw7Nh83u7YOFT3AQWgOBscqG-hDQV5a6YYQG6LK91DOE-rCRURrd-W929ymiezRuhId93cqs9p3pjvcDV80ciXC6dsF4oEn9gDX6c0ypRwgQEh13ZJSo6XjMhf4k4Q62HW4Ak9qZXKEDZM1YrURCgb8YxATYSfPY1eqsB74TXTtN-whAO0xcIL31wZh3dbHLB5AYCDLD7YTjtnjiUEil0jU0IgcCENAa9qVb2gOfAaFahg_9seUd25dTnt5tFmXKV0CWOW6lj_7xyPvz-KTiedXnmrYteHMj459zZIsmYD8PIRQbqhx75AEJbDbKo3AO81s-WOB7LxZdn8GwaQFqr2uadDxaAUb_33RZxV12gM7hyJfJ9m2owZsu-XcliCzyD_enfHCwO1BjTp1ARFG4-g_xaG8v8yU-zGDso7SdnUILb_v7mO_HV5MIofHEmwNtglNmcelgowHu30pUrK9YF50VY-p1xhZO4Zp8w3oPlaj3-B1RdqkcYIbFQOTPGZOfGJp5meJfYi-edus61-kYXvlsCS-Im1m36dP2l6UQO6Xxu8mQoIvEnoFkZmA&ext_cid=224906&px_id=73560190&min_cpm=0.0038056109265296764&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=1475945489521637793&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03176602058410654&cpm=0.0218843052409496&verify_hash=26eff891a001f03cfd187fbaa362965a&is_native=1&real_bid=0.021792391559651278&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,33,98,130&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715291932&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=c242ab5b-4b35-4239-ae2e-4d40665c0acd&prev_step_diff=865
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&refdom=www.amdahost.com&auction_time=1715119132&subid=1211831614&sid=2734670709&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=36.73906512521945&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3D_jQUrj0GjkXgvnlAARgS7KoXXsHFzEuyxFyw90Q01xTPsRoQjl4xVc_cOTAAwXbqF55rnxX9YV3RPd91rRK7irtM-dyx0rmQII_1jbDhXMtj5LBzxN9IiVogAUKTa-HKIwIpf4j8VQT0R-PIogMtbg3FhW7_pDfbre7HGHWEzScxq7WZB2IEXVuB_UQTseSsIv2pzPJTjaJrCPdqm4QWu1_21q_wqgQNfle7oxPw9nYJcg0yip3i1j2xggrKUe-l9bl2fSIJMlEIKbjD9jXZQ1652I5mhLG7zU4T9SzhKzTVEKdnFRoUHKe34qCm8O4ZuDGWzkyPcZgHnJh3PkoKxZLthu_Xi0yBbhHllAZQ0PH-4MUtFf6X8JCcIRkPe2Nyju8GZYrOLyg-tdg03N77u14lDC15HL8v4TnY0gOs5zZ9hELXmxajF40zC5mleYGFlq3Cnly1ZeqsES65KdNpuXXWXtBpCtjOdJ_gLqIbewyCGdLEejK-9yUxrGJPRo15BuxCJXSYDOZdolL1kUuA_clYQHtJdFYy6SfIY5ZyOAgeI0Py2czK-rTAPOJXn97tw20XcSfPuaGSKWIaXM3ICdJw6PWDrahfMkpWUh-IRFUlFwKW6PrZ0V11FHmKfpjYkTRKPDi1Cs31ifNiXIFYkk3U0U1rRdJQYyM1QTV3CaXYSYSFYTEyIb-Ka1zbcU9Wlgph-1RKGtmf_kaXLCfCpb4JlKQIrOoTx16IorlGEDo5RPuOXSEmw7e3ZUT38tOCV9MVxYVH1RU7jl4Ogta-Xa3Shl1ogk3HfFCDYwNIlR8i-s2XQYHyyGLylhstU_KToK4WZZyYX7ocFAC8TvO7enrR56Fonzm8PlsCLsS_0PfAc_ZKVoEHy8PTALlDfHAfFWBjf1O3OGLlc56iyOh5Q9gbn1EBPIdySEC6FyX_paEacxXKrBGkQktViD6GzWbxSXDae40sHG6aOLVKyL17l1zaz3TM3HdvPcR4iHdLawCmLxYgxAJwQftVz-2OU55uxHDjHGFzZNbPbhMQXbq_vCnMoswUViTVbnUH_1HlQdSUEksmZGq-eR49Gv2YYQQir20t75iLD-ljx7IG560jQdyszYF98f6Cq-c0psfKR3nj4cEemUmMyUnVJEzi3mT654GMMPZotyycuZpJFFM6EIPlH3-FraF2tQM16ZgSzJZsAh25trSeWuzJRWocn1mSUeIN4Y7cuBzotttibbwocPRXV02-mR0zIUj_HE1qL_hCNUiatN__w5BRckcKcXdfPijPW2jrsXfGtiji19q7R8OqqVnipYwogpWwp47ND9ALMGxn%26bid%3D0.0218843052409496&icons=JHoh5zR__WkbS5zm4hrdaC2ZK97vmcu84IZrSaYwn9CocCXznWysPZ4s4sWuHy-GWHZd7NZhuIFyD4viJmB8XGDueTuiljcKIMm_SqPvArfQRiAthfB0rSPR86AZxXP1TJ7ULPpVvleLKUDocRAlpOVfI5fvjRuamO57B-Kzp4tXeZYg83losJIO1jqBPPpjSieBa5Oz6dVp3W6goPTP_51ivgYqQLFhzK4TIDPD7OYe0oaaE9HjbgQMsDxNFzsMU3xZ2rDX8RJKPXypQAz65QZI0LQgy4p2-yfkhB0SVchRz67e2E1fY6lUFE-afoeEMgoKvRhgmQEhh5X_BQr4-7hmLGILQR8G7HHMY5hLqYyv7HZVw9ilzMF3vgxRZVzr3wU22wvQFmPBEi0WtIEMDJW2dTkkVxxuBStbVCgPTu808duCjXdsRLQFPxwzTGXraB84kwOMciR7hdYL_0Wm_WPL1gyiNi_2yX9U0wK4oks2bbl8sUwM-L7wI7MjvpWaNuIY1EL7XduxIlal2Ut8fTRr_FhOc6XpGJYIFhjT4vFSY2mJppT3VCsUpe6PP34Ibvbf775hSTqHwJMFkVnsf2CFtHOlObKEat_1dvUEYUfvnBCPCsosRplzr-yQAJBgnXkg1yN1JsrdNmBzD4W_0xTaF6kKmo1r82K94pn9bzPOVNpL6cccEBo9y8GcJFS1r8Nh9R2xjhfBMGDzFiIkoDJOXidF0IqvuxPN4C8gjygastHHFHNNBiGMw7Nh83u7YOFT3AQWgOBscqG-hDQV5a6YYQG6LK91DOE-rCRURrd-W929ymiezRuhId93cqs9p3pjvcDV80ciXC6dsF4oEn9gDX6c0ypRwgQEh13ZJSo6XjMhf4k4Q62HW4Ak9qZXKEDZM1YrURCgb8YxATYSfPY1eqsB74TXTtN-whAO0xcIL31wZh3dbHLB5AYCDLD7YTjtnjiUEil0jU0IgcCENAa9qVb2gOfAaFahg_9seUd25dTnt5tFmXKV0CWOW6lj_7xyPvz-KTiedXnmrYteHMj459zZIsmYD8PIRQbqhx75AEJbDbKo3AO81s-WOB7LxZdn8GwaQFqr2uadDxaAUb_33RZxV12gM7hyJfJ9m2owZsu-XcliCzyD_enfHCwO1BjTp1ARFG4-g_xaG8v8yU-zGDso7SdnUILb_v7mO_HV5MIofHEmwNtglNmcelgowHu30pUrK9YF50VY-p1xhZO4Zp8w3oPlaj3-B1RdqkcYIbFQOTPGZOfGJp5meJfYi-edus61-kYXvlsCS-Im1m36dP2l6UQO6Xxu8mQoIvEnoFkZmA&ext_cid=224906&px_id=73560190&min_cpm=0.0038056109265296764&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=1475945489521637793&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03176602058410654&cpm=0.0218843052409496&verify_hash=26eff891a001f03cfd187fbaa362965a&is_native=1&real_bid=0.021792391559651278&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,33,98,130&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715291932&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=c242ab5b-4b35-4239-ae2e-4d40665c0acd&prev_step_diff=865 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:53 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=5493cf58-2834-4042-9386-37a6aa7ac237&prev_step_diff=865

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=5493cf58-2834-4042-9386-37a6aa7ac237&prev_step_diff=865
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=5493cf58-2834-4042-9386-37a6aa7ac237&prev_step_diff=865 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:53 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Wed, 07 May 2025 21:58:53 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js

212.117.190.201

200 OK

42 kB

URL GET HTTP/2
b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B
ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
gzip compressed data, max speed, from Unix
Size
42 kB (41594 bytes)
Hash
ed73757f570b77559407bd01e9a28ef3
441c449728a8e2c0b27271ba455f5fc925effb13
42829f7b20ef0495fd43043f0e6620ab71297b3d832df45902607e6939ffd549

HTTP Headers

GET /t/9/fret/meow4/2020088/0d68ddef.js HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:50 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-1a022"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d59e53e22f3681f080bc6a493b7508a1
50ec966f62f5efce0a5fbea8917c5c5b025eaccf
cffc1da003262cd2907f76fb611cccac521441669302d10fae3aeb0c9a81c181

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 07 May 2024 21:58:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

js.mbidinp.com/npc/sdk/wpu/npush.m.js

45.133.44.52

200 OK

47 kB

URL GET HTTP/2
js.mbidinp.com/npc/sdk/wpu/npush.m.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectjs.mbidinp.com
FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C
ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
47 kB (46959 bytes)
Hash
e9a99cf4fe67053d3ea4f901e5b36134
dbe5500429914be483005df0426abd4725bd3d43
ad88d51f659137b74a6147bdb86a977cccff9a077568164ad613467ead7b60c9

HTTP Headers

GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:52 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Tue, 07 May 2024 22:03:52 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

js.mbidpp.com/popunder-admanager/build.m.js

45.133.44.53

200 OK

31 kB

URL GET HTTP/2
js.mbidpp.com/popunder-admanager/build.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectjs.mbidpp.com
Fingerprint5B:B3:95:84:D0:2B:0C:9A:68:98:53:B0:A4:A5:68:88:B2:A5:5F:82
ValidityThu, 18 Apr 2024 03:01:11 GMT - Wed, 17 Jul 2024 03:01:10 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30991 bytes)
Hash
45e3bfc69e143da7135b44b8d0a5a953
dbcddd0502412379c7f8810360967765d9410f85
ae3b2b650a44abbca914ce48803e9a6c8c74c89f89815132cceefa1f657128ed

HTTP Headers

GET /popunder-admanager/build.m.js HTTP/1.1
Host: js.mbidpp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:52 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 06 May 2024 08:27:28 GMT
etag: W/"66389470-189f7"
content-encoding: gzip
expires: Tue, 07 May 2024 22:03:52 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777156/conversions/3b69WTpe-minify.jpg

45.133.44.25

200 OK

10 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777156/conversions/3b69WTpe-minify.jpg
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3
Size
10 kB (10147 bytes)
Hash
d27321438be78f72c18f84cecb85c11e
31084685ba871245f90f4ac23949bc4aa37ce39b
d08796c038822a8e5b0b8f249dda868ce114459c911091b0969acf32df501b98

HTTP Headers

GET /m/p/0/777/777156/conversions/3b69WTpe-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:53 GMT
content-type: image/jpeg
content-length: 10147
server: nginx
last-modified: Tue, 09 Apr 2024 19:44:54 GMT
etag: "66159ab6-27a3"
x-request-id: a42fb51f65ac1ae8733899620e4ac07b
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mpougdusr.com/chicken.gif?z=2020090&pb=13d346c8805ab092457543f62541c3ca1715126331&psp=lSsDGaeRxYSYAmUe_Y1mVkWt0wKPYvG5Li-lfPex_zY08GVkG1rVvjVBR_jQXMhVW3cEoPba3iEIfSFa_5FFSSeYJl9jncqjZq3DcCwOIFK_bR0KBne1yDK6GrLYMDzEluLOGpPrT-oVJQ1xvMqJWGyZpAxAJgZp9yYDVgDEHycZcVEkoMTy_1RWZKAn0c9tTkyaqk_sLi418hxpdiKuh-WqROe65xAPLyf-LwSc441UnByJSikpsRdSLN7Zjd1L1-mrW5eKEQkSFDNehu9_Uo8VoDZnND5hZL7jhZrpjs_78LtysFrBZSUvMEapy2_zCUxwvokn0qS4TVTuYML1YLjqcStGYcgLzEjeUwUIs74nNhCYQX-5iGo1jvHWt5MuOu0s7HKtCQtWepqSVyf949GDCTruOXl5hoAQE1nxV4O3bIpx_oej_6o8cFVXeAA1Wd5eRUqvNN-V-ORNEJ71Fs_C7Lb5n0zafVhm39JIfmbnW3iWIt0kGJjYtvS6IO5HovZMG44YcKISUE6iC79edF5JAF8uWQOPIFa_wRYWWVSy8DwW2Jkun0thBBbQjvwwoFgxGdxKR7AMbcWJYd6sl-jKWDxYK7xntVHJYaj-C7N-gPKW71A_Qbu_rbBxEYmua8oVM-c9k8En0xkWAyinXaignGvn3PJD28M4e_hvsVOKVFqtRdBCuBjrAK8_XEq-Q9FoNrJCjFJ34YFKkMeFFANOunP-tSGEO8R6vM0JP932lo0ZtYezAf3dXcsBQgJs4Da06AX5lS2uP6HmZF7FcpDdxJzq6lPnbFYGSvt0omCqZyI1buG49hKQ8-inTW5YjF59TqJa5Tf2UvM37_yiAaTCkS7OyCNjJ9I3SMzVELA0jkvhtAFbHUdSEIgYwfkCENx8kpcAS7uUQfrqc6a2ndMyIBkodugZbwpsxgGmrB1C1h1rQKQ16pZ-a8-C9vXlcHijd2gTZ9rK4HYeV7Yao40nmjfOIUL7wDYZmZ3srsIPjLDSz3F0HtAzILE3elLQOY3S3jibEGaeOe3tjHkZXXmd0GOtw9SC1IE6zlwQbjSw0lU0Xv9iKPM6-EPVZYeEanBFcONO1PKiLkqJRxfFtYE-9XEJmkAdwYNjY8JkaX5qHHBSKtlFmJCvPh_B4atOoISsRW6eXIuReeGOL8KIkIYrGOfKkKWugjAswehgzYCtFVjMTSZc_4ekiZ2G6fhLp6-IFGcvMuSt5KSBf-WP1MR45OapT__Dj6Lp69n37_2RLyJCRgFwsVAnT1sICiEg_OrQLvMTMST4LoMcTf-r5JnslCjYaH7JRMfWt2X9c58fRdeGY7JjPPYLXiqTSa9hEQyMd3Cpfb8tSKZN-9z5mOg-AetVWcUHdBydJDWSSzsmlfP9b9jvdmazgiyI_jHL8xzJ2YsuDZfyGe83fy_drtNLQZXWWosW3Z4CyPYXIbzcNGlZc-p3qThCvBE_dK5t_s6zUYi8cuEogwaEX-3gEQnxqZcg60kVBXlFm1lDAT4OkmP3xpozXezt0rpTdwVXCfS3SAgt2ELmBLCqsidrgC1WXmAARmhX0F3R8gJ_KT4x60u2WFFWwVNUYlJAavuDRRz6NoWs9PnjxIDBqcRubtA7kJycGH5IFwQ47FGlVEBj31cwLOT7BMYt0pLYFPk6KNzYh3W7gKW30Ys5TJ_d4kvvCKHcnlVlPB2bSuCSHsJhNloruNpIFWKeV84md39NCGuzXSqxZ7wwO-2QIo1MlfUJsehqnBojvxhJ-brfmP6Fw5jbr7wNy5jigAIHZYQmi5CbWJ4DreiU-4jgnQJIfuPN5rUMZD2eKL3vFDJ9lrWrFgaon5cKPCh2hZZNxcKwDUOIiKwpv5MCPxstrBj4js8lo1nY7QH1botYZKZumSIsvWshdyu6uctRPpYa0kCU741kuX2coED0QrPpp_vqDVr6I4mYSJHDUdjd4t6N3C4u7BualUGZFVjv3GHM3p9Bo0Sk0Deum_PG4g4_qWK-ZPk5eN7kBosQAIwZUgTVgcUg2v4AtGDZW6j8GXKcqDEH9HA6BIbxIECykBOhAEW5A3j8zgZQdfDl2kMMmnBLTV9W2lJ4u9eALIx5IFJxXTDHnSXhBRMi1TFMhlpkrU_djbVkNrtjzXI5H5SF4EGdQGRo88ucfQCbW1vPs-CRvz432Xu36oqeSDWc5OO1e5zDdDKop0M_ULhYDVnVfU_GGHHx_WyMHVJRd3hZbkq58PfWyE2SkNHyB_dM9eE0jGwxJ0PMCi6Td0GkvqHy4KVZZagtsE_g8dEW2Z5lO8YIjZRZqH13OgF-6POibxAolggThxfuHGPoyEtwEu5COqsPbmhYTXTZfBhpDERPlJLPm42S5TBPOMaWl2zejggM1sMQcUZHjqReY5nRLL5jABsMqgKOAuQczSVRt8raeOuGA6klRp8RB2MA595378n5EdaANCvoTsHcKwk8VLOD71huBWUVqTXnUpZ2OBa9hF2m_LkunJGu3t7hMUHGEBkNrb2tnCoWvgjKlwq7V6XtiyS6S3jiJDeiUFmbvoGJbat1fyW_83OcOOXlUfEtozmNPSdANwPpiDYILuXeS_A8ue8WewoaLH0kQlgNcTDEVrSaNU4JaWCDUO_SwdFrKgWLgDuWW3JZdT5-R23kjqzTLTH8FOxIgW9lFtmyjrzb7ny1D63Xsui69gQaT_uMIzt6eZsvpi66Zv4Br-Bwft-s1xFoj3dwoufzgX10Wz_5chYx3yKkS9CGVlOqpi1PB_Z2CebHDp2bsJotx4Fe7rBE7jwhMSNnw3SoOsUYLHq0kOP5LzHPkYWBgjW5nmH4-aWebZlukkPSsSgfynCgyY7p7HrCnMURiDrQGRrNecI5OqRDbWuO1CYFfUiDAAMSCK6h3QoDpJ1cUaSzsTUcNAuJA6SE7PdZ5Y2tQCA1cNj80yW1m_5BIqrRC6EeVWCXxoa13xIyLtjDveR2oN4-YLXxVL8xeqMn3xXmNHFzB85l0PRg4eJZoyMJ9Tuw8Dmww49kXh2uD3vhcpq5uzyBzxUxJIvGUUEZVHjUPwgmFrSlTEV8tULw2aL_G7RKDexww-w4NKUnLT7F0Np_KOoEidwai8ootpL6uR1KvHcjprGrgfwdA5lXJPOSrg567wyODFiHqW3dDdt9EUSOAd0pH-U24YeJCD8ts6v6H1wlfIC2BLPHa7KXIFbWV6xUy9fqVADQ22Mv2d-HlF8zlIz6H6kVoOiaEHDk0Ytxt5mq0GJdabutTAbdlY1DZCwsu_Rm1aY7hMtUuIFl3EeNwMRkQxfCM8aB1tcG3r2W-QLoVfYJdHiD0iPE6jflFmsEgEr0sH5lASXROfdFkO0rX1hQOB03tTnNkN0gOAj9ThKWYPIAaRDVMd4vhPrFtfsXZzqtUEXFEdb6iAKYO6GHNyz3zFcVy78Hp5-SvrG5GjbByparJPYHVyOztA8X3YiXPuwprOqYbSGtwuid9wXGcjy7fKWkAovGFcZYeAXMPBsBvP6koVvuaww21ORW5Cv1QYi5Y7e7zMvZhWBKPmjK8jUsc5ra3ouLTmR_o8zVbXiNZ28qB7BNKatbU23sKYzIJ5Px2-6Dvceqi-SgwszGt3dm2S_hGR14HKPYMEl88GlNh2PaGyAsjUONRbS-SgHk46fXDUKyGL0uQ5rH5LTECNvNV4p4k9XZkKVFfOll1lsgukOFbiiOav8rJnuQue_TffYYSXEYStZZGtBRminlSGArQp8MYrMCWBuQ_PUbnjV_N-8Q4mSWO1jqpSK9-02Hcd3lrW37F4OEc_FkEX3Cfc4CtLM2xRCL8c9AztIxEk0Z4PuZ_Cg8dSFqW3NfLBUPsUCcffDxy_nvsmtAADSXkqE0tlBnchMtf7j67jp3gLN2HmUDaMk-GOZFXKwSGwiwIRR3PCpUUjRAta1yvtuwq1Zxpefrqdgc1xBJDKHnHk60RdMXXF71amBL6sTZ6HZggmelPUdIXAbrF3a_RrzlReYyfZQJW2O83zKyc-oUpnYqeyYqByP3WQ-ePEOwsGYX02ZT7pqEjEc_NVb0ucKjb5Fj9QJX9dRnwpEwValtqX1TFRQmTJ39cA-mcw==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1801251907638272&eclog=0&im=1

212.117.190.201

200 OK

43 B

URL GET HTTP/2
mpougdusr.com/chicken.gif?z=2020090&pb=13d346c8805ab092457543f62541c3ca1715126331&psp=lSsDGaeRxYSYAmUe_Y1mVkWt0wKPYvG5Li-lfPex_zY08GVkG1rVvjVBR_jQXMhVW3cEoPba3iEIfSFa_5FFSSeYJl9jncqjZq3DcCwOIFK_bR0KBne1yDK6GrLYMDzEluLOGpPrT-oVJQ1xvMqJWGyZpAxAJgZp9yYDVgDEHycZcVEkoMTy_1RWZKAn0c9tTkyaqk_sLi418hxpdiKuh-WqROe65xAPLyf-LwSc441UnByJSikpsRdSLN7Zjd1L1-mrW5eKEQkSFDNehu9_Uo8VoDZnND5hZL7jhZrpjs_78LtysFrBZSUvMEapy2_zCUxwvokn0qS4TVTuYML1YLjqcStGYcgLzEjeUwUIs74nNhCYQX-5iGo1jvHWt5MuOu0s7HKtCQtWepqSVyf949GDCTruOXl5hoAQE1nxV4O3bIpx_oej_6o8cFVXeAA1Wd5eRUqvNN-V-ORNEJ71Fs_C7Lb5n0zafVhm39JIfmbnW3iWIt0kGJjYtvS6IO5HovZMG44YcKISUE6iC79edF5JAF8uWQOPIFa_wRYWWVSy8DwW2Jkun0thBBbQjvwwoFgxGdxKR7AMbcWJYd6sl-jKWDxYK7xntVHJYaj-C7N-gPKW71A_Qbu_rbBxEYmua8oVM-c9k8En0xkWAyinXaignGvn3PJD28M4e_hvsVOKVFqtRdBCuBjrAK8_XEq-Q9FoNrJCjFJ34YFKkMeFFANOunP-tSGEO8R6vM0JP932lo0ZtYezAf3dXcsBQgJs4Da06AX5lS2uP6HmZF7FcpDdxJzq6lPnbFYGSvt0omCqZyI1buG49hKQ8-inTW5YjF59TqJa5Tf2UvM37_yiAaTCkS7OyCNjJ9I3SMzVELA0jkvhtAFbHUdSEIgYwfkCENx8kpcAS7uUQfrqc6a2ndMyIBkodugZbwpsxgGmrB1C1h1rQKQ16pZ-a8-C9vXlcHijd2gTZ9rK4HYeV7Yao40nmjfOIUL7wDYZmZ3srsIPjLDSz3F0HtAzILE3elLQOY3S3jibEGaeOe3tjHkZXXmd0GOtw9SC1IE6zlwQbjSw0lU0Xv9iKPM6-EPVZYeEanBFcONO1PKiLkqJRxfFtYE-9XEJmkAdwYNjY8JkaX5qHHBSKtlFmJCvPh_B4atOoISsRW6eXIuReeGOL8KIkIYrGOfKkKWugjAswehgzYCtFVjMTSZc_4ekiZ2G6fhLp6-IFGcvMuSt5KSBf-WP1MR45OapT__Dj6Lp69n37_2RLyJCRgFwsVAnT1sICiEg_OrQLvMTMST4LoMcTf-r5JnslCjYaH7JRMfWt2X9c58fRdeGY7JjPPYLXiqTSa9hEQyMd3Cpfb8tSKZN-9z5mOg-AetVWcUHdBydJDWSSzsmlfP9b9jvdmazgiyI_jHL8xzJ2YsuDZfyGe83fy_drtNLQZXWWosW3Z4CyPYXIbzcNGlZc-p3qThCvBE_dK5t_s6zUYi8cuEogwaEX-3gEQnxqZcg60kVBXlFm1lDAT4OkmP3xpozXezt0rpTdwVXCfS3SAgt2ELmBLCqsidrgC1WXmAARmhX0F3R8gJ_KT4x60u2WFFWwVNUYlJAavuDRRz6NoWs9PnjxIDBqcRubtA7kJycGH5IFwQ47FGlVEBj31cwLOT7BMYt0pLYFPk6KNzYh3W7gKW30Ys5TJ_d4kvvCKHcnlVlPB2bSuCSHsJhNloruNpIFWKeV84md39NCGuzXSqxZ7wwO-2QIo1MlfUJsehqnBojvxhJ-brfmP6Fw5jbr7wNy5jigAIHZYQmi5CbWJ4DreiU-4jgnQJIfuPN5rUMZD2eKL3vFDJ9lrWrFgaon5cKPCh2hZZNxcKwDUOIiKwpv5MCPxstrBj4js8lo1nY7QH1botYZKZumSIsvWshdyu6uctRPpYa0kCU741kuX2coED0QrPpp_vqDVr6I4mYSJHDUdjd4t6N3C4u7BualUGZFVjv3GHM3p9Bo0Sk0Deum_PG4g4_qWK-ZPk5eN7kBosQAIwZUgTVgcUg2v4AtGDZW6j8GXKcqDEH9HA6BIbxIECykBOhAEW5A3j8zgZQdfDl2kMMmnBLTV9W2lJ4u9eALIx5IFJxXTDHnSXhBRMi1TFMhlpkrU_djbVkNrtjzXI5H5SF4EGdQGRo88ucfQCbW1vPs-CRvz432Xu36oqeSDWc5OO1e5zDdDKop0M_ULhYDVnVfU_GGHHx_WyMHVJRd3hZbkq58PfWyE2SkNHyB_dM9eE0jGwxJ0PMCi6Td0GkvqHy4KVZZagtsE_g8dEW2Z5lO8YIjZRZqH13OgF-6POibxAolggThxfuHGPoyEtwEu5COqsPbmhYTXTZfBhpDERPlJLPm42S5TBPOMaWl2zejggM1sMQcUZHjqReY5nRLL5jABsMqgKOAuQczSVRt8raeOuGA6klRp8RB2MA595378n5EdaANCvoTsHcKwk8VLOD71huBWUVqTXnUpZ2OBa9hF2m_LkunJGu3t7hMUHGEBkNrb2tnCoWvgjKlwq7V6XtiyS6S3jiJDeiUFmbvoGJbat1fyW_83OcOOXlUfEtozmNPSdANwPpiDYILuXeS_A8ue8WewoaLH0kQlgNcTDEVrSaNU4JaWCDUO_SwdFrKgWLgDuWW3JZdT5-R23kjqzTLTH8FOxIgW9lFtmyjrzb7ny1D63Xsui69gQaT_uMIzt6eZsvpi66Zv4Br-Bwft-s1xFoj3dwoufzgX10Wz_5chYx3yKkS9CGVlOqpi1PB_Z2CebHDp2bsJotx4Fe7rBE7jwhMSNnw3SoOsUYLHq0kOP5LzHPkYWBgjW5nmH4-aWebZlukkPSsSgfynCgyY7p7HrCnMURiDrQGRrNecI5OqRDbWuO1CYFfUiDAAMSCK6h3QoDpJ1cUaSzsTUcNAuJA6SE7PdZ5Y2tQCA1cNj80yW1m_5BIqrRC6EeVWCXxoa13xIyLtjDveR2oN4-YLXxVL8xeqMn3xXmNHFzB85l0PRg4eJZoyMJ9Tuw8Dmww49kXh2uD3vhcpq5uzyBzxUxJIvGUUEZVHjUPwgmFrSlTEV8tULw2aL_G7RKDexww-w4NKUnLT7F0Np_KOoEidwai8ootpL6uR1KvHcjprGrgfwdA5lXJPOSrg567wyODFiHqW3dDdt9EUSOAd0pH-U24YeJCD8ts6v6H1wlfIC2BLPHa7KXIFbWV6xUy9fqVADQ22Mv2d-HlF8zlIz6H6kVoOiaEHDk0Ytxt5mq0GJdabutTAbdlY1DZCwsu_Rm1aY7hMtUuIFl3EeNwMRkQxfCM8aB1tcG3r2W-QLoVfYJdHiD0iPE6jflFmsEgEr0sH5lASXROfdFkO0rX1hQOB03tTnNkN0gOAj9ThKWYPIAaRDVMd4vhPrFtfsXZzqtUEXFEdb6iAKYO6GHNyz3zFcVy78Hp5-SvrG5GjbByparJPYHVyOztA8X3YiXPuwprOqYbSGtwuid9wXGcjy7fKWkAovGFcZYeAXMPBsBvP6koVvuaww21ORW5Cv1QYi5Y7e7zMvZhWBKPmjK8jUsc5ra3ouLTmR_o8zVbXiNZ28qB7BNKatbU23sKYzIJ5Px2-6Dvceqi-SgwszGt3dm2S_hGR14HKPYMEl88GlNh2PaGyAsjUONRbS-SgHk46fXDUKyGL0uQ5rH5LTECNvNV4p4k9XZkKVFfOll1lsgukOFbiiOav8rJnuQue_TffYYSXEYStZZGtBRminlSGArQp8MYrMCWBuQ_PUbnjV_N-8Q4mSWO1jqpSK9-02Hcd3lrW37F4OEc_FkEX3Cfc4CtLM2xRCL8c9AztIxEk0Z4PuZ_Cg8dSFqW3NfLBUPsUCcffDxy_nvsmtAADSXkqE0tlBnchMtf7j67jp3gLN2HmUDaMk-GOZFXKwSGwiwIRR3PCpUUjRAta1yvtuwq1Zxpefrqdgc1xBJDKHnHk60RdMXXF71amBL6sTZ6HZggmelPUdIXAbrF3a_RrzlReYyfZQJW2O83zKyc-oUpnYqeyYqByP3WQ-ePEOwsGYX02ZT7pqEjEc_NVb0ucKjb5Fj9QJX9dRnwpEwValtqX1TFRQmTJ39cA-mcw==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1801251907638272&eclog=0&im=1
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66
ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

GET /chicken.gif?z=2020090&pb=13d346c8805ab092457543f62541c3ca1715126331&psp=lSsDGaeRxYSYAmUe_Y1mVkWt0wKPYvG5Li-lfPex_zY08GVkG1rVvjVBR_jQXMhVW3cEoPba3iEIfSFa_5FFSSeYJl9jncqjZq3DcCwOIFK_bR0KBne1yDK6GrLYMDzEluLOGpPrT-oVJQ1xvMqJWGyZpAxAJgZp9yYDVgDEHycZcVEkoMTy_1RWZKAn0c9tTkyaqk_sLi418hxpdiKuh-WqROe65xAPLyf-LwSc441UnByJSikpsRdSLN7Zjd1L1-mrW5eKEQkSFDNehu9_Uo8VoDZnND5hZL7jhZrpjs_78LtysFrBZSUvMEapy2_zCUxwvokn0qS4TVTuYML1YLjqcStGYcgLzEjeUwUIs74nNhCYQX-5iGo1jvHWt5MuOu0s7HKtCQtWepqSVyf949GDCTruOXl5hoAQE1nxV4O3bIpx_oej_6o8cFVXeAA1Wd5eRUqvNN-V-ORNEJ71Fs_C7Lb5n0zafVhm39JIfmbnW3iWIt0kGJjYtvS6IO5HovZMG44YcKISUE6iC79edF5JAF8uWQOPIFa_wRYWWVSy8DwW2Jkun0thBBbQjvwwoFgxGdxKR7AMbcWJYd6sl-jKWDxYK7xntVHJYaj-C7N-gPKW71A_Qbu_rbBxEYmua8oVM-c9k8En0xkWAyinXaignGvn3PJD28M4e_hvsVOKVFqtRdBCuBjrAK8_XEq-Q9FoNrJCjFJ34YFKkMeFFANOunP-tSGEO8R6vM0JP932lo0ZtYezAf3dXcsBQgJs4Da06AX5lS2uP6HmZF7FcpDdxJzq6lPnbFYGSvt0omCqZyI1buG49hKQ8-inTW5YjF59TqJa5Tf2UvM37_yiAaTCkS7OyCNjJ9I3SMzVELA0jkvhtAFbHUdSEIgYwfkCENx8kpcAS7uUQfrqc6a2ndMyIBkodugZbwpsxgGmrB1C1h1rQKQ16pZ-a8-C9vXlcHijd2gTZ9rK4HYeV7Yao40nmjfOIUL7wDYZmZ3srsIPjLDSz3F0HtAzILE3elLQOY3S3jibEGaeOe3tjHkZXXmd0GOtw9SC1IE6zlwQbjSw0lU0Xv9iKPM6-EPVZYeEanBFcONO1PKiLkqJRxfFtYE-9XEJmkAdwYNjY8JkaX5qHHBSKtlFmJCvPh_B4atOoISsRW6eXIuReeGOL8KIkIYrGOfKkKWugjAswehgzYCtFVjMTSZc_4ekiZ2G6fhLp6-IFGcvMuSt5KSBf-WP1MR45OapT__Dj6Lp69n37_2RLyJCRgFwsVAnT1sICiEg_OrQLvMTMST4LoMcTf-r5JnslCjYaH7JRMfWt2X9c58fRdeGY7JjPPYLXiqTSa9hEQyMd3Cpfb8tSKZN-9z5mOg-AetVWcUHdBydJDWSSzsmlfP9b9jvdmazgiyI_jHL8xzJ2YsuDZfyGe83fy_drtNLQZXWWosW3Z4CyPYXIbzcNGlZc-p3qThCvBE_dK5t_s6zUYi8cuEogwaEX-3gEQnxqZcg60kVBXlFm1lDAT4OkmP3xpozXezt0rpTdwVXCfS3SAgt2ELmBLCqsidrgC1WXmAARmhX0F3R8gJ_KT4x60u2WFFWwVNUYlJAavuDRRz6NoWs9PnjxIDBqcRubtA7kJycGH5IFwQ47FGlVEBj31cwLOT7BMYt0pLYFPk6KNzYh3W7gKW30Ys5TJ_d4kvvCKHcnlVlPB2bSuCSHsJhNloruNpIFWKeV84md39NCGuzXSqxZ7wwO-2QIo1MlfUJsehqnBojvxhJ-brfmP6Fw5jbr7wNy5jigAIHZYQmi5CbWJ4DreiU-4jgnQJIfuPN5rUMZD2eKL3vFDJ9lrWrFgaon5cKPCh2hZZNxcKwDUOIiKwpv5MCPxstrBj4js8lo1nY7QH1botYZKZumSIsvWshdyu6uctRPpYa0kCU741kuX2coED0QrPpp_vqDVr6I4mYSJHDUdjd4t6N3C4u7BualUGZFVjv3GHM3p9Bo0Sk0Deum_PG4g4_qWK-ZPk5eN7kBosQAIwZUgTVgcUg2v4AtGDZW6j8GXKcqDEH9HA6BIbxIECykBOhAEW5A3j8zgZQdfDl2kMMmnBLTV9W2lJ4u9eALIx5IFJxXTDHnSXhBRMi1TFMhlpkrU_djbVkNrtjzXI5H5SF4EGdQGRo88ucfQCbW1vPs-CRvz432Xu36oqeSDWc5OO1e5zDdDKop0M_ULhYDVnVfU_GGHHx_WyMHVJRd3hZbkq58PfWyE2SkNHyB_dM9eE0jGwxJ0PMCi6Td0GkvqHy4KVZZagtsE_g8dEW2Z5lO8YIjZRZqH13OgF-6POibxAolggThxfuHGPoyEtwEu5COqsPbmhYTXTZfBhpDERPlJLPm42S5TBPOMaWl2zejggM1sMQcUZHjqReY5nRLL5jABsMqgKOAuQczSVRt8raeOuGA6klRp8RB2MA595378n5EdaANCvoTsHcKwk8VLOD71huBWUVqTXnUpZ2OBa9hF2m_LkunJGu3t7hMUHGEBkNrb2tnCoWvgjKlwq7V6XtiyS6S3jiJDeiUFmbvoGJbat1fyW_83OcOOXlUfEtozmNPSdANwPpiDYILuXeS_A8ue8WewoaLH0kQlgNcTDEVrSaNU4JaWCDUO_SwdFrKgWLgDuWW3JZdT5-R23kjqzTLTH8FOxIgW9lFtmyjrzb7ny1D63Xsui69gQaT_uMIzt6eZsvpi66Zv4Br-Bwft-s1xFoj3dwoufzgX10Wz_5chYx3yKkS9CGVlOqpi1PB_Z2CebHDp2bsJotx4Fe7rBE7jwhMSNnw3SoOsUYLHq0kOP5LzHPkYWBgjW5nmH4-aWebZlukkPSsSgfynCgyY7p7HrCnMURiDrQGRrNecI5OqRDbWuO1CYFfUiDAAMSCK6h3QoDpJ1cUaSzsTUcNAuJA6SE7PdZ5Y2tQCA1cNj80yW1m_5BIqrRC6EeVWCXxoa13xIyLtjDveR2oN4-YLXxVL8xeqMn3xXmNHFzB85l0PRg4eJZoyMJ9Tuw8Dmww49kXh2uD3vhcpq5uzyBzxUxJIvGUUEZVHjUPwgmFrSlTEV8tULw2aL_G7RKDexww-w4NKUnLT7F0Np_KOoEidwai8ootpL6uR1KvHcjprGrgfwdA5lXJPOSrg567wyODFiHqW3dDdt9EUSOAd0pH-U24YeJCD8ts6v6H1wlfIC2BLPHa7KXIFbWV6xUy9fqVADQ22Mv2d-HlF8zlIz6H6kVoOiaEHDk0Ytxt5mq0GJdabutTAbdlY1DZCwsu_Rm1aY7hMtUuIFl3EeNwMRkQxfCM8aB1tcG3r2W-QLoVfYJdHiD0iPE6jflFmsEgEr0sH5lASXROfdFkO0rX1hQOB03tTnNkN0gOAj9ThKWYPIAaRDVMd4vhPrFtfsXZzqtUEXFEdb6iAKYO6GHNyz3zFcVy78Hp5-SvrG5GjbByparJPYHVyOztA8X3YiXPuwprOqYbSGtwuid9wXGcjy7fKWkAovGFcZYeAXMPBsBvP6koVvuaww21ORW5Cv1QYi5Y7e7zMvZhWBKPmjK8jUsc5ra3ouLTmR_o8zVbXiNZ28qB7BNKatbU23sKYzIJ5Px2-6Dvceqi-SgwszGt3dm2S_hGR14HKPYMEl88GlNh2PaGyAsjUONRbS-SgHk46fXDUKyGL0uQ5rH5LTECNvNV4p4k9XZkKVFfOll1lsgukOFbiiOav8rJnuQue_TffYYSXEYStZZGtBRminlSGArQp8MYrMCWBuQ_PUbnjV_N-8Q4mSWO1jqpSK9-02Hcd3lrW37F4OEc_FkEX3Cfc4CtLM2xRCL8c9AztIxEk0Z4PuZ_Cg8dSFqW3NfLBUPsUCcffDxy_nvsmtAADSXkqE0tlBnchMtf7j67jp3gLN2HmUDaMk-GOZFXKwSGwiwIRR3PCpUUjRAta1yvtuwq1Zxpefrqdgc1xBJDKHnHk60RdMXXF71amBL6sTZ6HZggmelPUdIXAbrF3a_RrzlReYyfZQJW2O83zKyc-oUpnYqeyYqByP3WQ-ePEOwsGYX02ZT7pqEjEc_NVb0ucKjb5Fj9QJX9dRnwpEwValtqX1TFRQmTJ39cA-mcw==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1801251907638272&eclog=0&im=1 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=24050716588a766461833e46d7a07208cc7a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:53 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACi7vAAAAAAAAAAB; Path=/; Expires=Thu, 06 Jun 2024 21:58:53 GMT; Secure; SameSite=None
OACIBLOCK=ACi7vAAAAABmObVQ; Path=/; Expires=Thu, 06 Jun 2024 21:58:53 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg

45.133.44.25

200 OK

3.0 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3
Size
3.0 kB (2972 bytes)
Hash
bbd50a964fd18363b647225883bbb908
960383ba8379454c49adc0ed9c0faf681a898d61
58deb046cbfa7bfae5ed5290686bda50b55be2bf0ea62f1577ca135a8fdeb10e

HTTP Headers

GET /m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:53 GMT
content-type: image/jpeg
content-length: 2972
server: nginx
last-modified: Tue, 09 Apr 2024 19:44:46 GMT
etag: "66159aae-b9c"
x-request-id: bcbe6ea9e5034af8477860eea5b5ead2
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=6ef160fd-7461-408a-828d-a57571e89557&subid=308553955&spot_id=529502&created_at=2024-05-07&timezone=0&ver=1.141.0

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=6ef160fd-7461-408a-828d-a57571e89557&subid=308553955&spot_id=529502&created_at=2024-05-07&timezone=0&ver=1.141.0
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=6ef160fd-7461-408a-828d-a57571e89557&subid=308553955&spot_id=529502&created_at=2024-05-07&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:53 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=afd46660-1836-4a02-83fb-6cf43ad0bf29&subid=14364679&spot_id=560192&created_at=2024-05-07&timezone=0&ver=1.141.0

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=afd46660-1836-4a02-83fb-6cf43ad0bf29&subid=14364679&spot_id=560192&created_at=2024-05-07&timezone=0&ver=1.141.0
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=afd46660-1836-4a02-83fb-6cf43ad0bf29&subid=14364679&spot_id=560192&created_at=2024-05-07&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:53 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/rum?

172.67.183.69

204 No Content

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/rum?
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1068
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch.php?id=a336b4df9f
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816; cf_clearance=TTIDFMGz1SyWV314.WvyzZfSEVvM0Va2UVfK.AJyRDE-1715119131-1.0.1.1-XvwRSqv6dRwRMWpDM.1YlsjRqHr2BIIr6vVa0aQTgY9AqlUtERg6JinYJeQAS7vWsHX5eV1YJxqvDUBOChpIqA; prefetchAd_7446033=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 07 May 2024 21:58:54 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8804795c5bfab52d-OSL
x-frame-options: DENY
x-content-type-options: nosniff

mcpuwpsh.com/get/

94.130.197.240

200 OK

6.5 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
6.5 kB (6495 bytes)
Hash
abcc813046cf427be4c339a90dd850b9
81638702dfd54f8f3fbc99319d5e052cc320dac3
35c779e6a53eea35b2640bc046270cde919a0ce066352726f002606dba472935

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1422
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Tue, 07 May 2024 21:58:54 GMT
content-type: application/json
content-length: 6495
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mcpuwpsh.com/get/

94.130.197.240

200 OK

6.5 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
6.5 kB (6485 bytes)
Hash
7d6b9310eb7af793d4d78758319bce5f
a69102511bd7f41df6fcfe13ce8f4ed835f834c0
b59010aa0aa05f4b3661df1803e584aaac7a15e349dd4046e13284c70b4f68df

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1421
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Tue, 07 May 2024 21:58:54 GMT
content-type: application/json
content-length: 6485
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?site=native-push&wl=1&event_id=03ebce33-2648-48ad-94e3-7905e4fd3d19&subid=1511354673&sid=3488177171&spot_id=529500&created_at=2024-05-07&timezone=0&ver=8.159.0&is_native=1

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=03ebce33-2648-48ad-94e3-7905e4fd3d19&subid=1511354673&sid=3488177171&spot_id=529500&created_at=2024-05-07&timezone=0&ver=8.159.0&is_native=1
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=03ebce33-2648-48ad-94e3-7905e4fd3d19&subid=1511354673&sid=3488177171&spot_id=529500&created_at=2024-05-07&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:57 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

63cc093d48.f336d0935e.com/in/multy

157.90.84.246

200 OK

0 B

URL POST HTTP/2
63cc093d48.f336d0935e.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:57 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

63cc093d48.f336d0935e.com/in/multy

157.90.84.246

200 OK

5.9 kB

URL POST HTTP/2
63cc093d48.f336d0935e.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type
JSON text data
Size
5.9 kB (5941 bytes)
Hash
caf11232711cb73f206edc33d03e52ee
1cd2f708c412a314ff409dfd59b6815cdf0edb2f
8ae6a762b1731539f22deae8c6a03c0404a2106c48a5752ba17ed8fcd129b3e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /in/multy HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2403
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:57 GMT
content-type: application/json
content-length: 5941
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=3dfbba53-e5a4-4586-90a0-7c0b9d9b71f8&prev_step_diff=858

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=3dfbba53-e5a4-4586-90a0-7c0b9d9b71f8&prev_step_diff=858
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=3dfbba53-e5a4-4586-90a0-7c0b9d9b71f8&prev_step_diff=858 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:58 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Wed, 07 May 2025 21:58:58 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

157.90.84.246

200 OK

0 B

URL GET HTTP/2
63cc093d48.f336d0935e.com/in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&refdom=www.amdahost.com&auction_time=1715119137&subid=1511354673&sid=3488177171&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=adult&user_fp=5258541072280280995&score=67.93361311907826&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&icons=GBpf3eHK0seB18OBxIJnrephFHTtPnh2y6Vr9roXJzC3FQxcf2s_1c685qRPpu-jxoVSdq2zTaNTeh3YL0OCRWGrhCMLFiFE_Ga42n9S10xe6FtIb4I85A2ma_pmMp_6cwsLE5X7zGperZn5lczgAMT1wuCpL__nCB4JMlZ3Mq0SqUYk6A&ext_cid=0&px_id=529500&min_cpm=0.09202212291281912&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=8409852034297138076&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.016677500219437567&cpm=0&verify_hash=a569d09d264c72e1684f5a923d0664b0&is_native=4&real_bid=0.0005014186267559986&original_bid_usd=0.0027666979999999997&original_bid=0.0027666979999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=2&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0027666979999999997&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002766698&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=a82e0318-e8d3-4f19-aabb-43b57fc5862c&prev_step_diff=858
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&refdom=www.amdahost.com&auction_time=1715119137&subid=1511354673&sid=3488177171&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=adult&user_fp=5258541072280280995&score=67.93361311907826&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&icons=GBpf3eHK0seB18OBxIJnrephFHTtPnh2y6Vr9roXJzC3FQxcf2s_1c685qRPpu-jxoVSdq2zTaNTeh3YL0OCRWGrhCMLFiFE_Ga42n9S10xe6FtIb4I85A2ma_pmMp_6cwsLE5X7zGperZn5lczgAMT1wuCpL__nCB4JMlZ3Mq0SqUYk6A&ext_cid=0&px_id=529500&min_cpm=0.09202212291281912&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=8409852034297138076&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.016677500219437567&cpm=0&verify_hash=a569d09d264c72e1684f5a923d0664b0&is_native=4&real_bid=0.0005014186267559986&original_bid_usd=0.0027666979999999997&original_bid=0.0027666979999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=2&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0027666979999999997&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002766698&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&mlf=1&mlc=1&st=0.11&cpa=a82e0318-e8d3-4f19-aabb-43b57fc5862c&prev_step_diff=858 HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:58 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

63cc093d48.f336d0935e.com/in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&refdom=www.amdahost.com&auction_time=1715119137&subid=1511354673&sid=3488177171&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=adult&user_fp=5258541072280280995&score=67.93361311907826&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DP3Ta_6qFz-dYDwg_cHkdZSYDUW6GiaPpGpuAD3f9lXn5rP_6W3MCAUm06WD6Xjl5WSXhk8bOhLTVIaO-FGJ1u0kSNDz81860DeEdBttTEQhxWnG6jmvX1F57BY2OwM82-9_7hAWrK-4Q83AtgR7aXeMGkQjTMx1RbOxAsC8f8K4nWl-SxJXyvSzm4Ai6pBtPVej72-8tvSToRwHPtqvrDG-CrMp1nnfPO19m2kCZ1Gwnn3vohaVbQ-jFDBuTbf1NWKSVAds2L6rhculpJ7vo2ifYGw5McHTqO2QnqmlMXYCjXOgFqEE09jsX8kYRehS6CeA3EKyTmqwbmweViianAFZIAI-HXvHJVa2w6UXsJ2NxKvzyCrvFJm30JjqR7ucbnryVqS2XgoOFZXhLRA776dS9doMea0igoXxr9-y-4APwxMxrAt4T8we2zBxLpwzurCtaC9U2FExF_sE3zg7i5uNuRmsjoZWuO4V2Th69EoFwhhESSOoveNUGOHcCx8s_Ww5dRHZHg9hiP8nwTc7ylfn5zvOqElPbScEDUjqisvBvgePxGr5C_f5Bq0dfBmq6pKsf9Ig78fjb5KeyrO0a7jvgFm9lGpmJvdeGa8HeOnFIQg8I305F-zwl31hzTmkXcDBuq0QPCUDL-tpNrc-iC3iMnfKeZ9n0SejwtmIN7ZnL1s42dWR0ctHpt-5QZPG2Msdco_DdqWCbGU1AFxvKE_HOeDbtcIzgX1JlMfBuSgDbJXtSFD9WmnYUuYgLraxcGtkaPOt0lNarchc4-oY_8gyw-e6VYAJiWQ91BFPc3x7E80MFw5FEKWX9mtvQossn8j-yHPspz8XmFDsncRYVjYcGDkoNJS0n8lHqMVmh6ZEIJm5Tfs-Or4ypEl0LWqb3MbKeqs_7OB7nS_R-C4vKnVlr_TVxHehI4hrl7cbIO6UUFkhH2viuHMYKvLD-w3HQP8-upNnVkkHVgiC2iKtBCtP7RXQ1RJ2TIlRR_qPW_9fhkQbMWDT_Mi274ai8DXoRPdVxUWIL0noPp8NWmgkAmtAcx_Ad3FDFtwMY9UWZUA3QlnmDuj9ju4rYEY8dcxaKTHbEg0bmb4yoWWYr3PNb2xkyOnnsoIqeVZ6eE7-pTO4Dnhu0H0d1luUgAdSgxfCAn1hGQiG571qHVYcGpnPcMpyxurUGZn7wCqFaxKcvcVYJ5Pi7lVk5PibMwrKGAYVFAwlsXOZd1mDd_ytO1EH_9om_k2mAlMqB_ViyM6kPAbeEmiOpt4_sUDzxymbDjV3pL-3Sdjb9PJjXErIxkKPXqRWqiD5LiZNkbiE-DqwwacxICpcpWg%26bid%3D0.023564826271630288&icons=41U-zZUC4fx5Bw61EVYQfe90ABmgbxRLAfhgFAcuBJNky4HC6wH0bUwwY74Rpx0mkNO8YsPCAsv8vdpB7DMt_mtsdMlavDlahTEzSCsfmnYUPw5RzLI44CKt1G8_tH1Wfxh2ir-9wC1GigDmcGcWwLqjO93WrpjgJp4OGf7l9pWEM39TpaHYgByXFVoAGCSSPnXUBBesuIusg9AW0qxenry-chiPo4df6cuiZfFlkCdcR20zU7hOppqvjjy5GJCVMTQuUm5ZEQSDg036DemX84CzFINEGlMT3jmZpKImXdfAMbAL6AhKJ1UxuVyfSHfua24OkXD8DIcdyIb1WPWIXge3zzh2dIJv7wwh6CGMzkeGp6hXSG2ZhJ4vv-aGeUAgbXELt-f4RB99t4i1NwSAemClY6Lu2_UjPWkxNlOXYdACAmxq0DWq52cSVwcHQ6Lahy0u5wxljpK5c7vz9jPjTC62ZbaEZ9XzhYbeH-xwvxrIK7_aGbZemhdjelQSem_kdINJUt6g_qDAOn9D944kGpLxNXylcRvs-FGIYLzEattelvw6aJxM0ydVE_WfQbr_A9KZd-J6saARl1tDbDQOu36KTiWwExXwrXevrHd4_4SfRpbM5kylYU2mdXGEnO1YCmnPs__0ME_vMt_VhSAKJEadls8KIJa8ka7KiRYXHdFAJfFkr_nvV2XDCn0TILNgeiKNxHIWc2F89NLTZqkgA_PbZWOOoRMnWCDnMIWNEVppZ5s5X30wyspVMAAEuSdCOIUdj-DXezs7tuCQcGe7TfD3jPc1lzKlWTNd7q3yHFJ3ZnWzpzip9UTBa52Ohryin0cg47IlqQmoyhiiDGB-WdkCffXDJ_BxJMmx_Pt5XEBkTTWbEx20bE7xmPpQ6IdbNYN8t7EhElIbeG2Z9jv_oyVJWtbFLM1m3eIqGDXmk6VmaHc3Ysfoz7Kghf3zifwqVtA7lTQGdWVwPp8HjR6CivqCjbq9GXDQctIiggjH_tYsPd19dtCHqy3eZNqtaTU_v0kQ_B1JmHZ2UNICt2ya7d2_EgbbXSpDGjG20j_7yLR43UKJSHLtmPkepClC-EybnjMNF7AM9qrYGqZlmqprrCj60zOC56sHPaMjHpIlsmScqQpVYzSo1j6tzZut4Mjor_Zb3IOU2DUMuNnaXqs9wl7E3AID8twmmR3l8pYHOWNfeaoYaAErAgZi3VCZDAA57xS96PhN-NiUFRBL1HxV0iVondry58QEL6xNKjjQGhGD_MRegfruB3qgEzoknKO6iAeIdEYr4TwPdX72KIVK54aZCIsAvp7rK1zt0ZmGk9TVCFVLSRF6-VU&ext_cid=224906&px_id=73529500&min_cpm=0.0038056109265296764&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=8409852034297138076&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.03176602058410654&cpm=0.023564826271630288&verify_hash=133ac98096dccc680ca7081cabcb5eb7&is_native=1&real_bid=0.02346585443277437&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,5,33,98,90&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=2&expiration_timestamp=1715291937&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=fbdfd51d-9143-4c9a-b05d-d3aca4105b1e&prev_step_diff=858

157.90.84.246

200 OK

0 B

URL GET HTTP/2
63cc093d48.f336d0935e.com/in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&refdom=www.amdahost.com&auction_time=1715119137&subid=1511354673&sid=3488177171&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=adult&user_fp=5258541072280280995&score=67.93361311907826&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DP3Ta_6qFz-dYDwg_cHkdZSYDUW6GiaPpGpuAD3f9lXn5rP_6W3MCAUm06WD6Xjl5WSXhk8bOhLTVIaO-FGJ1u0kSNDz81860DeEdBttTEQhxWnG6jmvX1F57BY2OwM82-9_7hAWrK-4Q83AtgR7aXeMGkQjTMx1RbOxAsC8f8K4nWl-SxJXyvSzm4Ai6pBtPVej72-8tvSToRwHPtqvrDG-CrMp1nnfPO19m2kCZ1Gwnn3vohaVbQ-jFDBuTbf1NWKSVAds2L6rhculpJ7vo2ifYGw5McHTqO2QnqmlMXYCjXOgFqEE09jsX8kYRehS6CeA3EKyTmqwbmweViianAFZIAI-HXvHJVa2w6UXsJ2NxKvzyCrvFJm30JjqR7ucbnryVqS2XgoOFZXhLRA776dS9doMea0igoXxr9-y-4APwxMxrAt4T8we2zBxLpwzurCtaC9U2FExF_sE3zg7i5uNuRmsjoZWuO4V2Th69EoFwhhESSOoveNUGOHcCx8s_Ww5dRHZHg9hiP8nwTc7ylfn5zvOqElPbScEDUjqisvBvgePxGr5C_f5Bq0dfBmq6pKsf9Ig78fjb5KeyrO0a7jvgFm9lGpmJvdeGa8HeOnFIQg8I305F-zwl31hzTmkXcDBuq0QPCUDL-tpNrc-iC3iMnfKeZ9n0SejwtmIN7ZnL1s42dWR0ctHpt-5QZPG2Msdco_DdqWCbGU1AFxvKE_HOeDbtcIzgX1JlMfBuSgDbJXtSFD9WmnYUuYgLraxcGtkaPOt0lNarchc4-oY_8gyw-e6VYAJiWQ91BFPc3x7E80MFw5FEKWX9mtvQossn8j-yHPspz8XmFDsncRYVjYcGDkoNJS0n8lHqMVmh6ZEIJm5Tfs-Or4ypEl0LWqb3MbKeqs_7OB7nS_R-C4vKnVlr_TVxHehI4hrl7cbIO6UUFkhH2viuHMYKvLD-w3HQP8-upNnVkkHVgiC2iKtBCtP7RXQ1RJ2TIlRR_qPW_9fhkQbMWDT_Mi274ai8DXoRPdVxUWIL0noPp8NWmgkAmtAcx_Ad3FDFtwMY9UWZUA3QlnmDuj9ju4rYEY8dcxaKTHbEg0bmb4yoWWYr3PNb2xkyOnnsoIqeVZ6eE7-pTO4Dnhu0H0d1luUgAdSgxfCAn1hGQiG571qHVYcGpnPcMpyxurUGZn7wCqFaxKcvcVYJ5Pi7lVk5PibMwrKGAYVFAwlsXOZd1mDd_ytO1EH_9om_k2mAlMqB_ViyM6kPAbeEmiOpt4_sUDzxymbDjV3pL-3Sdjb9PJjXErIxkKPXqRWqiD5LiZNkbiE-DqwwacxICpcpWg%26bid%3D0.023564826271630288&icons=41U-zZUC4fx5Bw61EVYQfe90ABmgbxRLAfhgFAcuBJNky4HC6wH0bUwwY74Rpx0mkNO8YsPCAsv8vdpB7DMt_mtsdMlavDlahTEzSCsfmnYUPw5RzLI44CKt1G8_tH1Wfxh2ir-9wC1GigDmcGcWwLqjO93WrpjgJp4OGf7l9pWEM39TpaHYgByXFVoAGCSSPnXUBBesuIusg9AW0qxenry-chiPo4df6cuiZfFlkCdcR20zU7hOppqvjjy5GJCVMTQuUm5ZEQSDg036DemX84CzFINEGlMT3jmZpKImXdfAMbAL6AhKJ1UxuVyfSHfua24OkXD8DIcdyIb1WPWIXge3zzh2dIJv7wwh6CGMzkeGp6hXSG2ZhJ4vv-aGeUAgbXELt-f4RB99t4i1NwSAemClY6Lu2_UjPWkxNlOXYdACAmxq0DWq52cSVwcHQ6Lahy0u5wxljpK5c7vz9jPjTC62ZbaEZ9XzhYbeH-xwvxrIK7_aGbZemhdjelQSem_kdINJUt6g_qDAOn9D944kGpLxNXylcRvs-FGIYLzEattelvw6aJxM0ydVE_WfQbr_A9KZd-J6saARl1tDbDQOu36KTiWwExXwrXevrHd4_4SfRpbM5kylYU2mdXGEnO1YCmnPs__0ME_vMt_VhSAKJEadls8KIJa8ka7KiRYXHdFAJfFkr_nvV2XDCn0TILNgeiKNxHIWc2F89NLTZqkgA_PbZWOOoRMnWCDnMIWNEVppZ5s5X30wyspVMAAEuSdCOIUdj-DXezs7tuCQcGe7TfD3jPc1lzKlWTNd7q3yHFJ3ZnWzpzip9UTBa52Ohryin0cg47IlqQmoyhiiDGB-WdkCffXDJ_BxJMmx_Pt5XEBkTTWbEx20bE7xmPpQ6IdbNYN8t7EhElIbeG2Z9jv_oyVJWtbFLM1m3eIqGDXmk6VmaHc3Ysfoz7Kghf3zifwqVtA7lTQGdWVwPp8HjR6CivqCjbq9GXDQctIiggjH_tYsPd19dtCHqy3eZNqtaTU_v0kQ_B1JmHZ2UNICt2ya7d2_EgbbXSpDGjG20j_7yLR43UKJSHLtmPkepClC-EybnjMNF7AM9qrYGqZlmqprrCj60zOC56sHPaMjHpIlsmScqQpVYzSo1j6tzZut4Mjor_Zb3IOU2DUMuNnaXqs9wl7E3AID8twmmR3l8pYHOWNfeaoYaAErAgZi3VCZDAA57xS96PhN-NiUFRBL1HxV0iVondry58QEL6xNKjjQGhGD_MRegfruB3qgEzoknKO6iAeIdEYr4TwPdX72KIVK54aZCIsAvp7rK1zt0ZmGk9TVCFVLSRF6-VU&ext_cid=224906&px_id=73529500&min_cpm=0.0038056109265296764&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=8409852034297138076&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.03176602058410654&cpm=0.023564826271630288&verify_hash=133ac98096dccc680ca7081cabcb5eb7&is_native=1&real_bid=0.02346585443277437&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,5,33,98,90&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=2&expiration_timestamp=1715291937&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=fbdfd51d-9143-4c9a-b05d-d3aca4105b1e&prev_step_diff=858
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&refdom=www.amdahost.com&auction_time=1715119137&subid=1511354673&sid=3488177171&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=adult&user_fp=5258541072280280995&score=67.93361311907826&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DP3Ta_6qFz-dYDwg_cHkdZSYDUW6GiaPpGpuAD3f9lXn5rP_6W3MCAUm06WD6Xjl5WSXhk8bOhLTVIaO-FGJ1u0kSNDz81860DeEdBttTEQhxWnG6jmvX1F57BY2OwM82-9_7hAWrK-4Q83AtgR7aXeMGkQjTMx1RbOxAsC8f8K4nWl-SxJXyvSzm4Ai6pBtPVej72-8tvSToRwHPtqvrDG-CrMp1nnfPO19m2kCZ1Gwnn3vohaVbQ-jFDBuTbf1NWKSVAds2L6rhculpJ7vo2ifYGw5McHTqO2QnqmlMXYCjXOgFqEE09jsX8kYRehS6CeA3EKyTmqwbmweViianAFZIAI-HXvHJVa2w6UXsJ2NxKvzyCrvFJm30JjqR7ucbnryVqS2XgoOFZXhLRA776dS9doMea0igoXxr9-y-4APwxMxrAt4T8we2zBxLpwzurCtaC9U2FExF_sE3zg7i5uNuRmsjoZWuO4V2Th69EoFwhhESSOoveNUGOHcCx8s_Ww5dRHZHg9hiP8nwTc7ylfn5zvOqElPbScEDUjqisvBvgePxGr5C_f5Bq0dfBmq6pKsf9Ig78fjb5KeyrO0a7jvgFm9lGpmJvdeGa8HeOnFIQg8I305F-zwl31hzTmkXcDBuq0QPCUDL-tpNrc-iC3iMnfKeZ9n0SejwtmIN7ZnL1s42dWR0ctHpt-5QZPG2Msdco_DdqWCbGU1AFxvKE_HOeDbtcIzgX1JlMfBuSgDbJXtSFD9WmnYUuYgLraxcGtkaPOt0lNarchc4-oY_8gyw-e6VYAJiWQ91BFPc3x7E80MFw5FEKWX9mtvQossn8j-yHPspz8XmFDsncRYVjYcGDkoNJS0n8lHqMVmh6ZEIJm5Tfs-Or4ypEl0LWqb3MbKeqs_7OB7nS_R-C4vKnVlr_TVxHehI4hrl7cbIO6UUFkhH2viuHMYKvLD-w3HQP8-upNnVkkHVgiC2iKtBCtP7RXQ1RJ2TIlRR_qPW_9fhkQbMWDT_Mi274ai8DXoRPdVxUWIL0noPp8NWmgkAmtAcx_Ad3FDFtwMY9UWZUA3QlnmDuj9ju4rYEY8dcxaKTHbEg0bmb4yoWWYr3PNb2xkyOnnsoIqeVZ6eE7-pTO4Dnhu0H0d1luUgAdSgxfCAn1hGQiG571qHVYcGpnPcMpyxurUGZn7wCqFaxKcvcVYJ5Pi7lVk5PibMwrKGAYVFAwlsXOZd1mDd_ytO1EH_9om_k2mAlMqB_ViyM6kPAbeEmiOpt4_sUDzxymbDjV3pL-3Sdjb9PJjXErIxkKPXqRWqiD5LiZNkbiE-DqwwacxICpcpWg%26bid%3D0.023564826271630288&icons=41U-zZUC4fx5Bw61EVYQfe90ABmgbxRLAfhgFAcuBJNky4HC6wH0bUwwY74Rpx0mkNO8YsPCAsv8vdpB7DMt_mtsdMlavDlahTEzSCsfmnYUPw5RzLI44CKt1G8_tH1Wfxh2ir-9wC1GigDmcGcWwLqjO93WrpjgJp4OGf7l9pWEM39TpaHYgByXFVoAGCSSPnXUBBesuIusg9AW0qxenry-chiPo4df6cuiZfFlkCdcR20zU7hOppqvjjy5GJCVMTQuUm5ZEQSDg036DemX84CzFINEGlMT3jmZpKImXdfAMbAL6AhKJ1UxuVyfSHfua24OkXD8DIcdyIb1WPWIXge3zzh2dIJv7wwh6CGMzkeGp6hXSG2ZhJ4vv-aGeUAgbXELt-f4RB99t4i1NwSAemClY6Lu2_UjPWkxNlOXYdACAmxq0DWq52cSVwcHQ6Lahy0u5wxljpK5c7vz9jPjTC62ZbaEZ9XzhYbeH-xwvxrIK7_aGbZemhdjelQSem_kdINJUt6g_qDAOn9D944kGpLxNXylcRvs-FGIYLzEattelvw6aJxM0ydVE_WfQbr_A9KZd-J6saARl1tDbDQOu36KTiWwExXwrXevrHd4_4SfRpbM5kylYU2mdXGEnO1YCmnPs__0ME_vMt_VhSAKJEadls8KIJa8ka7KiRYXHdFAJfFkr_nvV2XDCn0TILNgeiKNxHIWc2F89NLTZqkgA_PbZWOOoRMnWCDnMIWNEVppZ5s5X30wyspVMAAEuSdCOIUdj-DXezs7tuCQcGe7TfD3jPc1lzKlWTNd7q3yHFJ3ZnWzpzip9UTBa52Ohryin0cg47IlqQmoyhiiDGB-WdkCffXDJ_BxJMmx_Pt5XEBkTTWbEx20bE7xmPpQ6IdbNYN8t7EhElIbeG2Z9jv_oyVJWtbFLM1m3eIqGDXmk6VmaHc3Ysfoz7Kghf3zifwqVtA7lTQGdWVwPp8HjR6CivqCjbq9GXDQctIiggjH_tYsPd19dtCHqy3eZNqtaTU_v0kQ_B1JmHZ2UNICt2ya7d2_EgbbXSpDGjG20j_7yLR43UKJSHLtmPkepClC-EybnjMNF7AM9qrYGqZlmqprrCj60zOC56sHPaMjHpIlsmScqQpVYzSo1j6tzZut4Mjor_Zb3IOU2DUMuNnaXqs9wl7E3AID8twmmR3l8pYHOWNfeaoYaAErAgZi3VCZDAA57xS96PhN-NiUFRBL1HxV0iVondry58QEL6xNKjjQGhGD_MRegfruB3qgEzoknKO6iAeIdEYr4TwPdX72KIVK54aZCIsAvp7rK1zt0ZmGk9TVCFVLSRF6-VU&ext_cid=224906&px_id=73529500&min_cpm=0.0038056109265296764&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=8409852034297138076&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.03176602058410654&cpm=0.023564826271630288&verify_hash=133ac98096dccc680ca7081cabcb5eb7&is_native=1&real_bid=0.02346585443277437&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,5,33,98,90&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=2&expiration_timestamp=1715291937&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=fbdfd51d-9143-4c9a-b05d-d3aca4105b1e&prev_step_diff=858 HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:58 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg

45.133.44.25

200 OK

11 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3
Size
11 kB (11228 bytes)
Hash
7a0f4319e0c7d4e0ec42eae657ba39fd
e2940c23868c5975a1dc1a3c963609b34abbe6b5
6c0278ead1dce8c37b6b233d5251184cd820586eeb5d30db860c1c7315d5dba0

HTTP Headers

GET /m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:58 GMT
content-type: image/jpeg
content-length: 11228
server: nginx
last-modified: Tue, 09 Apr 2024 19:56:57 GMT
etag: "66159d89-2bdc"
x-request-id: 13aea49745d30295dcee0faf2bf8a0c1
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

p.a64x.com/in/tip_shows/?katds_ep=3Rm5ifoUkX93QypeJjjt7H2KIo6Ab84tSTcRlxS8L5ZIMLjaWDGTWTg6z_cVlAd7ga_XvxJV5tva1_--Km3Gm1iiXQc0E_pc7J7gdB5IWcvxl5EvEgiTydvRyUT5cjho94TrAhbaTaQQbqJS0vyWB5O52HbWweHXAOHJsVo6OH9IKSMUZ9kWsKL3-_etdSMBGuyUFUhROgPpy3dJxLDsZhRQFZT0oSftFTTEAiQj6NwisOr82Tw8IQBHrVcwjWLxnR8o4su9V1KBEmWZe8HwC6G6QvhRFwGQ1p0kclNC6vRs8SuW6e6vfkNGml9tVLQx3ZVIkL8qhrywI3apS3LNTFizu8S0cwA1Il-Fl6FMqwndoRCqfaT3_Nk2qZaG-GyI1HgxkanlTbxVKKauh3G80DEArg5d6-AzsfOFYC0oBYdbTRXRotOwOc9YIu4QzK2ip155OS43k_3aibj4BR7uLw-hw_CNRvbI0lRr-qyMtcM4Bcrt507ImT2tTqvD9mp9P4KQdOq9zT5f0OeIm5ZF6xM-wFA2dp9DvZUEJ_CR3Vz13lMIKhoyKIYcncNUTA_fBTEbjs-y4tTg19zdR9_Fvn3gmfneszDFqhEb6kNhcVIjJarAPVHw95r-8fxDtcj81aH9rNC9wWkwPl8mw6IhATFHUhD6EKyoY8chn15C-bfd-kZxL8ryRnacDNx-hqsZ7ALaNTubOAI3b6vQvCF8Ii9OE-KMNtKMSnZpBE9b-QCDxQinLWATe72Npg-cfvhbgYaPOKZPhbmrgB_onPfm0cjcrjSypMZNyagNtySmTu7DK9z6U8poBGTAXp1Mcz_JTvM4zFzdVJ4U1KF_I41qU1gcc1dUZfNWUv3Qq8QRCo-D8K1dpXKThFIL1f8o5A&bid=0.023564826271630288&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=73f615f7-7045-4cd9-9c95-bf3131e9a156&prev_step_diff=858

172.67.185.171

302 Found

0 B

URL GET HTTP/3
p.a64x.com/in/tip_shows/?katds_ep=3Rm5ifoUkX93QypeJjjt7H2KIo6Ab84tSTcRlxS8L5ZIMLjaWDGTWTg6z_cVlAd7ga_XvxJV5tva1_--Km3Gm1iiXQc0E_pc7J7gdB5IWcvxl5EvEgiTydvRyUT5cjho94TrAhbaTaQQbqJS0vyWB5O52HbWweHXAOHJsVo6OH9IKSMUZ9kWsKL3-_etdSMBGuyUFUhROgPpy3dJxLDsZhRQFZT0oSftFTTEAiQj6NwisOr82Tw8IQBHrVcwjWLxnR8o4su9V1KBEmWZe8HwC6G6QvhRFwGQ1p0kclNC6vRs8SuW6e6vfkNGml9tVLQx3ZVIkL8qhrywI3apS3LNTFizu8S0cwA1Il-Fl6FMqwndoRCqfaT3_Nk2qZaG-GyI1HgxkanlTbxVKKauh3G80DEArg5d6-AzsfOFYC0oBYdbTRXRotOwOc9YIu4QzK2ip155OS43k_3aibj4BR7uLw-hw_CNRvbI0lRr-qyMtcM4Bcrt507ImT2tTqvD9mp9P4KQdOq9zT5f0OeIm5ZF6xM-wFA2dp9DvZUEJ_CR3Vz13lMIKhoyKIYcncNUTA_fBTEbjs-y4tTg19zdR9_Fvn3gmfneszDFqhEb6kNhcVIjJarAPVHw95r-8fxDtcj81aH9rNC9wWkwPl8mw6IhATFHUhD6EKyoY8chn15C-bfd-kZxL8ryRnacDNx-hqsZ7ALaNTubOAI3b6vQvCF8Ii9OE-KMNtKMSnZpBE9b-QCDxQinLWATe72Npg-cfvhbgYaPOKZPhbmrgB_onPfm0cjcrjSypMZNyagNtySmTu7DK9z6U8poBGTAXp1Mcz_JTvM4zFzdVJ4U1KF_I41qU1gcc1dUZfNWUv3Qq8QRCo-D8K1dpXKThFIL1f8o5A&bid=0.023564826271630288&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=73f615f7-7045-4cd9-9c95-bf3131e9a156&prev_step_diff=858
IP
172.67.185.171:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjecta64x.com
Fingerprint86:FD:2B:DD:CC:BD:8D:ED:C0:8D:41:81:C1:48:2D:45:D6:4F:67:88
ValidityTue, 19 Mar 2024 14:58:28 GMT - Mon, 17 Jun 2024 14:58:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/tip_shows/?katds_ep=3Rm5ifoUkX93QypeJjjt7H2KIo6Ab84tSTcRlxS8L5ZIMLjaWDGTWTg6z_cVlAd7ga_XvxJV5tva1_--Km3Gm1iiXQc0E_pc7J7gdB5IWcvxl5EvEgiTydvRyUT5cjho94TrAhbaTaQQbqJS0vyWB5O52HbWweHXAOHJsVo6OH9IKSMUZ9kWsKL3-_etdSMBGuyUFUhROgPpy3dJxLDsZhRQFZT0oSftFTTEAiQj6NwisOr82Tw8IQBHrVcwjWLxnR8o4su9V1KBEmWZe8HwC6G6QvhRFwGQ1p0kclNC6vRs8SuW6e6vfkNGml9tVLQx3ZVIkL8qhrywI3apS3LNTFizu8S0cwA1Il-Fl6FMqwndoRCqfaT3_Nk2qZaG-GyI1HgxkanlTbxVKKauh3G80DEArg5d6-AzsfOFYC0oBYdbTRXRotOwOc9YIu4QzK2ip155OS43k_3aibj4BR7uLw-hw_CNRvbI0lRr-qyMtcM4Bcrt507ImT2tTqvD9mp9P4KQdOq9zT5f0OeIm5ZF6xM-wFA2dp9DvZUEJ_CR3Vz13lMIKhoyKIYcncNUTA_fBTEbjs-y4tTg19zdR9_Fvn3gmfneszDFqhEb6kNhcVIjJarAPVHw95r-8fxDtcj81aH9rNC9wWkwPl8mw6IhATFHUhD6EKyoY8chn15C-bfd-kZxL8ryRnacDNx-hqsZ7ALaNTubOAI3b6vQvCF8Ii9OE-KMNtKMSnZpBE9b-QCDxQinLWATe72Npg-cfvhbgYaPOKZPhbmrgB_onPfm0cjcrjSypMZNyagNtySmTu7DK9z6U8poBGTAXp1Mcz_JTvM4zFzdVJ4U1KF_I41qU1gcc1dUZfNWUv3Qq8QRCo-D8K1dpXKThFIL1f8o5A&bid=0.023564826271630288&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_r-body&st=0.11&cpa=73f615f7-7045-4cd9-9c95-bf3131e9a156&prev_step_diff=858 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Tue, 07 May 2024 21:58:58 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k04OpZ1qHx5%2FpOqLSw8NMwPp1N%2FJdfaTYFqUWBlNvz1bWGm0eshZ92aq9quPhkAB9ZPCVR0fwfuI9UlpaZf2Rks%2F6uKJJfFkG3xGnuOv4uZsTFsprG%2BcZ0AsPB1k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880479752eb756bb-OSL
alt-svc: h3=":443"; ma=86400

imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg

45.133.44.25

200 OK

2.5 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3
Size
2.5 kB (2460 bytes)
Hash
9eb726ecf5e85e3b48f854490ff8284a
d08b4f022e64d06f2642c5c9217d35b7851516d5
30bd73405bb72856107c9e940bece489b670970c3d2e4d6b592cc138a67a3c05

HTTP Headers

GET /m/p/0/777/777181/conversions/PguV688J-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:58 GMT
content-type: image/jpeg
content-length: 2460
server: nginx
last-modified: Tue, 09 Apr 2024 19:56:49 GMT
etag: "66159d81-99c"
x-request-id: 064bc710493213dae1825c3b2f5e7289
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

pyknrhm5c.com/chicken.gif?z=2025683&pb=13d346c8805ab092457543f62541c3ca1715126331&psp=lXA1HbkHPd-HqVibGpm8n5-5dpUMiBZWuqQNiGO6usy3WQLG0-ZGPMvBnZUkbN5hqoWroPBzRWgrhkOl-DbH0HFZKkIKJwE1TBsqSkxYfal_mf3mi37NctsQ-q30Qt3vEYwmRVIMeBedu6dZ_htzlrJGznz9JQ02pC1IwgTROlq-AYHCGjiLSpoUH8ycj9OieHNKoOwzLBgWUT_dcMp74di_OZcb1NzAeeoIaZ9yEHcXK-Om-ecJYTYprgarCHSj5tZmeqluv4otDGu3Mig7kcZcP5X_sLey1wlIA4IT12oPRiFTVQbtmI77KZyFdIYGrEjbe0vfk9OUHcomIoZvVFDZGUABXSbaq2BIp1UOc666LI5ZrMkvPgSwxRmZIIh_R5OLLVaLg4kfVDAklEv7z0UXtO5E4XipGd236qCYsmXwtIahdkid7-pmwTMieiwKvp-gmunwQTWezKsPYn_tbQJYP6V9_qNhj4h4FgGhKjXR_fjtd2ZGg89jnMSMvKpEIMZgSELxxTvWKQIWG9LttWRB-NamMtDxfjSKFe4CfYGd3gk3VEcaByPXU8VqadOOmor-ZijzBy0yDFB5du25WS6_bHYSt4Za7CWNLwWCin5HgITAbQzhNDawGVMCvxx1Qmh0CWrGnLf2ojs0RgsNpey8Ko3CEmE49ohltNbLfULJYou8PGGj-hgEF80-JiI=&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275176372025344&eclog=0&im=1&_=0.7086626940136992

212.117.190.201

200 OK

43 B

URL GET HTTP/2
pyknrhm5c.com/chicken.gif?z=2025683&pb=13d346c8805ab092457543f62541c3ca1715126331&psp=lXA1HbkHPd-HqVibGpm8n5-5dpUMiBZWuqQNiGO6usy3WQLG0-ZGPMvBnZUkbN5hqoWroPBzRWgrhkOl-DbH0HFZKkIKJwE1TBsqSkxYfal_mf3mi37NctsQ-q30Qt3vEYwmRVIMeBedu6dZ_htzlrJGznz9JQ02pC1IwgTROlq-AYHCGjiLSpoUH8ycj9OieHNKoOwzLBgWUT_dcMp74di_OZcb1NzAeeoIaZ9yEHcXK-Om-ecJYTYprgarCHSj5tZmeqluv4otDGu3Mig7kcZcP5X_sLey1wlIA4IT12oPRiFTVQbtmI77KZyFdIYGrEjbe0vfk9OUHcomIoZvVFDZGUABXSbaq2BIp1UOc666LI5ZrMkvPgSwxRmZIIh_R5OLLVaLg4kfVDAklEv7z0UXtO5E4XipGd236qCYsmXwtIahdkid7-pmwTMieiwKvp-gmunwQTWezKsPYn_tbQJYP6V9_qNhj4h4FgGhKjXR_fjtd2ZGg89jnMSMvKpEIMZgSELxxTvWKQIWG9LttWRB-NamMtDxfjSKFe4CfYGd3gk3VEcaByPXU8VqadOOmor-ZijzBy0yDFB5du25WS6_bHYSt4Za7CWNLwWCin5HgITAbQzhNDawGVMCvxx1Qmh0CWrGnLf2ojs0RgsNpey8Ko3CEmE49ohltNbLfULJYou8PGGj-hgEF80-JiI=&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275176372025344&eclog=0&im=1&_=0.7086626940136992
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87
ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

GET /chicken.gif?z=2025683&pb=13d346c8805ab092457543f62541c3ca1715126331&psp=lXA1HbkHPd-HqVibGpm8n5-5dpUMiBZWuqQNiGO6usy3WQLG0-ZGPMvBnZUkbN5hqoWroPBzRWgrhkOl-DbH0HFZKkIKJwE1TBsqSkxYfal_mf3mi37NctsQ-q30Qt3vEYwmRVIMeBedu6dZ_htzlrJGznz9JQ02pC1IwgTROlq-AYHCGjiLSpoUH8ycj9OieHNKoOwzLBgWUT_dcMp74di_OZcb1NzAeeoIaZ9yEHcXK-Om-ecJYTYprgarCHSj5tZmeqluv4otDGu3Mig7kcZcP5X_sLey1wlIA4IT12oPRiFTVQbtmI77KZyFdIYGrEjbe0vfk9OUHcomIoZvVFDZGUABXSbaq2BIp1UOc666LI5ZrMkvPgSwxRmZIIh_R5OLLVaLg4kfVDAklEv7z0UXtO5E4XipGd236qCYsmXwtIahdkid7-pmwTMieiwKvp-gmunwQTWezKsPYn_tbQJYP6V9_qNhj4h4FgGhKjXR_fjtd2ZGg89jnMSMvKpEIMZgSELxxTvWKQIWG9LttWRB-NamMtDxfjSKFe4CfYGd3gk3VEcaByPXU8VqadOOmor-ZijzBy0yDFB5du25WS6_bHYSt4Za7CWNLwWCin5HgITAbQzhNDawGVMCvxx1Qmh0CWrGnLf2ojs0RgsNpey8Ko3CEmE49ohltNbLfULJYou8PGGj-hgEF80-JiI=&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275176372025344&eclog=0&im=1&_=0.7086626940136992 HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: UID=24050716583fb8745cc7d746efa700daa7d6; CHCK=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:59 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/rum?

172.67.183.69

204 No Content

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/rum?
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 492
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch.php?id=a336b4df9f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Tue, 07 May 2024 21:59:16 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 880479e56ed4b52d-OSL
x-frame-options: DENY
x-content-type-options: nosniff

www.amdahost.com/watch.php?id=a336b4df9f

172.67.183.69

200 OK

12 kB

URL User Request GET HTTP/2
www.amdahost.com/watch.php?id=a336b4df9f
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
HTML document, ASCII text, with very long lines (6442), with CRLF, LF line terminators
Size
12 kB (11816 bytes)
Hash
c774a969903d7cff080e7d33b41f493c
cb39d4d44f6604ada09fb3fe0aaa54a54cf6941c
6e7c377c2cd450c471b034089691f764fbf5ccb58d8886f9d524d3265236c47f

HTTP Headers

GET /watch.php?id=a336b4df9f HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:49 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816; path=/; domain=.amdahost.com
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3QweiH7PJpWlcS3Oq1hwaFLcOvQiZcWIW9LCp6Yy47B4oFUOEpU5Oef36IIv0cVQbn7WrLUJY%2BcCcrQOo68pr5BE2UDLrrnlWxuHJObveE0VXgc4EH8Q54KmaY3IOamQeEnE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88047940a862b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.fluidplayer.com/v3/current/fluidplayer.min.js

185.76.9.24

200 OK

233 kB

URL GET HTTP/2
cdn.fluidplayer.com/v3/current/fluidplayer.min.js
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectfluidplayer.com
Fingerprint46:64:4F:F1:3B:B5:54:D2:21:6F:9B:66:05:DF:D9:AC:7D:3C:8E:D0
ValidityMon, 06 May 2024 08:37:10 GMT - Sun, 04 Aug 2024 08:37:09 GMT

File type
JavaScript source, ASCII text, with very long lines (65463)
Size
233 kB (232616 bytes)
Hash
9829e8e730a9125e695789512d85177a
e20a0d55ab1722ef3ad13741a2b8975413d43909
7c38ede4727de973827091514a83d24a039bda1d0d4cac219eb20571a2cc3698

HTTP Headers

GET /v3/current/fluidplayer.min.js HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:50 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 13:23:13 GMT
etag: W/"65fc34c1-38ca8"
expires: Fri, 22 Mar 2024 21:42:05 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3vgMAAAwBuUwKDAH3AAAAAAwBJRPCMQH3AAAAAA
x-77-nzt-ray: af58563076014f8d1aa43a6628c03a14
x-accel-expires: @1715204572
x-accel-date: 1715118172
x-77-cache: HIT
x-77-age: 958
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 958
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyFePH76tY9IGeourP1ixa1EkBH5O_9F15jv_kCx8v-6LAWfc1yu6k4c98-MgccQBxKaebM

74.125.131.84

302 Found

0 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyFePH76tY9IGeourP1ixa1EkBH5O_9F15jv_kCx8v-6LAWfc1yu6k4c98-MgccQBxKaebM
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A
ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyFePH76tY9IGeourP1ixa1EkBH5O_9F15jv_kCx8v-6LAWfc1yu6k4c98-MgccQBxKaebM HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:Y1S_lkFtpeLr_bOXxNxp06aZhvhIAA:lMx5KU1lCzo2dx8i;Path=/;Expires=Thu, 07-May-2026 21:58:53 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 21:58:53 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQw1ypfAPwp8Steyg1tuN4cK0evZtAT43UkiJP1uZ4-Bn1U4pjFF3X3pAJju3tE2cxtJKPNIrQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-250691530%3A1715119133364485&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-zFum64Dr5EDpt1DGv0ogQA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 425
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.amdahost.com/includes/update_visits.php

172.67.183.69

200 OK

0 B

URL POST HTTP/3
www.amdahost.com/includes/update_visits.php
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /includes/update_visits.php HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 50
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch.php?id=a336b4df9f
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816; cf_clearance=TTIDFMGz1SyWV314.WvyzZfSEVvM0Va2UVfK.AJyRDE-1715119131-1.0.1.1-XvwRSqv6dRwRMWpDM.1YlsjRqHr2BIIr6vVa0aQTgY9AqlUtERg6JinYJeQAS7vWsHX5eV1YJxqvDUBOChpIqA; prefetchAd_7446033=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 21:59:06 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FI6rMjGK3jAdb1mOD%2BrdOVwiyqatSmoziBJIDvh8O9vSp%2BWTkGdki669cXKtF9rK8OZ8%2BeVsmn4B%2Fvd4DllOj9EvT5G1NM65VNLNh4qtXVjQoq8BmE20rIk4KoFjgfSNqc1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880479aafb76b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

glakaits.net/?rb=cXcSutwC6m_yldy0iWQqISv-lmwQYJVMfWUG7VrLe7gVqdzjhA6fPbJnEwqO2bmQavehj6uiaNTaHlIN9w6gadwQSrxLUfncB_nBd0ACQSGbkxoRW41L2razdKnem1afJ620bLPJN0zWrF60zZpBfbBVqFAYRe69yCBEV5uUWl3eie-DU1QpASrE_KU5HwCT_7dJt8q3JNAP97lE_ahwjn_dKcbfxKulTmYmz6cS1YnefeTL195-0rTuDQ8A_6DMdlVVbv4wHiEoTLjf&request_ab2=0&zoneid=7446033&js_build=iclick-v1.788.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=3&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.9-auto&navlng=en-US&pnt=0&pnrc=0&bs=f3bd2e00-e1d6-449d-adfb-4f52eadc2654&wasm=1&userId=0080556fa6f641c4fcbb798cc9b6c36c&m=link

139.45.197.242

200 OK

2.3 kB

URL GET HTTP/2
glakaits.net/?rb=cXcSutwC6m_yldy0iWQqISv-lmwQYJVMfWUG7VrLe7gVqdzjhA6fPbJnEwqO2bmQavehj6uiaNTaHlIN9w6gadwQSrxLUfncB_nBd0ACQSGbkxoRW41L2razdKnem1afJ620bLPJN0zWrF60zZpBfbBVqFAYRe69yCBEV5uUWl3eie-DU1QpASrE_KU5HwCT_7dJt8q3JNAP97lE_ahwjn_dKcbfxKulTmYmz6cS1YnefeTL195-0rTuDQ8A_6DMdlVVbv4wHiEoTLjf&request_ab2=0&zoneid=7446033&js_build=iclick-v1.788.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=3&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.9-auto&navlng=en-US&pnt=0&pnrc=0&bs=f3bd2e00-e1d6-449d-adfb-4f52eadc2654&wasm=1&userId=0080556fa6f641c4fcbb798cc9b6c36c&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectglakaits.net
Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02
ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2360), with no line terminators
Size
2.3 kB (2337 bytes)
Hash
b4445652ed3a2eaa5acabd301c0dff43
f286d83fa3bcabc25ac77159e91c7254b7a7669a
f619bb689d63727cd63a7c3bf5cc526df93af32385b4ff0b779013ca2b1bc486

HTTP Headers

GET /?rb=cXcSutwC6m_yldy0iWQqISv-lmwQYJVMfWUG7VrLe7gVqdzjhA6fPbJnEwqO2bmQavehj6uiaNTaHlIN9w6gadwQSrxLUfncB_nBd0ACQSGbkxoRW41L2razdKnem1afJ620bLPJN0zWrF60zZpBfbBVqFAYRe69yCBEV5uUWl3eie-DU1QpASrE_KU5HwCT_7dJt8q3JNAP97lE_ahwjn_dKcbfxKulTmYmz6cS1YnefeTL195-0rTuDQ8A_6DMdlVVbv4wHiEoTLjf&request_ab2=0&zoneid=7446033&js_build=iclick-v1.788.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=3&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.9-auto&navlng=en-US&pnt=0&pnrc=0&bs=f3bd2e00-e1d6-449d-adfb-4f52eadc2654&wasm=1&userId=0080556fa6f641c4fcbb798cc9b6c36c&m=link HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:52 GMT
content-type: application/json
x-trace-id: 5e0cd018d50411edd65b3ea5f4013f9b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080556fa6f641c4fcbb798cc9b6c36c; expires=Wed, 07 May 2025 21:58:52 GMT; path=/; secure; SameSite=None
oaidts=1715119132; expires=Wed, 07 May 2025 21:58:52 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 14 May 2024 21:58:52 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

8d80fcb421.a700fb9c8d.com/dcd78e9358b6891f8d594bc7153a3bce/161855?version_name=b

45.133.44.53

200 OK

2.4 kB

URL GET HTTP/2
8d80fcb421.a700fb9c8d.com/dcd78e9358b6891f8d594bc7153a3bce/161855?version_name=b
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subject8d80fcb421.a700fb9c8d.com
Fingerprint42:A0:FF:40:15:C5:29:E2:8E:7E:8F:55:FE:A4:8A:15:E0:17:77:CF
ValiditySat, 04 May 2024 02:20:27 GMT - Fri, 02 Aug 2024 02:20:26 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2744), with no line terminators
Size
2.4 kB (2425 bytes)
Hash
57ed9e8789c799ac1c0cb88a331fc507
9499433765f97a3c779b7bd8bb0c6d61001bbe70
23725421b5fecd31ac898b0c3b41b8d7dfef35d750da060be73c3d6350b3e5ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dcd78e9358b6891f8d594bc7153a3bce/161855?version_name=b HTTP/1.1
Host: 8d80fcb421.a700fb9c8d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Tue, 07 May 2024 22:03:51 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

storage.multstorage.com/log/count.html

104.21.30.242

200 OK

882 B

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
104.21.30.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT

File type
HTML document, ASCII text, with very long lines (919), with no line terminators
Size
882 B (882 bytes)
Hash
053b1fe641da8057571d40ebaf1624ab
09b2648b7d08c84621298f0b939cea5170a65022
6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:52 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 8b848d9744f1091a889c1c203238dd77
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f6%2B8svRkacQMeHzBrMh06MAPxxE3%2BonA7WD3%2BGpquuQ2jlhD3DWPTJ0Jy3MObZ0wwcQQS45ZS1UFf9IAVehGcwludyY89Ijp3k14E9vgV7Mda5f903d%2BdrTDIgd0X2jc3reBUR4LSeeyvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804794f181456b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

js.mbidinp.com/skins/nmain.m.js

45.133.44.52

200 OK

470 kB

URL GET HTTP/2
js.mbidinp.com/skins/nmain.m.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectjs.mbidinp.com
FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C
ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT

File type

Size
470 kB (470121 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /skins/nmain.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:52 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Tue, 07 May 2024 22:03:52 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans

142.250.74.106

200 OK

5.8 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Open+Sans
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (5866), with no line terminators
Size
5.8 kB (5776 bytes)
Hash
9a9a7fec0410c78b8c7601306b9fa182
7d736470060c2cbab18d2a59c043202c2d3dbaac
6a2126bd16491c04d2f664d8acb3a7ad24ec144e02bffd62db7254bee91567f0

HTTP Headers

GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 21:58:58 GMT
date: Tue, 07 May 2024 21:58:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.googleapis.com/css2?family=Bebas+Neue&display=swap

142.250.74.106

200 OK

799 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bebas+Neue&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (817), with no line terminators
Size
799 B (799 bytes)
Hash
c493231efba2219e3348f16e938d7380
95b2c3d6221a58cbd7e96f2c05c40d03f53fb16c
ff65de3252fffb1650fca0c23a1a87351bf5b2385dc11e35e19b94c3495e4cf0

HTTP Headers

GET /css2?family=Bebas+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 21:58:50 GMT
date: Tue, 07 May 2024 21:58:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.amdahost.com/videos/1714450050_5f643473a4dce5fd.mp4

172.67.183.69

206 Partial Content

117 kB

URL GET HTTP/3
www.amdahost.com/videos/1714450050_5f643473a4dce5fd.mp4
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
data
Size
117 kB (117422 bytes)
Hash
9ea8e9b80012e02b5278eed4f3a73f10
df90a4515340f0d2bfbbc92b18e0f67ff16e0700
48fa75359998b4542b45c97b10cffbfa88091cd5ea3a38238d2451486c28ece7

HTTP Headers

GET /videos/1714450050_5f643473a4dce5fd.mp4 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=9404416-
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch.php?id=a336b4df9f
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Tue, 07 May 2024 21:58:52 GMT
content-type: video/mp4
content-length: 117422
etag: "914aae-66306e8b-8c165f;;;"
last-modified: Tue, 30 Apr 2024 04:07:39 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
content-range: bytes 9404416-9521837/9521838
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oz8He3fz20%2F0on0xh%2Fa54R0IECUzbi1Ke8kQ3TVOxid1cZ8nV3lYUCP5lp1cSkR%2B1zTl9rOn12WOxT4m%2FIrmhYZCzl0zn5mpHrm3hb6UcpGFTa2le9KFYxBvh59l2E4Bo2UN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804794d28fcb52d-OSL
alt-svc: h3=":443"; ma=86400

zovidree.com/tag.min.js

172.67.166.14

200 OK

90 kB

URL GET HTTP/2
zovidree.com/tag.min.js
IP
172.67.166.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectzovidree.com
FingerprintE7:A2:02:40:34:64:74:90:8F:C4:F5:DA:6D:7F:08:2D:33:29:9A:FD
ValidityMon, 22 Apr 2024 15:25:10 GMT - Sun, 21 Jul 2024 15:25:09 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89874 bytes)
Hash
7573260aff69fe8406b0115ab4bcefaa
f7f5c31f2481bd176a9b79deff1b7c0d4878f87c
280186476a1f8103793e2139d4654b16f61a2a1d393966388f55b8ed795ebba3

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: zovidree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 1a13b2616487079790d1ad15928b1eb9
cache-control: max-age=86400
last-modified: Sun, 05 May 2024 17:51:41 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Wed, 08 May 2024 03:11:59 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 67609
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ncaiXBQ7Uot7197m4DFs5MdPiMMftKSZI2KCLeaJtABiZSJz2yn5ZSdavlOUWdWXpX5X3T%2BlChzhU9LkizOjQ%2BP%2FDGE3PsFqcBJziW8EI2dLTvg3CcBaD%2FJ8%2FvInT1I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880479497b071c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

32879.2481april2024.com/jSBEDII5OAbiZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmqGlu7iKdQkfT71OcbrrL4nUsTD_BTJizg4Hfg?kws=video%2Csweetcat%2Cgrupa%2Cfacetem%2Csex&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Tue%20May%2007%202024%2021%3A58%3A51%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1

88.208.22.4

200 OK

1.5 kB

URL GET HTTP/2
32879.2481april2024.com/jSBEDII5OAbiZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmqGlu7iKdQkfT71OcbrrL4nUsTD_BTJizg4Hfg?kws=video%2Csweetcat%2Cgrupa%2Cfacetem%2Csex&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Tue%20May%2007%202024%2021%3A58%3A51%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
IP
88.208.22.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subject*.2481april2024.com
FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49
ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT

File type
ASCII text, with very long lines (1516), with no line terminators
Size
1.5 kB (1516 bytes)
Hash
a8f43d644417a921108e4bd91379bd39
783d4105fef5cc05d6dad03603ff54dcd74c4b87
5b9d0b41efa42c5173a0f0e1a832b906a4fbdcafc6f89eac704779e24f972a19

HTTP Headers

GET /jSBEDII5OAbiZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmqGlu7iKdQkfT71OcbrrL4nUsTD_BTJizg4Hfg?kws=video%2Csweetcat%2Cgrupa%2Cfacetem%2Csex&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Tue%20May%2007%202024%2021%3A58%3A51%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:54 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Tue, 07 May 2024 21:58:54 UTC
expires: Tue, 07 May 2024 21:58:54 UTC
content-encoding: gzip
X-Firefox-Spdy: h2

p.a64x.com/in/tip_shows/?katds_ep=Tw7vWxiBP4bILX843QdqDI7rncVOVbpnHTwp1CvzDbNqjny5Cl8HjxDklFGaZrORialqdBTOwJd4QCD86yMqbLp9GEXHDd-AEADZC7aqcr1RCNpMgf6syO5eEQsDG_kK1Ewum1cRdnRKZZpbK0L2X8YnaOmYFdizzoQsCZJIQuhF5cqObi_6vclsC3bSj0dXAxZXV2gHaiJuqaA4K9Tl9tt4P-Zqwq2ArHQ6IrJZUgWHvBARL3iAE-GuscvoJcAPfkj5QQNLHhjJgx5I6XHQGg_7kNklX7zkt2QVTv-HY2bTZ8zZWGffuat1x-4o6NQAGatc7EQ0lVD3hd_sMcePV2TvRVfZGXBGR37gQG-N4aI8UbSuNEnYs_IorvtUx9RIsE9V4wIfwUlDZbSBEZesoz8P7XW70yRqceFTA38QBpN1DOZzYXZna7N4UazCVZNt4wtHZRLoy_7BfsBDgGo0q9T8gln0toG8W1OEUPnL6lEPTFUwLJ15aW24KvNWegUemtydOwV8FMI-uDa49bOO4YMHwWP-WhgzuLOmXo7U1brVDjDMVbQhyjXR7WYcGjG6-_qbhNEJJb3zchgm1M7wiQsEI4QTKw_vQJTYwZw2w0c27-cvDMB5Tk95XAUTuUeclu9mzOuqOoOLZfWhk-6AlNR4hOCAE5_Cm2icb7Z6d8Lq4lGsTHxy-qobT9zRl210eqzp0skC4IjBX0e0mkBVWooLoF-ZCIzpoZdXoE1CL40o7up927GsqO7-UaUMCfGYQhyuUzTE0mFQVaBAmvcUkRUmg-gvESC2569l7LoaG5yDW83ZGH1N1vL2_k2vsf3KQbGo0IGleZgtZk2NBwPv2NhuQqLYcf2n-cOgjGbwALU9i9924trf9A7C5jY1&bid=0.0218843052409496&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=b87b6300-e00e-4c04-a1bb-be313d309953&prev_step_diff=865

172.67.185.171

302 Found

3.0 kB

URL GET HTTP/2
p.a64x.com/in/tip_shows/?katds_ep=Tw7vWxiBP4bILX843QdqDI7rncVOVbpnHTwp1CvzDbNqjny5Cl8HjxDklFGaZrORialqdBTOwJd4QCD86yMqbLp9GEXHDd-AEADZC7aqcr1RCNpMgf6syO5eEQsDG_kK1Ewum1cRdnRKZZpbK0L2X8YnaOmYFdizzoQsCZJIQuhF5cqObi_6vclsC3bSj0dXAxZXV2gHaiJuqaA4K9Tl9tt4P-Zqwq2ArHQ6IrJZUgWHvBARL3iAE-GuscvoJcAPfkj5QQNLHhjJgx5I6XHQGg_7kNklX7zkt2QVTv-HY2bTZ8zZWGffuat1x-4o6NQAGatc7EQ0lVD3hd_sMcePV2TvRVfZGXBGR37gQG-N4aI8UbSuNEnYs_IorvtUx9RIsE9V4wIfwUlDZbSBEZesoz8P7XW70yRqceFTA38QBpN1DOZzYXZna7N4UazCVZNt4wtHZRLoy_7BfsBDgGo0q9T8gln0toG8W1OEUPnL6lEPTFUwLJ15aW24KvNWegUemtydOwV8FMI-uDa49bOO4YMHwWP-WhgzuLOmXo7U1brVDjDMVbQhyjXR7WYcGjG6-_qbhNEJJb3zchgm1M7wiQsEI4QTKw_vQJTYwZw2w0c27-cvDMB5Tk95XAUTuUeclu9mzOuqOoOLZfWhk-6AlNR4hOCAE5_Cm2icb7Z6d8Lq4lGsTHxy-qobT9zRl210eqzp0skC4IjBX0e0mkBVWooLoF-ZCIzpoZdXoE1CL40o7up927GsqO7-UaUMCfGYQhyuUzTE0mFQVaBAmvcUkRUmg-gvESC2569l7LoaG5yDW83ZGH1N1vL2_k2vsf3KQbGo0IGleZgtZk2NBwPv2NhuQqLYcf2n-cOgjGbwALU9i9924trf9A7C5jY1&bid=0.0218843052409496&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=b87b6300-e00e-4c04-a1bb-be313d309953&prev_step_diff=865
IP
172.67.185.171:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjecta64x.com
Fingerprint86:FD:2B:DD:CC:BD:8D:ED:C0:8D:41:81:C1:48:2D:45:D6:4F:67:88
ValidityTue, 19 Mar 2024 14:58:28 GMT - Mon, 17 Jun 2024 14:58:27 GMT

File type

Size
3.0 kB (2972 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/tip_shows/?katds_ep=Tw7vWxiBP4bILX843QdqDI7rncVOVbpnHTwp1CvzDbNqjny5Cl8HjxDklFGaZrORialqdBTOwJd4QCD86yMqbLp9GEXHDd-AEADZC7aqcr1RCNpMgf6syO5eEQsDG_kK1Ewum1cRdnRKZZpbK0L2X8YnaOmYFdizzoQsCZJIQuhF5cqObi_6vclsC3bSj0dXAxZXV2gHaiJuqaA4K9Tl9tt4P-Zqwq2ArHQ6IrJZUgWHvBARL3iAE-GuscvoJcAPfkj5QQNLHhjJgx5I6XHQGg_7kNklX7zkt2QVTv-HY2bTZ8zZWGffuat1x-4o6NQAGatc7EQ0lVD3hd_sMcePV2TvRVfZGXBGR37gQG-N4aI8UbSuNEnYs_IorvtUx9RIsE9V4wIfwUlDZbSBEZesoz8P7XW70yRqceFTA38QBpN1DOZzYXZna7N4UazCVZNt4wtHZRLoy_7BfsBDgGo0q9T8gln0toG8W1OEUPnL6lEPTFUwLJ15aW24KvNWegUemtydOwV8FMI-uDa49bOO4YMHwWP-WhgzuLOmXo7U1brVDjDMVbQhyjXR7WYcGjG6-_qbhNEJJb3zchgm1M7wiQsEI4QTKw_vQJTYwZw2w0c27-cvDMB5Tk95XAUTuUeclu9mzOuqOoOLZfWhk-6AlNR4hOCAE5_Cm2icb7Z6d8Lq4lGsTHxy-qobT9zRl210eqzp0skC4IjBX0e0mkBVWooLoF-ZCIzpoZdXoE1CL40o7up927GsqO7-UaUMCfGYQhyuUzTE0mFQVaBAmvcUkRUmg-gvESC2569l7LoaG5yDW83ZGH1N1vL2_k2vsf3KQbGo0IGleZgtZk2NBwPv2NhuQqLYcf2n-cOgjGbwALU9i9924trf9A7C5jY1&bid=0.0218843052409496&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.03&cpa=b87b6300-e00e-4c04-a1bb-be313d309953&prev_step_diff=865 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 07 May 2024 21:58:53 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3HOn1hQGEvFe0rVfwY6J2hOQElZPD9aeBor1BPK7vdc3HjoRMVlb2JY6t1t96HOXauPt2%2FbHTLo9oefCY8f9saHAZGUSvv7uEC3aVHb4RvGP04v3qGP2x1cfudQp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880479575b43b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.amdahost.com/css/root.css

172.67.183.69

200 OK

3.2 kB

URL GET HTTP/3
www.amdahost.com/css/root.css
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
ASCII text, with very long lines (3175), with no line terminators
Size
3.2 kB (3175 bytes)
Hash
b29e82a0b6fab49b186f1878409b49cf
632d7a94b851c7c879e29825bee06920d7b5cb99
5b7746d8aa2c0a8a908f6a5df646167afb319fc1d2a6ec08d275e195a275afdf

HTTP Headers

GET /css/root.css HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch.php?id=a336b4df9f
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 21:58:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=6128
last-modified: Tue, 27 Feb 2024 08:09:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4760
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=if0zygFQssdthaN1KaVva6N3h90cVSUsPhPreDsyJ7x4IUEevCXzZuRmqCgd1KOPDn9V5n2RAWB1NHNZGl6XfncCXcwvEZXId2SKwYJU7Jprvq5CmS6iANm5hXRGnaON7hJw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880479431929b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

104.16.80.73

200 OK

19 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19189), with no line terminators
Size
19 kB (19189 bytes)
Hash
4c980ee97cb5c001b4d19e2895fa5603
2c6fe998aa7486c4becd74cf253bdd82666a64c3
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

HTTP Headers

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:50 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Mon, 06 May 2024 19:01:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 880479436e8b7129-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:frYAcxJ2wCSyvmDwbrSAIPHWYJSx7Q:ohs9t4IiXMaSuMzK; Expires=Thu, 07-May-2026 21:58:53 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 21:58:53 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyFePH76tY9IGeourP1ixa1EkBH5O_9F15jv_kCx8v-6LAWfc1yu6k4c98-MgccQBxKaebM
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-IyGQtIcwV0vOYxjnTUsrkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

zokaukree.net/5/7446033/?oo=1&js_build=iclick-v1.788.9-auto

139.45.197.245

200 OK

2.9 kB

URL GET HTTP/2
zokaukree.net/5/7446033/?oo=1&js_build=iclick-v1.788.9-auto
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectzokaukree.net
FingerprintC0:B6:2C:1B:C6:37:68:38:7C:A4:E0:F4:BF:B4:8E:D4:CA:7E:2A:F1
ValiditySun, 05 May 2024 11:48:42 GMT - Sat, 03 Aug 2024 11:48:41 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3160), with no line terminators
Size
2.9 kB (2915 bytes)
Hash
bad110e4b6aacfbd8e5911737bb406dd
502a91e01e128a2c23f6360cab63996f3ff432b0
33d77706a492d4d22cefa9cda95100cdd3f355b4a84ac179b3b8f8ff8341e397

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/7446033/?oo=1&js_build=iclick-v1.788.9-auto HTTP/1.1
Host: zokaukree.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:51 GMT
content-type: application/json
x-trace-id: 67caab8a3712c9fbbccf6ab9a3794462
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080556fa6f641c4fcbb798cc9b6c36c; expires=Wed, 07 May 2025 21:58:51 GMT; path=/; secure; SameSite=None
oaidts=1715119131; expires=Wed, 07 May 2025 21:58:51 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

8d80fcb421.a700fb9c8d.com/110a65cc169b283c3c7819a3fe77e180.js

45.133.44.53

200 OK

101 kB

URL GET HTTP/2
8d80fcb421.a700fb9c8d.com/110a65cc169b283c3c7819a3fe77e180.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subject8d80fcb421.a700fb9c8d.com
Fingerprint42:A0:FF:40:15:C5:29:E2:8E:7E:8F:55:FE:A4:8A:15:E0:17:77:CF
ValiditySat, 04 May 2024 02:20:27 GMT - Fri, 02 Aug 2024 02:20:26 GMT

File type

Size
101 kB (100855 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /110a65cc169b283c3c7819a3fe77e180.js HTTP/1.1
Host: 8d80fcb421.a700fb9c8d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:52 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 06 May 2024 08:27:28 GMT
etag: W/"66389470-189f7"
content-encoding: gzip
expires: Tue, 07 May 2024 22:03:52 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap

142.250.74.106

200 OK

789 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (807), with no line terminators
Size
789 B (789 bytes)
Hash
6f717af0e726a10479b7e8bed93e5142
a115121febff939512aba08376c87856e8eb7d81
3f2d568b6fb6321a2e59f992275a60a22c904f5e8d84b7c6e43b1bb702ae86db

HTTP Headers

GET /css2?family=Poppins:wght@600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 21:58:50 GMT
date: Tue, 07 May 2024 21:58:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Comic+Neue&display=swap

142.250.74.106

200 OK

420 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Comic+Neue&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (429), with no line terminators
Size
420 B (420 bytes)
Hash
75f97bdeb174d8b64c2078ceff6726a3
beb63d63eb0398c4e6f15b6f2ad83c9fd7ef272d
0dd00245b771e2aada55e76fe50ee64c186e9413f70b1fc54da284a2cab024c6

HTTP Headers

GET /css2?family=Comic+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 21:58:50 GMT
date: Tue, 07 May 2024 21:58:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.amdahost.com/videos/1714450050_5f643473a4dce5fd.mp4

172.67.183.69

206 Partial Content

129 kB

URL GET HTTP/3
www.amdahost.com/videos/1714450050_5f643473a4dce5fd.mp4
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
129 kB (129136 bytes)
Hash
68b5605cf2405c071165d394029e4368
e749278f9cbdabfef68c80956b22168c2c8e83e9
303efba2564708ce3ec330a42866c15c6ef65d7c26aea477dbbc8e5a2302dbf9

HTTP Headers

GET /videos/1714450050_5f643473a4dce5fd.mp4 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch.php?id=a336b4df9f
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Tue, 07 May 2024 21:58:51 GMT
content-type: video/mp4
content-length: 9521838
etag: "914aae-66306e8b-8c165f;;;"
last-modified: Tue, 30 Apr 2024 04:07:39 GMT
cache-control: max-age=14400
cf-cache-status: MISS
content-range: bytes 0-9521837/9521838
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MyIkrwA9REO3Gu3X4UKfTLsfvlbdh2wA%2BZrx41hod89ofFCxCQF49TtLNuHAlXMaUmv9dOFwOOJWHxoV%2F8lSn2UGu9Z96UCEMlJgWcY8A1UaJXTBRdX5BRRIWS%2FyRmlQeu%2Bq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880479496e1cb52d-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Bungee+Spice&display=swap

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bungee+Spice&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1310), with no line terminators
Size
1.3 kB (1280 bytes)
Hash
6ed7e36a675f79912a60041296e6712c
90726391e4efdc836774a463094dbce3f980c761
59214048cf850c5c635c4bd6669db6222a200dd806e8ec2b2e8f504fa0b9393d

HTTP Headers

GET /css2?family=Bungee+Spice&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 21:58:50 GMT
date: Tue, 07 May 2024 21:58:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.mbidadm.com/static/scripts.js

45.133.44.53

200 OK

1.7 kB

URL GET HTTP/2
js.mbidadm.com/static/scripts.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectjs.mbidadm.com
FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80
ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT

File type
JavaScript source, ASCII text, with very long lines (1884), with no line terminators
Size
1.7 kB (1732 bytes)
Hash
920f349834adf2faa94a7c6047814e52
34557304112fe9d61f23b8f89ceead6db43b98d4
2ddd6ffb00a0971092562d2c424678425e8496d315e38967a4ca2e26fdcfeafc

HTTP Headers

GET /static/scripts.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:50 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 07 May 2024 12:02:54 GMT
etag: W/"663a186e-6c4"
content-encoding: gzip
expires: Tue, 07 May 2024 22:03:50 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.amdahost.com/media/apple-touch-icon.png

172.67.183.69

200 OK

40 kB

URL GET HTTP/3
www.amdahost.com/media/apple-touch-icon.png
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
40 kB (40332 bytes)
Hash
3a0b8d799ca52ea360286be206ff8fb3
2dc98f04f62990a7ab58494b8cc4c9d34f88d82b
a18a7554000483027f4297e642dd6ffa175ee4028844be6e7888cd31c165972d

HTTP Headers

GET /media/apple-touch-icon.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch.php?id=a336b4df9f
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816; cf_clearance=TTIDFMGz1SyWV314.WvyzZfSEVvM0Va2UVfK.AJyRDE-1715119131-1.0.1.1-XvwRSqv6dRwRMWpDM.1YlsjRqHr2BIIr6vVa0aQTgY9AqlUtERg6JinYJeQAS7vWsHX5eV1YJxqvDUBOChpIqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: image/png
content-length: 40332
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2538
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UK%2FosAhZWned3kHkb%2Bv4a0%2FbdpMzP4dDk8QXRbnRnN906e%2B0A50s1t8F6zZ%2FjQOapcpxddPhE75dtS%2FkXJwv4lTE3QmEW0aADivHDH9MzkAx77tdAkuXvzhUd4ljYHquBcWk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804794eea3ab52d-OSL
alt-svc: h3=":443"; ma=86400

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:53 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Wed, 07 May 2025 21:58:53 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Archivo+Black&display=swap

142.250.74.106

200 OK

819 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Archivo+Black&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (837), with no line terminators
Size
819 B (819 bytes)
Hash
fa0b91b21b81c25b4d2bb89c6d9d84fb
1788d71d75cf429352999edca5573800814aba3f
5385a711b1675e90eb76b002d80f1c53e71449889caf26b5ee6ec34f3df23fa7

HTTP Headers

GET /css2?family=Archivo+Black&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 21:58:50 GMT
date: Tue, 07 May 2024 21:58:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

b57dqedu4.com/solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6023376558333952&eclog=0&im=1

212.117.190.201

200 OK

43 B

URL POST HTTP/2
b57dqedu4.com/solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6023376558333952&eclog=0&im=1
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B
ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

POST /solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6023376558333952&eclog=0&im=1 HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:51 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: CHCK=1; Path=/; Expires=Tue, 10 Jun 2025 21:58:51 GMT; Secure; SameSite=None
UID=2405071658535c924bf0bf453f96679d1c37; Path=/; Expires=Tue, 10 Jun 2025 21:58:51 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js

172.67.183.69

200 OK

7.8 kB

URL GET HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
JavaScript source, ASCII text, with very long lines (7846), with no line terminators
Size
7.8 kB (7846 bytes)
Hash
f65d1a128e31b1a12fbf0d7c8b5f3b04
0b0fc0ef12cdfb05b2f34d2975c3ab8ecec5d52f
3f81a9f0e7594ff0a8aba24e68288a01938a519e2c88bcd259871a82de7678dc

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
cache-control: max-age=14400, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mkXC8gahyyb0%2BfGG9G9FNNTYAujAJWRpWM4e%2Bod0a2MGW0y%2B%2F2MF%2BBiAW%2BkqlRCR9cDAA48YS%2FErZZ4SVl3oAmHn5x9RcGA7CoCLsSxeHJtywa6MQgHDmJWJVg6TK9VksBUd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804794bf832b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bid.mbidtg.com/tags/179977?version_name=b

45.133.44.24

200 OK

2.2 kB

URL GET HTTP/2
bid.mbidtg.com/tags/179977?version_name=b
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectbid.mbidtg.com
Fingerprint62:EA:1B:EE:02:E5:88:CC:26:72:9B:BA:BF:B3:B6:2B:67:14:74:67
ValidityWed, 01 May 2024 03:00:45 GMT - Tue, 30 Jul 2024 03:00:44 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2494), with no line terminators
Size
2.2 kB (2202 bytes)
Hash
6dd06c3be91240ac87d476628c579d45
7c9f39156f3db5c6c71d1ea5a218d3b5846fa8e8
3c8c08c131dffa0910f3b5e37167775faebe95977cd2752a5471c60963851c13

HTTP Headers

GET /tags/179977?version_name=b HTTP/1.1
Host: bid.mbidtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: application/json
server: nginx/1.24.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/challenge-platform/h/b/jsd/r/88047940a862b511

172.67.183.69

200 OK

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/h/b/jsd/r/88047940a862b511
IP
172.67.183.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/88047940a862b511 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12190
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch.php?id=a336b4df9f
Cookie: PHPSESSID=23d96268c344b423e82ca3859fc6e816
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 21:58:51 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=TTIDFMGz1SyWV314.WvyzZfSEVvM0Va2UVfK.AJyRDE-1715119131-1.0.1.1-XvwRSqv6dRwRMWpDM.1YlsjRqHr2BIIr6vVa0aQTgY9AqlUtERg6JinYJeQAS7vWsHX5eV1YJxqvDUBOChpIqA; Path=/; Expires=Wed, 07-May-25 21:58:51 GMT; Domain=.amdahost.com; HttpOnly; Secure; SameSite=None; Partitioned
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8lmVjNS2qpA%2B%2FGwLiCzS164iE0LJpBoh7P0u3zE5sqC86b4IaDiKMtWUREuMiQuN4Zbs6KYmNTb0Wv54RM391z%2Bk3bUYZE4B1ZdagxKFrIpCrq2uyNEzXpkcDOV9JnpHlNIg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804794d28f8b52d-OSL
alt-svc: h3=":443"; ma=86400

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQw1ypfAPwp8Steyg1tuN4cK0evZtAT43UkiJP1uZ4-Bn1U4pjFF3X3pAJju3tE2cxtJKPNIrQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-250691530%3A1715119133364485&theme=mn&ddm=0

74.125.131.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQw1ypfAPwp8Steyg1tuN4cK0evZtAT43UkiJP1uZ4-Bn1U4pjFF3X3pAJju3tE2cxtJKPNIrQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-250691530%3A1715119133364485&theme=mn&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A
ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQw1ypfAPwp8Steyg1tuN4cK0evZtAT43UkiJP1uZ4-Bn1U4pjFF3X3pAJju3tE2cxtJKPNIrQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-250691530%3A1715119133364485&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 21:58:53 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-ZqpFRX8QFPNGMnBKZ7Afmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

mpougdusr.com/bultykh/ipp24/7/bazinga/2020090

212.117.190.201

200 OK

158 kB

URL GET HTTP/2
mpougdusr.com/bultykh/ipp24/7/bazinga/2020090
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66
ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65107)
Size
158 kB (158045 bytes)
Hash
c6ea5aedb4469e81f7d41b0eec41f409
7d7edc7b87462fb56c5e3c17c86bebad542d1d6f
72ad45cf0dd548c1f9611c35289dec90c22375b45bf1aa33d6a14ac7f896865b

HTTP Headers

GET /bultykh/ipp24/7/bazinga/2020090 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:50 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-269a3"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

mpougdusr.com/get/2020090?zoneid=2020090&jp=_clgnd7cvvv0ygmlukipgah&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1801251907638272&eclog=0&im=1&freq=0&uf=0

212.117.190.201

200 OK

14 kB

URL GET HTTP/2
mpougdusr.com/get/2020090?zoneid=2020090&jp=_clgnd7cvvv0ygmlukipgah&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1801251907638272&eclog=0&im=1&freq=0&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66
ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT

File type
ASCII text, with very long lines (14516), with no line terminators
Size
14 kB (14516 bytes)
Hash
cbd110594b0e7eec9012de7422dacb3b
643b54202bcf2f7cc2046cfb1334b403778f91d2
d61f7feacac2df98d2a3ea7982d8df81bcfb3cebd19c1dc4294ff35c139ff037

HTTP Headers

GET /get/2020090?zoneid=2020090&jp=_clgnd7cvvv0ygmlukipgah&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1801251907638272&eclog=0&im=1&freq=0&uf=0 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:58:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Tue, 10 Jun 2025 21:58:51 GMT; Secure; SameSite=None
UID=24050716588a766461833e46d7a07208cc7a; Path=/; Expires=Tue, 10 Jun 2025 21:58:51 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

8d80fcb421.a700fb9c8d.com/9f8781cc63b095275470f5973e6f8461.js

45.133.44.53

200 OK

169 kB

URL GET HTTP/2
8d80fcb421.a700fb9c8d.com/9f8781cc63b095275470f5973e6f8461.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subject8d80fcb421.a700fb9c8d.com
Fingerprint42:A0:FF:40:15:C5:29:E2:8E:7E:8F:55:FE:A4:8A:15:E0:17:77:CF
ValiditySat, 04 May 2024 02:20:27 GMT - Fri, 02 Aug 2024 02:20:26 GMT

File type

Size
169 kB (168568 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9f8781cc63b095275470f5973e6f8461.js HTTP/1.1
Host: 8d80fcb421.a700fb9c8d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:58:52 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Tue, 07 May 2024 22:03:52 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

94.130.198.6

200 OK

0 B

URL GET HTTP/2
mbdippex.com/in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&refdom=www.amdahost.com&auction_time=1715119132&subid=1211831614&sid=2734670709&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=36.73906512521945&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&icons=YZYf75WizMgpL17XBfVWQtg9zqO6BDEgU2qzSjSYASyd9Zv08Ngzm_ERYREgXBGOdtrvsCF31F6B081e2bkexo5OaTglbQtjWaduDct5JJIbSvBBcrlYdLnargj_EPz6YSeaJyulK0m32kGH7zk-q8HS018Oq8tWZQjXd6WInb_TtyKlTg&ext_cid=0&px_id=560190&min_cpm=0.09202212291281912&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1475945489521637793&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.019093783636031845&cpm=0&verify_hash=ba390292148cbca8d6414b85b7c733e2&is_native=4&real_bid=0.0005740655760385964&original_bid_usd=0.0027666979999999997&original_bid=0.0027666979999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0027666979999999997&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002766698&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=0561f58d-ddcb-4ed1-8f69-da800d4d19f9&prev_step_diff=865
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch.php?id=a336b4df9f
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch.php%3Fid%3Da336b4df9f&refdom=www.amdahost.com&auction_time=1715119132&subid=1211831614&sid=2734670709&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=36.73906512521945&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch.php%253Fid%253Da336b4df9f%26idzone%3D0%26sid%3D1886&icons=YZYf75WizMgpL17XBfVWQtg9zqO6BDEgU2qzSjSYASyd9Zv08Ngzm_ERYREgXBGOdtrvsCF31F6B081e2bkexo5OaTglbQtjWaduDct5JJIbSvBBcrlYdLnargj_EPz6YSeaJyulK0m32kGH7zk-q8HS018Oq8tWZQjXd6WInb_TtyKlTg&ext_cid=0&px_id=560190&min_cpm=0.09202212291281912&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1475945489521637793&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.019093783636031845&cpm=0&verify_hash=ba390292148cbca8d6414b85b7c733e2&is_native=4&real_bid=0.0005740655760385964&original_bid_usd=0.0027666979999999997&original_bid=0.0027666979999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0027666979999999997&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002766698&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=0561f58d-ddcb-4ed1-8f69-da800d4d19f9&prev_step_diff=865 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 21:58:53 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL