| www.amdahost.com/media/logo.png |  172.67.183.69 | 200 OK | 26 kB |
URL GET HTTP/3www.amdahost.com/media/logo.png IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
File typePNG image data, 382 x 70, 8-bit/color RGBA, non-interlaced Hash9c5c0fe1ed466c1a4801524b31777955 eb7bfae0af480eae554a937a9f64e96a0a4f734a 62b08c1489fff9fb4cf4d33857fb46d4f8298c3f74fc57f92279bdad95472640
GET /media/logo.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=4052ec577a
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:41:04 GMT
content-type: image/png
content-length: 25625
last-modified: Fri, 15 Mar 2024 19:45:30 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4016
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5%2BNWyFz9J6uHmPwtEUeLQb%2BkgvkOUaTtot17ZFcVDNR%2FtbhWmbSFIl819WtiVrVhBYAh43%2Boet%2BIP%2BYbqHKFw399obMM9Q9sUQAipePnxDo4NJ0qYpbKHG77V3fVlGDkURtd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1255fbbaa5697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css | 151.101.1.229 | 200 OK | 17 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css IP151.101.1.229:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
Hash373c68d52e3daa5cd7e1ae058fb6bd70 30a01afb8338555278162655e4a8e7ac57774f35 f53b0f6c14c09b5c263713876dfe7185531a3a424a91d192dfee3c5fa03493dd
GET /npm/remixicon@4.0.0/fonts/remixicon.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.0.0
x-jsd-version-type: version
etag: W/"200b1-MKAa+4M4VVJ4FiZV5KjnrFd3TzU"
content-encoding: br
accept-ranges: bytes
date: Sun, 05 May 2024 13:41:04 GMT
age: 5048754
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410032-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16743
X-Firefox-Spdy: h2
|
|
| vjs.zencdn.net/8.10.0/video-js.css | 151.101.2.217 | 200 OK | 13 kB |
URL GET HTTP/2vjs.zencdn.net/8.10.0/video-js.css IP151.101.2.217:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGlobalSign nv-sa Subjectvjs.zencdn.net Fingerprint6B:3F:11:07:D7:05:FD:AF:4D:46:B4:BA:1C:8A:60:70:95:37:35:17 ValidityWed, 06 Mar 2024 21:50:11 GMT - Mon, 07 Apr 2025 21:50:10 GMT
File typeASCII text, with very long lines (7288) Hash27818e70d5704691d9264fe0083c5b08 b4dffd90528e8f63d54ad3a859b749344e6e00ad 92e11fbc7753b5be23fd489ba4e09c0d62d0b8c64e466845b4534934c46c85d6
GET /8.10.0/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Wed, 17 Jan 2024 12:53:07 GMT
etag: "27818e70d5704691d9264fe0083c5b08"
x-amz-server-side-encryption: AES256
content-type: text/css
content-encoding: gzip
date: Sun, 05 May 2024 13:41:04 GMT
x-served-by: cache-hel1410028-HEL
x-cache: HIT
x-cache-hits: 5
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 12695
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/thumbnails/1712223956_361956eaf5964269.jpg | 172.67.183.69 | 200 OK | 47 kB |
URL GET HTTP/3www.amdahost.com/thumbnails/1712223956_361956eaf5964269.jpg IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 960x540, components 3 Hasha76b5e998c4af800e3485d0ae806d6ce aef71d042e2f31c063a91824116036af18ed0823 4b6285916abfa8cb5fc6daedb8d3fcc998b21b0b66fcaf88af6032fe7a3a5afe
GET /thumbnails/1712223956_361956eaf5964269.jpg HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=4052ec577a
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:41:05 GMT
content-type: image/jpeg
content-length: 46586
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 13:41:04 GMT
etag: "b5fa-660e76d5-8c0cc0;;;"
last-modified: Thu, 04 Apr 2024 09:45:57 GMT
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Oscx1TOCITlMVE8Z1dcpiZtCFgM%2B7%2FhUO8uboKOs8Ie36nhBiGiq9sdgodGtiJO4swbxPgI%2BFP2Sy1EOfnKUmceBqUfalOecTBD%2B%2F2FVKGj7neFIoUKpcHBlMLum%2BeOKeoX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1255fcbb25697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js | 142.250.74.74 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js IP142.250.74.74:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30462
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:07:52 GMT
expires: Sat, 03 May 2025 02:07:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 214393
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 32879.2481april2024.com/4/js/233169 |  88.208.22.3 | 200 OK | 6.6 kB |
URL GET HTTP/232879.2481april2024.com/4/js/233169 IP88.208.22.3:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject*.2481april2024.com FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49 ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT
File typeJavaScript source, ASCII text, with very long lines (16644), with no line terminators Hash3b8f11b7ff426be14bcda7a396a8a028 a2fa283c1e41a72398e7f0e30c2ebd1f7cc8173a 8a97a525d84c388c1c7b58f20cb243168f49e2a860c1991e80a2f83c6386aebb
GET /4/js/233169 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:05 GMT
content-type: application/javascript; charset=UTF-8
content-length: 6572
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Bungee+Spice&display=swap | 142.250.74.106 | 200 OK | 952 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Bungee+Spice&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hashbc8e80b98172d491ab44f6ad0b5b63a5 eb5607937c618f316c92ee985cbd3a547fc774fd e9e6ddcd3a63d2421dc05da07c7af6a6fc64bdd26d1e953c68d759c429adb6e0
GET /css2?family=Bungee+Spice&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 May 2024 13:41:05 GMT
date: Sun, 05 May 2024 13:41:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2 | 216.58.207.227 | 200 OK | 13 kB |
URL GET HTTP/2fonts.gstatic.com/s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2 IP216.58.207.227:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 13184, version 1.0 Hash37b12babb3bd0f9d9587cc8ca89a19b9 49cfe5b31144493cec4f21dc63fb2f1051061b45 73351bb42cb7827d0cd08c5d5832140700139b86eb6dd9a49047017924cb3ed0
GET /s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:41:24 GMT
expires: Fri, 02 May 2025 02:41:24 GMT
cache-control: public, max-age=31536000
age: 298781
last-modified: Wed, 27 Sep 2023 15:40:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 | 216.58.207.227 | 200 OK | 14 kB |
URL GET HTTP/2fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 IP216.58.207.227:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 13820, version 1.0 Hash2dd698f2699a5ef991625825011bff90 523ff9357131751e57dd78cb92b218a49a130d1d 02f5dfc0c21e92f3c724260f035833e627513a1b91230cc490a1ea756c95e5e5
GET /s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:34:50 GMT
expires: Fri, 02 May 2025 02:34:50 GMT
cache-control: public, max-age=31536000
age: 299175
last-modified: Thu, 24 Aug 2023 21:28:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Lobster&display=swap | 142.250.74.106 | 200 OK | 562 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Lobster&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash2cc91776f063728afc8cbe31c2afcbd6 ca1da83b85f1d2d761497611e22f8c64831002c6 111fe7ddb2bb47f665ec47c05a7c5efbf48ca1ee96f411c9ca064b6f4c1bb1d5
GET /css2?family=Lobster&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 May 2024 13:41:05 GMT
date: Sun, 05 May 2024 13:41:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js | 172.67.183.69 | 302 Found | 0 B |
URL GET HTTP/3www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Sun, 05 May 2024 13:41:06 GMT
content-length: 0
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
cache-control: max-age=300, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zCCnubgYLjHXrJ3YKMduwjuk4CkcQcEOKp48Q1pLgVUvtCRXew8Xxj1Blj9v%2BXLBzlSIV5zgHw%2Fw%2FyLwXdF3ns3WUrlHBAJIzOIoOIw4H7wOexm5waLVNJT3jfufq7WiZMlH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f12569edc85697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| mpougdusr.com/get/2020090?zoneid=2020090&jp=_cl8qqiksxa0mvr6m13m8d4&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2645663555941376&eclog=0&im=1&freq=0&uf=0 |  212.117.190.201 | 200 OK | 5.2 kB |
URL GET HTTP/2mpougdusr.com/get/2020090?zoneid=2020090&jp=_cl8qqiksxa0mvr6m13m8d4&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2645663555941376&eclog=0&im=1&freq=0&uf=0 IP212.117.190.201:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerBuypass AS-983163327 Subject Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66 ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT
File typegzip compressed data, from Unix Hash3ccd2398f49cbd63aa7ee5e772e53ee9 c90ca708c1ed22bf720d1ee414b602a6c0b94c6f 340068f613a0369938d909fd80c03f9ef7a9cabc27eed7ad8fb77dd0564071bd
GET /get/2020090?zoneid=2020090&jp=_cl8qqiksxa0mvr6m13m8d4&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2645663555941376&eclog=0&im=1&freq=0&uf=0 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:06 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Sun, 08 Jun 2025 13:41:06 GMT; Secure; SameSite=None
UID=2405050841d4199e76554048ce84b081e780; Path=/; Expires=Sun, 08 Jun 2025 13:41:06 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
|
|
| cdn.pncloudfl.com/pn/082/d6d/41f/082d6d41f9bd3220a660f2a4108986b2b367f0e4.png | 172.67.25.161 | 200 OK | 43 kB |
URL GET HTTP/2cdn.pncloudfl.com/pn/082/d6d/41f/082d6d41f9bd3220a660f2a4108986b2b367f0e4.png IP172.67.25.161:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectcdn.pncloudfl.com Fingerprint50:5F:A0:91:53:C9:C9:E3:5D:EA:53:42:E8:5B:81:FB:DE:7B:1E:2C ValiditySun, 28 Apr 2024 04:53:51 GMT - Sat, 27 Jul 2024 04:53:50 GMT
File typeRIFF (little-endian) data, Web/P image Hashbec3572ed077c92240ef0dd7dc17231d e278cd647e65b5f04ba1d582d05f76d5dfafd125 eb304641419d09e779018fe3bf31596d3ed3ad0d4ab05c716ce626152aa417ec
GET /pn/082/d6d/41f/082d6d41f9bd3220a660f2a4108986b2b367f0e4.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: image/webp
content-length: 42912
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=66221
content-disposition: inline; filename="082d6d41f9bd3220a660f2a4108986b2b367f0e4.webp"
etag: 20c64ca88091db62ea69001a7382f005
expires: Sun, 05 May 2024 21:59:26 GMT
last-modified: Mon, 23 Dec 2019 08:43:03 GMT
vary: Accept
x-openstack-request-id: tx9d94ab9f187b4137bb135-0061b079d0
x-proxy-cache: HIT
x-timestamp: 1577090582.49776
x-trans-id: tx9d94ab9f187b4137bb135-0061b079d0
cf-cache-status: HIT
age: 142901
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 87f1256b4a2c0b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.pncloudfl.com/pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png | 172.67.25.161 | 200 OK | 48 kB |
URL GET HTTP/2cdn.pncloudfl.com/pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png IP172.67.25.161:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectcdn.pncloudfl.com Fingerprint50:5F:A0:91:53:C9:C9:E3:5D:EA:53:42:E8:5B:81:FB:DE:7B:1E:2C ValiditySun, 28 Apr 2024 04:53:51 GMT - Sat, 27 Jul 2024 04:53:50 GMT
File typeRIFF (little-endian) data, Web/P image Hashfaa49393df3208c063f655607da54633 3de75eda9ed337e13622611cdda3d5bf615b311f 5b8090f769afc76f83e8635a46499a1e467be6c44aee86f5f53b7ca51baa53de
GET /pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: image/webp
content-length: 47678
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=74321
content-disposition: inline; filename="1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.webp"
etag: e7242897f9459085037ffcbcd74c060f
expires: Sun, 05 May 2024 21:38:21 GMT
last-modified: Mon, 23 Dec 2019 09:01:22 GMT
vary: Accept
x-openstack-request-id: tx6522abc861fc4738a75fe-0061b0bcf9
x-proxy-cache: HIT
x-timestamp: 1577091681.42646
x-trans-id: tx6522abc861fc4738a75fe-0061b0bcf9
cf-cache-status: HIT
age: 144165
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 87f1256b4a300b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| c59049439d.68d6b65e65.com/16c9a57b6d8f0d1d61a80aca258d0787/161855?version_name=c | 45.133.44.52 | 200 OK | 2.9 kB |
URL GET HTTP/2c59049439d.68d6b65e65.com/16c9a57b6d8f0d1d61a80aca258d0787/161855?version_name=c IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectc59049439d.68d6b65e65.com Fingerprint57:57:2E:26:4E:E7:36:A7:05:19:24:B3:03:5E:B1:5F:6B:36:9E:E1 ValidityThu, 02 May 2024 02:20:34 GMT - Wed, 31 Jul 2024 02:20:33 GMT
Hash72901ed2b115cff96465d462cb427f4e eb219995b56237ae0dd00a4ce1a23a5c014f5a7d 83bd786efd0c6faa0f8b2d9d40d3d07829e28efdf9e307b4c3a31684cd628f9d
GET /16c9a57b6d8f0d1d61a80aca258d0787/161855?version_name=c HTTP/1.1
Host: c59049439d.68d6b65e65.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sun, 05 May 2024 13:46:06 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| js.capndr.com/advertising.js | 45.133.44.53 | 200 OK | 0 B |
URL GET HTTP/2js.capndr.com/advertising.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectjs.capndr.com Fingerprint0D:30:A1:FB:7E:A0:EC:89:85:17:27:67:37:21:DA:E0:CB:E3:26:06 ValiditySun, 21 Apr 2024 03:00:41 GMT - Sat, 20 Jul 2024 03:00:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Sun, 05 May 2024 13:46:06 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/cdn-cgi/challenge-platform/h/g/jsd/r/87f1255be879b50f | 172.67.183.69 | 200 OK | 0 B |
URL POST HTTP/3www.amdahost.com/cdn-cgi/challenge-platform/h/g/jsd/r/87f1255be879b50f IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/challenge-platform/h/g/jsd/r/87f1255be879b50f HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12197
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=4052ec577a
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=nBBcghJcMv_0z1lFxxe.jcwYDaELt.SmAjACL9zC4QU-1714916466-1.0.1.1-wYSmmDJAJQc02WBW_4ahKioHi.iagDRPh.UgWBFoT8bpte4IM6Q3f0_FIP_iZUmIPyRySscSxggEVbTpc2KnVA; path=/; expires=Mon, 05-May-25 13:41:06 GMT; domain=.amdahost.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xlVpE%2F4I3BpjJ9bWS%2Bqd8NG4e2t%2FXOOIEfsLcl%2FD7HLTzMeGg4w2KSYKoX7eLvIk1jPnvxVtSa8xgYfNqq%2BDMOClsGIa81VB0VEZfFO99VQN3ZzIgZP2yncvBKV0lzGZ93G1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f1256cb8445697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| c.adsco.re/ |  104.17.167.186 | | 28 kB |
IP104.17.167.186:0
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73 ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (689) Hasha0b475c65fed312aba8d7c43a0cbc928 3fdd052b41c37318e44084be4f92d42fba4ded61 2dfb2101b24f80be00b1baecce7eec815e61a13381f6983051b6261b8035468a
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Wed, 05 Jun 2024 13:41:06 GMT
etag: W/"oLR1xl/tMSq6jXxDoMvJKA=="
cf-cache-status: HIT
age: 1084
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1256daa985687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/media/apple-touch-icon.png | 172.67.183.69 | 200 OK | 40 kB |
URL GET HTTP/3www.amdahost.com/media/apple-touch-icon.png IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
File typePNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced Hash3a0b8d799ca52ea360286be206ff8fb3 2dc98f04f62990a7ab58494b8cc4c9d34f88d82b a18a7554000483027f4297e642dd6ffa175ee4028844be6e7888cd31c165972d
GET /media/apple-touch-icon.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=4052ec577a
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5; cf_clearance=nBBcghJcMv_0z1lFxxe.jcwYDaELt.SmAjACL9zC4QU-1714916466-1.0.1.1-wYSmmDJAJQc02WBW_4ahKioHi.iagDRPh.UgWBFoT8bpte4IM6Q3f0_FIP_iZUmIPyRySscSxggEVbTpc2KnVA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: image/png
content-length: 40332
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 513
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yEXPoPOxR%2FeuFrrfwULalss7Yg6QurCh4TBairdZvT7G7DdWlnYPzNQZh5rzoGc2ZK6uwrkVMiW1SUwMzXOZNF9vwkGPjNVPH7ygN8f9Fe4OukOtCq%2FeKX3JbqoICfiAbCQG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1256e79cc5697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.amdahost.com/media/favicon-16x16.png | 172.67.183.69 | 200 OK | 936 B |
URL GET HTTP/3www.amdahost.com/media/favicon-16x16.png IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hashac0cd4d64276fa91e68993406abcd43d c9af1132645f2bccfb9295a4e45cc95e8e78b7b6 bf852eabb9e0bbeb89b360a2dc4ccc1b86f2ffea3dfa78f0c2bb8747be598382
GET /media/favicon-16x16.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=4052ec577a
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5; cf_clearance=nBBcghJcMv_0z1lFxxe.jcwYDaELt.SmAjACL9zC4QU-1714916466-1.0.1.1-wYSmmDJAJQc02WBW_4ahKioHi.iagDRPh.UgWBFoT8bpte4IM6Q3f0_FIP_iZUmIPyRySscSxggEVbTpc2KnVA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: image/png
content-length: 936
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 150
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hp8uamNjzwnj1bH5pf7BbXTRJ8JOG6enWdxOxQDn7fCD4b3zDJ8JCYf9tSIiYf2L7mjbufW6iCJmRVM%2Be8apdYv9EMj79%2Bn8O6TqYc0MJVMttOUqGcRFQqhL66%2FQvDO4ttog"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1256e79cd5697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 216.58.207.226 | 200 OK | 0 B |
URL HEAD HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP216.58.207.226:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Sun, 05 May 2024 13:41:07 GMT
expires: Sun, 05 May 2024 13:41:07 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 6272162164099540272
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51487
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/videos/1712223929_16012536c0625f11.mp4 | 172.67.183.69 | 206 Partial Content | 210 kB |
URL GET HTTP/3www.amdahost.com/videos/1712223929_16012536c0625f11.mp4 IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
Size210 kB (210515 bytes) Hashde4e50e26d2d5680660faf8bee8ae143 62d02097d8ae95f4b2ef5b7195fb3207c78f7388 cfaf83dfacfe4191f17a0690c79dc72a941f618ff9f1aae758d85d6d854b03a2
GET /videos/1712223929_16012536c0625f11.mp4 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=9764864-
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=4052ec577a
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Sun, 05 May 2024 13:41:07 GMT
content-type: video/mp4
content-length: 210515
etag: "983653-660e76d1-8c0cbf;;;"
last-modified: Thu, 04 Apr 2024 09:45:53 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
content-range: bytes 9764864-9975378/9975379
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hAAfQsbeAM2BaN8pL5Lylgu11O%2BgMn2wGFyNfVOzGetXxVnt6991tWTivDCvgfcG9YMpgQZ0%2FLc0gW5TLiDedaO6Oj8GjR%2FlxurDGQB54VOFw6QgKfg59eUq%2BGu4kCzScYJ1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1256cc84f5697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pyknrhm5c.com/get/2025683?p=2025683&jp=_clfjexam85jk2yvomyxhf1&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897463369632256&eclog=0&im=1&freq=0&uf=0 | 212.117.190.201 | 200 OK | 11 kB |
URL GET HTTP/2pyknrhm5c.com/get/2025683?p=2025683&jp=_clfjexam85jk2yvomyxhf1&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897463369632256&eclog=0&im=1&freq=0&uf=0 IP212.117.190.201:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerBuypass AS-983163327 Subject Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87 ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT
File typegzip compressed data, from Unix Hashb11126eca564231e932f7ea49177cc33 6bcadcd094e812e3bd2641e3e59c71c2b959fefb b8c8b2a1c2449f1cc95cc11e031809e8a344595b6195103be15ab3a8d125a659
GET /get/2025683?p=2025683&jp=_clfjexam85jk2yvomyxhf1&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897463369632256&eclog=0&im=1&freq=0&uf=0 HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:06 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Sun, 08 Jun 2025 13:41:06 GMT; Secure; SameSite=None
UID=2405050841fe36afc8aad848288264ceecaf; Path=/; Expires=Sun, 08 Jun 2025 13:41:06 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
|
|
| bid.mbidtg.com/tags/179977?version_name=c | 45.133.44.24 | 200 OK | 12 kB |
URL GET HTTP/2bid.mbidtg.com/tags/179977?version_name=c IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectbid.mbidtg.com Fingerprint62:EA:1B:EE:02:E5:88:CC:26:72:9B:BA:BF:B3:B6:2B:67:14:74:67 ValidityWed, 01 May 2024 03:00:45 GMT - Tue, 30 Jul 2024 03:00:44 GMT
Hashd8d6ba131153f531d9c6c0bad4ebb9fd 0d1b0633d175bdcc62a5b26c431224b072fd2516 7cc126649114b3cd56166516d77e48b10357187657d30b3b9dda648ef5fb3a47
GET /tags/179977?version_name=c HTTP/1.1
Host: bid.mbidtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: application/json
server: nginx/1.24.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/videos/1712223929_16012536c0625f11.mp4 | 172.67.183.69 | 206 Partial Content | 171 kB |
URL GET HTTP/3www.amdahost.com/videos/1712223929_16012536c0625f11.mp4 IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003] Size171 kB (170878 bytes) Hash5b1a714b978e8491a7497f1b65a28b54 a6db3581e563d9c0bf0da77a6c20e452617505f1 84cec965301df51c76b5a29ebe0e02fa775d4d3dbed9e926193e51fbccdc8f33
GET /videos/1712223929_16012536c0625f11.mp4 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=4052ec577a
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Sun, 05 May 2024 13:41:06 GMT
content-type: video/mp4
content-length: 9975379
etag: "983653-660e76d1-8c0cbf;;;"
last-modified: Thu, 04 Apr 2024 09:45:53 GMT
cache-control: max-age=14400
cf-cache-status: MISS
content-range: bytes 0-9975378/9975379
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2BZea6NvTtgV8yWya1OxuYeUXBdHVYStqQcGIiJ4LAnBgCOjXcLVvas1zW904yKwDt2NdjGtYMeXSqq%2BYlMKzCPWKtA9VT5azdgsKGVGsWrC28BVFOmaqX%2BZuEgoDweJAV0f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f125689c8f5697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| js.mbidadm.com/static/scripts.js | 45.133.44.52 | 200 OK | 11 kB |
URL GET HTTP/2js.mbidadm.com/static/scripts.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectjs.mbidadm.com FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80 ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT
File typegzip compressed data, from Unix Hashbd64917706c179facf706c9ca7ab9d08 39c803e1e1bdec85ebe84d1b86f5dc951ad35a9c db9312fe1b49622153e6975c883ae6dbe9e9b1661b81b7d960d5c87559458096
GET /static/scripts.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:05 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:14 GMT
etag: W/"6627832a-6c4"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:05 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=179977 |  157.90.84.242 | 204 No Content | 0 B |
URL OPTIONS HTTP/1.1fp.metricswpsh.com/fp?tag_id=179977 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 05 May 2024 13:41:07 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
|
|
| metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzQwMDcxOTEwMjMzNTE2MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== | 168.119.25.64 | 200 OK | 0 B |
URL GET HTTP/2metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzQwMDcxOTEwMjMzNTE2MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== IP168.119.25.64:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzQwMDcxOTEwMjMzNTE2MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:07 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| metricswpsh.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzQwMDcxOTEwMjMzNTE2MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxODEwODUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== | 168.119.25.64 | 200 OK | 0 B |
URL GET HTTP/2metricswpsh.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzQwMDcxOTEwMjMzNTE2MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxODEwODUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== IP168.119.25.64:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzQwMDcxOTEwMjMzNTE2MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxODEwODUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:07 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=181085 | 157.90.84.242 | 200 OK | 0 B |
URL POST HTTP/1.1fp.metricswpsh.com/fp?tag_id=181085 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=181085 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 05 May 2024 13:41:07 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
|
|
| fp.metricswpsh.com/fp?tag_id=179977 | 157.90.84.242 | 204 No Content | 58 B |
URL OPTIONS HTTP/1.1fp.metricswpsh.com/fp?tag_id=179977 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash87385fcd2a67fc74d2fa67366ba68ea2 a604cdbb1d31ce257e8643eee9219c9c724c200c 9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995
POST /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1835
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 05 May 2024 13:41:07 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=11187531031609701386; Expires=Mon, 05 May 2025 13:41:07 GMT; Secure; SameSite=None
Vary: Origin
|
|
| www.amdahost.com/cdn-cgi/rum? | 172.67.183.69 | 204 No Content | 0 B |
URL POST HTTP/3www.amdahost.com/cdn-cgi/rum? IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1082
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=4052ec577a
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5; cf_clearance=nBBcghJcMv_0z1lFxxe.jcwYDaELt.SmAjACL9zC4QU-1714916466-1.0.1.1-wYSmmDJAJQc02WBW_4ahKioHi.iagDRPh.UgWBFoT8bpte4IM6Q3f0_FIP_iZUmIPyRySscSxggEVbTpc2KnVA; a=1cKSZ40sgEzO9nOtvUbKxUlWStoDeO4r
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Sun, 05 May 2024 13:41:08 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87f12575d9285697-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| fp.metricswpsh.com/fp?tag_id=181085 | 157.90.84.242 | 200 OK | 58 B |
URL POST HTTP/1.1fp.metricswpsh.com/fp?tag_id=181085 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash87385fcd2a67fc74d2fa67366ba68ea2 a604cdbb1d31ce257e8643eee9219c9c724c200c 9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995
POST /fp?tag_id=181085 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 05 May 2024 13:41:08 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=9461370203454958150; Expires=Mon, 05 May 2025 13:41:08 GMT; Secure; SameSite=None
Vary: Origin
|
|
| adsco.re/p | 162.252.214.5 | 200 OK | 810 B |
IP162.252.214.5:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73 ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File typeASCII text, with very long lines (1020), with no line terminators Hash76a742fd24cf5bf3f8d712453b57c9ff 1c8e3a9771da2d55b739b7defba8cad67a8bdb05 4579bfb93fad59651190d63ad848ba9a00af7c3abe1f849d393204784a5abb7a
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1593
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 May 2024 13:41:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Accept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
Access-Control-Allow-Origin: https://www.amdahost.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
|
|
| fp.metricswpsh.com/fp?tag_id=161855 | 157.90.84.242 | 204 No Content | 0 B |
URL OPTIONS HTTP/1.1fp.metricswpsh.com/fp?tag_id=161855 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=161855 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 05 May 2024 13:41:08 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
|
|
| js.mbidinp.com/npc/sdk/wpu/npush.m.js | 45.133.44.52 | 200 OK | 47 kB |
URL GET HTTP/2js.mbidinp.com/npc/sdk/wpu/npush.m.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectjs.mbidinp.com FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT
File typegzip compressed data, from Unix Hash2fcdb49db14cdb0cd9e3b71d0bdb0a02 8eb2af73ac278f261a636ce56b299074d4f5e43a 73b7bcc8ebca22c888930c170219ee35ac72413b04eea8cacfa9586a7e03f8c4
GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:08 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| csbi1gfxo3bs.l4.adsco.re/ |  185.200.118.51 | 200 OK | 0 B |
URL POST HTTP/2csbi1gfxo3bs.l4.adsco.re/ IP185.200.118.51:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject*.l4.adsco.re FingerprintB2:51:02:63:F4:E6:E7:3A:98:79:B7:C5:F8:81:EC:E8:79:B9:BC:22 ValidityFri, 19 Apr 2024 09:12:52 GMT - Thu, 18 Jul 2024 09:12:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: csbi1gfxo3bs.l4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 02 Jun 2023 14:03:32 GMT
etag: "6479f6b4-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=161855 | 157.90.84.242 | 204 No Content | 58 B |
URL OPTIONS HTTP/1.1fp.metricswpsh.com/fp?tag_id=161855 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash87385fcd2a67fc74d2fa67366ba68ea2 a604cdbb1d31ce257e8643eee9219c9c724c200c 9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995
POST /fp?tag_id=161855 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1835
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Cookie: id=11187531031609701386
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 05 May 2024 13:41:08 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin
|
|
| cf7f345e1e.536e9f9126.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzQwMDcxOTEwMjMzNTE2MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNjE4NTUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== | 45.133.44.53 | 200 OK | 0 B |
URL GET HTTP/2cf7f345e1e.536e9f9126.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzQwMDcxOTEwMjMzNTE2MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNjE4NTUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectcf7f345e1e.536e9f9126.com Fingerprint71:F9:AA:03:86:91:84:5D:4D:14:DA:11:94:7A:19:87:8E:B3:23:E7 ValidityThu, 02 May 2024 02:50:28 GMT - Wed, 31 Jul 2024 02:50:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzQwMDcxOTEwMjMzNTE2MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNjE4NTUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: cf7f345e1e.536e9f9126.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mpougdusr.com/chicken.gif?z=2020090&pb=76299d8b7a96d87e12e062686ad0de211714923666&psp=-S8v07T9fYAkXDN4EQIeGn5uvoIwzofqLqBunTlNHkn57_ZF8tPhUu4RX1SF1nZY85CL6jdCWf6lz6eOaz1BjSqRCkVvg0i8Z3XvZIuNvjo-3qVsYt6crGmkwZRLh09lbUi-5ZdA44BIyMs8K1BD7W6Saa9XZZUjfQWtcJn_mkk7-kXMyzUHoHJFaMHA27o8nXXhdqqpmSHBtZTkqS5i9-jXNMpDWEKg9Kdozv0R3sbw1UN7dC7RvCHF4gjq9fkRVlv3WRWW_O1KsTw3YJGA50LF1CEh6l2PXH7e1v8TcaKk6tDWjDLmuGYm1ZvyTQlxyxWXP-z3DDCcwx5SlsJnD9L0u_w_jeZZDrxViObgNK5SEhmhqtqZKl4_hke9WPR96rA_I7yXvvmV1qrL9Ym-k7l_9X4psvT2wtFYqf84OUPuFFW0uyngAcaZajuK-QqiaudcMYe55VnP5sBJtrLRXb5PkUZufgzAIFqodzftDYXZtDQVHC-BxoTfnxdaCxflX4SH2RuD4VnbLhsgXMR3dGbRnOErA92TCnUsJnlyZfjAdcuFwqFI6mZQ99rA0JNW01lOLcqB7sZC3HfKQ7vsRX2Vo2AEpQ5xk7x0SSrMUl-8HxQ8WnVEYdjDI7o_XGV22i-QAyfVMtHE8ceJpLvCmR_Ig5HOT3cKW_INsGlKPl3uAotR8JLdyxhtHry9LO9h3l58aNJ4mt1_JmOEAOvepdsZ0fQvFJFlqu3HIM8_mJon78s9EzbPSLkFdi5fIj9F4wrVMkpp8o052LFsFut5tjkgK7026qr0f3buOFOwdvtxmByDsB5_E5mB39VW2YumI1FqEW7aGhaFBr9kxm6rHttcULgmEZDx1YigwjfLCbsJoNC8IHbxpVIPxmV9yWnm2k7t3Ek8TIIzTSacDBg-7RVIi6oKJZC_ikP846a9rs25uxhLqUFzoGsknou2F58K0xHeBBXDEAtOHr4qNVzS_uv2m45oJ64cvAQCeumT4SPdancsaPo4T8MGWWD3_YD2UTGQ41Xrr5GOl6h8R-HBuLKPPXSozwkOfPO0WGUFzTuQy4Fx2xi4F4-l0ek84EaclfM0VmHI43DqtUL7HOIsWOtqsRPEXXU6TnP66QLrgYzLglbAZSDtPHNFbAXhKrrAAnNvEUynsA1bKLM8w9oxIIM-nLCc_qkiQF3xemjhVQK5KHYTMJYY7MQafIeRMsW4EZJMHPNWrWrMsrBHMIkrZOKIZeAZSB2OBiirAKiEyH_OAdRVOdSq60jz9RtIeAx8gwNPwr6rkmnjVmEMby284lqsC7dp2-FkFYtLKbvOBlSZ1MMBuSwZq7Kl5IvljmAx7x8oCd5Sgr9lAbWbOPYJhk1UWnFUv2ErkA9j8eA010zxWYQTccYh-nmhvDsRvySyIjTk3rUHDeZN_qjJsExSi3EPvHAQb9ImBN0aahUIJAyJFYD1YQiXjwZ2IQ39IfGDSgiYFyg2mg-as3RHQ74YjbPHzUSfMGfErYHSN4OiZAiPIg8dSOfsaj8ORkn0hYRXsyztDREUkPsFFtIZXbtfiVnCsb2IClwK_eH4aWxxfzlqLdBecYhhCajGL5SpPqP7xkkXAzlIBWnt4t54s7BbwCvPFfnLkpe1Mjl0wE91KMxsSyMtwI6OyMYd4c6VE6ot4VKqLCK58zPvU4VyZwdG9EK37iJHyH2zv3YJwLvlZHIVAo-TU6XG0MztjiFN6xhuIxBi-EqIQlTO-1-RIVC23PGGpEwsao7UFIog8kqrPK8aKHVRKFiwOkvRMg==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2645663555941376&eclog=0&im=1 | 212.117.190.201 | 200 OK | 43 B |
URL GET HTTP/2mpougdusr.com/chicken.gif?z=2020090&pb=76299d8b7a96d87e12e062686ad0de211714923666&psp=-S8v07T9fYAkXDN4EQIeGn5uvoIwzofqLqBunTlNHkn57_ZF8tPhUu4RX1SF1nZY85CL6jdCWf6lz6eOaz1BjSqRCkVvg0i8Z3XvZIuNvjo-3qVsYt6crGmkwZRLh09lbUi-5ZdA44BIyMs8K1BD7W6Saa9XZZUjfQWtcJn_mkk7-kXMyzUHoHJFaMHA27o8nXXhdqqpmSHBtZTkqS5i9-jXNMpDWEKg9Kdozv0R3sbw1UN7dC7RvCHF4gjq9fkRVlv3WRWW_O1KsTw3YJGA50LF1CEh6l2PXH7e1v8TcaKk6tDWjDLmuGYm1ZvyTQlxyxWXP-z3DDCcwx5SlsJnD9L0u_w_jeZZDrxViObgNK5SEhmhqtqZKl4_hke9WPR96rA_I7yXvvmV1qrL9Ym-k7l_9X4psvT2wtFYqf84OUPuFFW0uyngAcaZajuK-QqiaudcMYe55VnP5sBJtrLRXb5PkUZufgzAIFqodzftDYXZtDQVHC-BxoTfnxdaCxflX4SH2RuD4VnbLhsgXMR3dGbRnOErA92TCnUsJnlyZfjAdcuFwqFI6mZQ99rA0JNW01lOLcqB7sZC3HfKQ7vsRX2Vo2AEpQ5xk7x0SSrMUl-8HxQ8WnVEYdjDI7o_XGV22i-QAyfVMtHE8ceJpLvCmR_Ig5HOT3cKW_INsGlKPl3uAotR8JLdyxhtHry9LO9h3l58aNJ4mt1_JmOEAOvepdsZ0fQvFJFlqu3HIM8_mJon78s9EzbPSLkFdi5fIj9F4wrVMkpp8o052LFsFut5tjkgK7026qr0f3buOFOwdvtxmByDsB5_E5mB39VW2YumI1FqEW7aGhaFBr9kxm6rHttcULgmEZDx1YigwjfLCbsJoNC8IHbxpVIPxmV9yWnm2k7t3Ek8TIIzTSacDBg-7RVIi6oKJZC_ikP846a9rs25uxhLqUFzoGsknou2F58K0xHeBBXDEAtOHr4qNVzS_uv2m45oJ64cvAQCeumT4SPdancsaPo4T8MGWWD3_YD2UTGQ41Xrr5GOl6h8R-HBuLKPPXSozwkOfPO0WGUFzTuQy4Fx2xi4F4-l0ek84EaclfM0VmHI43DqtUL7HOIsWOtqsRPEXXU6TnP66QLrgYzLglbAZSDtPHNFbAXhKrrAAnNvEUynsA1bKLM8w9oxIIM-nLCc_qkiQF3xemjhVQK5KHYTMJYY7MQafIeRMsW4EZJMHPNWrWrMsrBHMIkrZOKIZeAZSB2OBiirAKiEyH_OAdRVOdSq60jz9RtIeAx8gwNPwr6rkmnjVmEMby284lqsC7dp2-FkFYtLKbvOBlSZ1MMBuSwZq7Kl5IvljmAx7x8oCd5Sgr9lAbWbOPYJhk1UWnFUv2ErkA9j8eA010zxWYQTccYh-nmhvDsRvySyIjTk3rUHDeZN_qjJsExSi3EPvHAQb9ImBN0aahUIJAyJFYD1YQiXjwZ2IQ39IfGDSgiYFyg2mg-as3RHQ74YjbPHzUSfMGfErYHSN4OiZAiPIg8dSOfsaj8ORkn0hYRXsyztDREUkPsFFtIZXbtfiVnCsb2IClwK_eH4aWxxfzlqLdBecYhhCajGL5SpPqP7xkkXAzlIBWnt4t54s7BbwCvPFfnLkpe1Mjl0wE91KMxsSyMtwI6OyMYd4c6VE6ot4VKqLCK58zPvU4VyZwdG9EK37iJHyH2zv3YJwLvlZHIVAo-TU6XG0MztjiFN6xhuIxBi-EqIQlTO-1-RIVC23PGGpEwsao7UFIog8kqrPK8aKHVRKFiwOkvRMg==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2645663555941376&eclog=0&im=1 IP212.117.190.201:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerBuypass AS-983163327 Subject Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66 ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT
File typeGIF image data, version 89a, 1 x 1 Hash28e463819a210071de3b45ebe7633613 6dccd571828ec0912629119cf7eabfea9f33ddbc 44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=2020090&pb=76299d8b7a96d87e12e062686ad0de211714923666&psp=-S8v07T9fYAkXDN4EQIeGn5uvoIwzofqLqBunTlNHkn57_ZF8tPhUu4RX1SF1nZY85CL6jdCWf6lz6eOaz1BjSqRCkVvg0i8Z3XvZIuNvjo-3qVsYt6crGmkwZRLh09lbUi-5ZdA44BIyMs8K1BD7W6Saa9XZZUjfQWtcJn_mkk7-kXMyzUHoHJFaMHA27o8nXXhdqqpmSHBtZTkqS5i9-jXNMpDWEKg9Kdozv0R3sbw1UN7dC7RvCHF4gjq9fkRVlv3WRWW_O1KsTw3YJGA50LF1CEh6l2PXH7e1v8TcaKk6tDWjDLmuGYm1ZvyTQlxyxWXP-z3DDCcwx5SlsJnD9L0u_w_jeZZDrxViObgNK5SEhmhqtqZKl4_hke9WPR96rA_I7yXvvmV1qrL9Ym-k7l_9X4psvT2wtFYqf84OUPuFFW0uyngAcaZajuK-QqiaudcMYe55VnP5sBJtrLRXb5PkUZufgzAIFqodzftDYXZtDQVHC-BxoTfnxdaCxflX4SH2RuD4VnbLhsgXMR3dGbRnOErA92TCnUsJnlyZfjAdcuFwqFI6mZQ99rA0JNW01lOLcqB7sZC3HfKQ7vsRX2Vo2AEpQ5xk7x0SSrMUl-8HxQ8WnVEYdjDI7o_XGV22i-QAyfVMtHE8ceJpLvCmR_Ig5HOT3cKW_INsGlKPl3uAotR8JLdyxhtHry9LO9h3l58aNJ4mt1_JmOEAOvepdsZ0fQvFJFlqu3HIM8_mJon78s9EzbPSLkFdi5fIj9F4wrVMkpp8o052LFsFut5tjkgK7026qr0f3buOFOwdvtxmByDsB5_E5mB39VW2YumI1FqEW7aGhaFBr9kxm6rHttcULgmEZDx1YigwjfLCbsJoNC8IHbxpVIPxmV9yWnm2k7t3Ek8TIIzTSacDBg-7RVIi6oKJZC_ikP846a9rs25uxhLqUFzoGsknou2F58K0xHeBBXDEAtOHr4qNVzS_uv2m45oJ64cvAQCeumT4SPdancsaPo4T8MGWWD3_YD2UTGQ41Xrr5GOl6h8R-HBuLKPPXSozwkOfPO0WGUFzTuQy4Fx2xi4F4-l0ek84EaclfM0VmHI43DqtUL7HOIsWOtqsRPEXXU6TnP66QLrgYzLglbAZSDtPHNFbAXhKrrAAnNvEUynsA1bKLM8w9oxIIM-nLCc_qkiQF3xemjhVQK5KHYTMJYY7MQafIeRMsW4EZJMHPNWrWrMsrBHMIkrZOKIZeAZSB2OBiirAKiEyH_OAdRVOdSq60jz9RtIeAx8gwNPwr6rkmnjVmEMby284lqsC7dp2-FkFYtLKbvOBlSZ1MMBuSwZq7Kl5IvljmAx7x8oCd5Sgr9lAbWbOPYJhk1UWnFUv2ErkA9j8eA010zxWYQTccYh-nmhvDsRvySyIjTk3rUHDeZN_qjJsExSi3EPvHAQb9ImBN0aahUIJAyJFYD1YQiXjwZ2IQ39IfGDSgiYFyg2mg-as3RHQ74YjbPHzUSfMGfErYHSN4OiZAiPIg8dSOfsaj8ORkn0hYRXsyztDREUkPsFFtIZXbtfiVnCsb2IClwK_eH4aWxxfzlqLdBecYhhCajGL5SpPqP7xkkXAzlIBWnt4t54s7BbwCvPFfnLkpe1Mjl0wE91KMxsSyMtwI6OyMYd4c6VE6ot4VKqLCK58zPvU4VyZwdG9EK37iJHyH2zv3YJwLvlZHIVAo-TU6XG0MztjiFN6xhuIxBi-EqIQlTO-1-RIVC23PGGpEwsao7UFIog8kqrPK8aKHVRKFiwOkvRMg==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2645663555941376&eclog=0&im=1 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2405050841d4199e76554048ce84b081e780
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:08 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
|
|
| csbi1gfxo3bs.n4.adsco.re/ | 38.132.109.115 | 200 OK | 0 B |
URL POST HTTP/2csbi1gfxo3bs.n4.adsco.re/ IP38.132.109.115:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject*.n4.adsco.re Fingerprint45:6E:69:F7:75:1D:65:9E:20:3D:CF:CE:8B:F5:36:72:85:BD:76:EC ValidityFri, 19 Apr 2024 09:12:46 GMT - Thu, 18 Jul 2024 09:12:45 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: csbi1gfxo3bs.n4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 16 Jun 2023 08:37:42 GMT
etag: "648c1f56-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6.adsco.re/ | 104.17.167.186 | | 0 B |
IP104.17.167.186:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://c.adsco.re/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: *
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f125797ce7568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| onclckip.com/in/dip?site=native-push&wl=0&event_id=4c2f1b54-aa0d-4319-b08e-c2c91effa34e&subid=1635306071&sid=4244134629&spot_id=594068&created_at=2024-05-05&timezone=0&ver=8.159.0&is_native=1 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/2onclckip.com/in/dip?site=native-push&wl=0&event_id=4c2f1b54-aa0d-4319-b08e-c2c91effa34e&subid=1635306071&sid=4244134629&spot_id=594068&created_at=2024-05-05&timezone=0&ver=8.159.0&is_native=1 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=0&event_id=4c2f1b54-aa0d-4319-b08e-c2c91effa34e&subid=1635306071&sid=4244134629&spot_id=594068&created_at=2024-05-05&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: onclckip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:08 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mbdippex.com/in/multy | 168.119.25.102 | 200 OK | 0 B |
IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:08 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mbddip.com/in/dip?site=native-push&wl=1&event_id=88fe8604-56e4-485b-85d1-d48f1ccbfe23&subid=1211831614&sid=2991417185&spot_id=560190&created_at=2024-05-05&timezone=0&ver=8.159.0&is_native=1 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/2mbddip.com/in/dip?site=native-push&wl=1&event_id=88fe8604-56e4-485b-85d1-d48f1ccbfe23&subid=1211831614&sid=2991417185&spot_id=560190&created_at=2024-05-05&timezone=0&ver=8.159.0&is_native=1 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=88fe8604-56e4-485b-85d1-d48f1ccbfe23&subid=1211831614&sid=2991417185&spot_id=560190&created_at=2024-05-05&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: mbddip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:08 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 69bd97630e.9460a8c99f.com/in/multy | 168.119.25.102 | 200 OK | 0 B |
URL POST HTTP/269bd97630e.9460a8c99f.com/in/multy IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject9460a8c99f.com Fingerprint00:D5:87:E5:D8:C9:D7:F6:51:6F:7F:1F:D2:C4:2E:AF:60:F0:69:D3 ValidityWed, 01 May 2024 14:01:56 GMT - Tue, 30 Jul 2024 14:01:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
OPTIONS /in/multy HTTP/1.1
Host: 69bd97630e.9460a8c99f.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:08 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| js.onclckpp.com/popunder-admanager/build.m.js | 45.133.44.53 | 200 OK | 56 kB |
URL GET HTTP/2js.onclckpp.com/popunder-admanager/build.m.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectjs.onclckpp.com FingerprintA8:6D:6C:51:D2:87:DA:A4:84:97:5D:DD:FE:A3:4B:E9:D6:C6:DA:71 ValidityFri, 12 Apr 2024 03:01:03 GMT - Thu, 11 Jul 2024 03:01:02 GMT
File typegzip compressed data, from Unix Hash8ea07d540a3a4daebde307497d0fa3ed 02aaf66de10746b6f8a4f689aca42f00c770300e 470ffa6118872c970391cd25c9a94d717a6568540eeb1911dd382758147d0b0f
GET /popunder-admanager/build.m.js HTTP/1.1
Host: js.onclckpp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:08 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| storage.mbidstorage.com/log/count.html | 104.21.65.172 | 301 Moved Permanently | 368 B |
URL GET HTTP/3storage.mbidstorage.com/log/count.html IP104.21.65.172:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectmbidstorage.com Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95 ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash73805f12d1db37ac8d10780b470f12c3 ffca13dc0f12d63c28fae57ed468b7e09aada3d0 044c2b2350af6799b740282e0bf06ff645bfa8d1ca769cd72065a856915a2dd6
GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sun, 05 May 2024 13:41:07 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nTIiJ4gVo6um9SGimdAFuj1JfrkvVStDpKypwFQmJygX0M12u%2F6FARC7dCPcEx08E435xwyL8JpM6bLahcE2kG6%2FsPMNufMZ95s%2B0bO00lch%2BobLj7Ra9b3HI2wp%2FCNSdrM0i3WUvPMs6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f125737dfb56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| js.mbidinp.com/skins/nmain.m.js | 45.133.44.52 | 200 OK | 110 kB |
URL GET HTTP/2js.mbidinp.com/skins/nmain.m.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectjs.mbidinp.com FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT
File typegzip compressed data, from Unix Size110 kB (110447 bytes) Hashb967789a5f44d75823aefb54ecd659e3 ca2ee8e76e984d0e426954de7195999c9f123bca 1f1ac52d7add98e5c834141718e4cc14b63bcd2fe6b70c32318dc096838a4024
GET /skins/nmain.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:08 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| mpougdusr.com/bultykh/ipp24/7/bazinga/2020090 | 212.117.190.201 | 200 OK | 58 kB |
URL GET HTTP/2mpougdusr.com/bultykh/ipp24/7/bazinga/2020090 IP212.117.190.201:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerBuypass AS-983163327 Subject Fingerprint96:80:FC:87:80:4A:3B:59:5A:2E:82:5A:B8:1D:9D:47:78:21:AA:66 ValidityWed, 01 May 2024 14:41:50 GMT - Sun, 27 Oct 2024 22:59:00 GMT
File typegzip compressed data, max speed, from Unix Hash50414d0e144652fb8d8737f7d37dbf13 703205687499af8eea76a3e770e84b790fdf74ad c166de6db3bd4272e42a2277a4904de67314ade46d510b17b8c0b85f7b9d9304
GET /bultykh/ipp24/7/bazinga/2020090 HTTP/1.1
Host: mpougdusr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:05 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-269a3"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 69bd97630e.9460a8c99f.com/in/multy | 168.119.25.102 | 200 OK | 3.2 kB |
URL POST HTTP/269bd97630e.9460a8c99f.com/in/multy IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject9460a8c99f.com Fingerprint00:D5:87:E5:D8:C9:D7:F6:51:6F:7F:1F:D2:C4:2E:AF:60:F0:69:D3 ValidityWed, 01 May 2024 14:01:56 GMT - Tue, 30 Jul 2024 14:01:55 GMT
Hash249399c1e0d1bfc64abbd4888d1d6445 7a7da30fdad4265209e725e01435ca3f9d05d6b0 00ad2163764399790ed1810045a6a7c0d7358fdab2885ad0a0e19722e275b5d3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /in/multy HTTP/1.1
Host: 69bd97630e.9460a8c99f.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2171
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:09 GMT
content-type: application/json
content-length: 3171
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| mbdippex.com/in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1211831614&sid=2991417185&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=67.80152073878355&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&icons=LSWIlMiyOi-THmZabcRXRtOiN3eGfuH-ms-Wr_-JjwC_i7oUT6KEoCaBg9Ae8fzsgS7uTqdRVIHe4eqAlB3Avgbu5YrTj7sHq_rXlzJuHCIHVERsGOoTsUqSng0Lok5QKIcBmerOsR1d5ddiHdwkTj0WM0kOHFEJYKj9YfgVuQKfaSmnMw&ext_cid=0&px_id=560190&min_cpm=0.08384647983134952&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2745519738323996710&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.01739740938230057&cpm=0&verify_hash=4c1e78f6e9d53ae60fc1d7139007bd81&is_native=4&real_bid=0.0005730503214413991&original_bid_usd=0.002761805&original_bid=0.002761805&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,108,0,114,27&need_redirect_show=0&applied_features=coef_098,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002761805&hostname=auc-inpage-hz-2-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000027618050000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.05&cpa=2232fabf-d1f8-40c3-8cd1-53b1be729e21&prev_step_diff=745 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/2mbdippex.com/in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1211831614&sid=2991417185&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=67.80152073878355&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&icons=LSWIlMiyOi-THmZabcRXRtOiN3eGfuH-ms-Wr_-JjwC_i7oUT6KEoCaBg9Ae8fzsgS7uTqdRVIHe4eqAlB3Avgbu5YrTj7sHq_rXlzJuHCIHVERsGOoTsUqSng0Lok5QKIcBmerOsR1d5ddiHdwkTj0WM0kOHFEJYKj9YfgVuQKfaSmnMw&ext_cid=0&px_id=560190&min_cpm=0.08384647983134952&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2745519738323996710&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.01739740938230057&cpm=0&verify_hash=4c1e78f6e9d53ae60fc1d7139007bd81&is_native=4&real_bid=0.0005730503214413991&original_bid_usd=0.002761805&original_bid=0.002761805&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,108,0,114,27&need_redirect_show=0&applied_features=coef_098,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002761805&hostname=auc-inpage-hz-2-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000027618050000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.05&cpa=2232fabf-d1f8-40c3-8cd1-53b1be729e21&prev_step_diff=745 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1211831614&sid=2991417185&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=67.80152073878355&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&icons=LSWIlMiyOi-THmZabcRXRtOiN3eGfuH-ms-Wr_-JjwC_i7oUT6KEoCaBg9Ae8fzsgS7uTqdRVIHe4eqAlB3Avgbu5YrTj7sHq_rXlzJuHCIHVERsGOoTsUqSng0Lok5QKIcBmerOsR1d5ddiHdwkTj0WM0kOHFEJYKj9YfgVuQKfaSmnMw&ext_cid=0&px_id=560190&min_cpm=0.08384647983134952&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2745519738323996710&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.01739740938230057&cpm=0&verify_hash=4c1e78f6e9d53ae60fc1d7139007bd81&is_native=4&real_bid=0.0005730503214413991&original_bid_usd=0.002761805&original_bid=0.002761805&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,108,0,114,27&need_redirect_show=0&applied_features=coef_098,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002761805&hostname=auc-inpage-hz-2-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000027618050000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.05&cpa=2232fabf-d1f8-40c3-8cd1-53b1be729e21&prev_step_diff=745 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:09 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mbdippex.com/in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1211831614&sid=2991417185&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=67.80152073878355&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=77c5a97501b803765249b9c86cd7c6a3&url=https%3A%2F%2Fclick.eu.aneorwd.com%2Frtb%2Ffeedclick_inpage%3Ffeedid%3De703%26subid%3D31560190%26uuid%3Dceb794ab-f5b3-4cb0-a5bc-93b82ed20d46%26ep%3D3DI7OLS3L2XGSQRCFJ4VTPJE7232EMRGECXRJXLEPPFEUV33XXPMVQ2P2RSOWVTAPJZK34TTPQ2PZRA3RKSS5J6WJR3OSGSYEWXZQN26SRWHUZGFSJ7MQFYG7PS7SY5XH36H66VKWQI7732KG2HKK6EZFDVB6LU4BGHBTGWNAOUCNML35556XXIOQQ5RF2OSEJBSMKJE4WK4DMO23QOPGBYLRUXU3SZCYFPSXYS44DWRRBZGGTFOYUHWBDDWWA7AGZEA2DMEWDGCRGM7WG6BZCQGDG66NVIETSYCE2JLWTDR4653Q4ONELJF23W6GJNN4MSV7PGMWFCMPXT2SDEGIYWSCP4FB74NTLQAMSDPXISBQYP4IQLLBLSASXELUW3ELBSGRFAXNWYM6ZTCV2EEG4XGJMCQUFB6AYPM6BGC5RYA7GYZ7O7JY3XQQG3DCF5DAGS7NSZOU57PSFSB6S4HJ4K3Q3KXMH2TUIZX2QOFWJJPCDRZBEQRS45IQAF2GDHY6RDZNG3OWQJ3DXHWUA4FTCMVL2PDPPA6T42DKQQK7JRILHJ6L5EKSSVJKUQQEFCP7UIFKE3RMS2XBJAGQLCTZJZYJ5CZPIJNOGBLXDQ%253D&icons=INKeWO9wTq_LcibbRohoEpvV--hnqcsAHBKisWsyJI8AXr_Teybrbe4m-ZcFGFM3b99mnT3A6rCp_8_yhgX0a2seCNI1dvkACt_kuDEJPJfK56YAI7LIPM1SNVlpdIUE9raA0mb4ZfGQXHbyw-VlMCCCT6xK7ngR8BQ7e5UywJpkbYNODGiwHU9wlrLF-wWU0J6zKXrVMW_4YtTZuiM4aOeaCYffojdcunKwVuCyFCUZ_hPgGHYiX8MtK7ag1Zv6jrt0tdQhcJaxvIxCR4J2iM4O8ELCHw49GCxrTqtBYjKg3i16VuJkHpcoDITObuCl-hWqRy7c6kbkrIYQX9W8JKmGQEpoqZpt5RdoXy7RREx8Su4ml7uyFfX3t6E6XUEf03lq84o3tke9aVuOQIxMNZct6siOY5r7fukTq3UPMlIsgb6S64avvY13RqVFmIT92MF2a2msoTLaV7iJFYHF3OXV-un-hPAiiSjXBoiPcVXgPlr4iMS7xvGpTVCoGeoHiMuq27NWr9TMV8ked_RwaxKDi0pbeaIOVEsTd2oSyd3ePzG-uov4EbDABSZKRcQ_qaPmU1TF_bQDegWOwTQ6MqdLqI4XN06EHbLk98A&ext_cid=0&px_id=31560190&min_cpm=0.05986779967415015&out_id=0&campaign_type=mq&aid=3412&cid=12971&uniq=&mid=2745519738323996710&skin_id=71&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.059731043245426274&cpm=0&verify_hash=b0e1759d18290f60742197eb4331f86f&is_native=1&real_bid=0.0027554961897432763&original_bid_usd=0.0031125&original_bid=0.0031125&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,130&need_redirect_show=0&applied_features=main-skins-settings,coef_098&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fi.wmgtr.com%2Fcim%2FKJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png&site=native-push-adult&price=0.0031125&hostname=auc-inpage-hz-2-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000031125&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.05&cpa=51871489-c4e5-40e4-b2ec-337c8a263ef5&prev_step_diff=744 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/2mbdippex.com/in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1211831614&sid=2991417185&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=67.80152073878355&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=77c5a97501b803765249b9c86cd7c6a3&url=https%3A%2F%2Fclick.eu.aneorwd.com%2Frtb%2Ffeedclick_inpage%3Ffeedid%3De703%26subid%3D31560190%26uuid%3Dceb794ab-f5b3-4cb0-a5bc-93b82ed20d46%26ep%3D3DI7OLS3L2XGSQRCFJ4VTPJE7232EMRGECXRJXLEPPFEUV33XXPMVQ2P2RSOWVTAPJZK34TTPQ2PZRA3RKSS5J6WJR3OSGSYEWXZQN26SRWHUZGFSJ7MQFYG7PS7SY5XH36H66VKWQI7732KG2HKK6EZFDVB6LU4BGHBTGWNAOUCNML35556XXIOQQ5RF2OSEJBSMKJE4WK4DMO23QOPGBYLRUXU3SZCYFPSXYS44DWRRBZGGTFOYUHWBDDWWA7AGZEA2DMEWDGCRGM7WG6BZCQGDG66NVIETSYCE2JLWTDR4653Q4ONELJF23W6GJNN4MSV7PGMWFCMPXT2SDEGIYWSCP4FB74NTLQAMSDPXISBQYP4IQLLBLSASXELUW3ELBSGRFAXNWYM6ZTCV2EEG4XGJMCQUFB6AYPM6BGC5RYA7GYZ7O7JY3XQQG3DCF5DAGS7NSZOU57PSFSB6S4HJ4K3Q3KXMH2TUIZX2QOFWJJPCDRZBEQRS45IQAF2GDHY6RDZNG3OWQJ3DXHWUA4FTCMVL2PDPPA6T42DKQQK7JRILHJ6L5EKSSVJKUQQEFCP7UIFKE3RMS2XBJAGQLCTZJZYJ5CZPIJNOGBLXDQ%253D&icons=INKeWO9wTq_LcibbRohoEpvV--hnqcsAHBKisWsyJI8AXr_Teybrbe4m-ZcFGFM3b99mnT3A6rCp_8_yhgX0a2seCNI1dvkACt_kuDEJPJfK56YAI7LIPM1SNVlpdIUE9raA0mb4ZfGQXHbyw-VlMCCCT6xK7ngR8BQ7e5UywJpkbYNODGiwHU9wlrLF-wWU0J6zKXrVMW_4YtTZuiM4aOeaCYffojdcunKwVuCyFCUZ_hPgGHYiX8MtK7ag1Zv6jrt0tdQhcJaxvIxCR4J2iM4O8ELCHw49GCxrTqtBYjKg3i16VuJkHpcoDITObuCl-hWqRy7c6kbkrIYQX9W8JKmGQEpoqZpt5RdoXy7RREx8Su4ml7uyFfX3t6E6XUEf03lq84o3tke9aVuOQIxMNZct6siOY5r7fukTq3UPMlIsgb6S64avvY13RqVFmIT92MF2a2msoTLaV7iJFYHF3OXV-un-hPAiiSjXBoiPcVXgPlr4iMS7xvGpTVCoGeoHiMuq27NWr9TMV8ked_RwaxKDi0pbeaIOVEsTd2oSyd3ePzG-uov4EbDABSZKRcQ_qaPmU1TF_bQDegWOwTQ6MqdLqI4XN06EHbLk98A&ext_cid=0&px_id=31560190&min_cpm=0.05986779967415015&out_id=0&campaign_type=mq&aid=3412&cid=12971&uniq=&mid=2745519738323996710&skin_id=71&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.059731043245426274&cpm=0&verify_hash=b0e1759d18290f60742197eb4331f86f&is_native=1&real_bid=0.0027554961897432763&original_bid_usd=0.0031125&original_bid=0.0031125&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,130&need_redirect_show=0&applied_features=main-skins-settings,coef_098&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fi.wmgtr.com%2Fcim%2FKJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png&site=native-push-adult&price=0.0031125&hostname=auc-inpage-hz-2-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000031125&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.05&cpa=51871489-c4e5-40e4-b2ec-337c8a263ef5&prev_step_diff=744 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1211831614&sid=2991417185&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=67.80152073878355&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=77c5a97501b803765249b9c86cd7c6a3&url=https%3A%2F%2Fclick.eu.aneorwd.com%2Frtb%2Ffeedclick_inpage%3Ffeedid%3De703%26subid%3D31560190%26uuid%3Dceb794ab-f5b3-4cb0-a5bc-93b82ed20d46%26ep%3D3DI7OLS3L2XGSQRCFJ4VTPJE7232EMRGECXRJXLEPPFEUV33XXPMVQ2P2RSOWVTAPJZK34TTPQ2PZRA3RKSS5J6WJR3OSGSYEWXZQN26SRWHUZGFSJ7MQFYG7PS7SY5XH36H66VKWQI7732KG2HKK6EZFDVB6LU4BGHBTGWNAOUCNML35556XXIOQQ5RF2OSEJBSMKJE4WK4DMO23QOPGBYLRUXU3SZCYFPSXYS44DWRRBZGGTFOYUHWBDDWWA7AGZEA2DMEWDGCRGM7WG6BZCQGDG66NVIETSYCE2JLWTDR4653Q4ONELJF23W6GJNN4MSV7PGMWFCMPXT2SDEGIYWSCP4FB74NTLQAMSDPXISBQYP4IQLLBLSASXELUW3ELBSGRFAXNWYM6ZTCV2EEG4XGJMCQUFB6AYPM6BGC5RYA7GYZ7O7JY3XQQG3DCF5DAGS7NSZOU57PSFSB6S4HJ4K3Q3KXMH2TUIZX2QOFWJJPCDRZBEQRS45IQAF2GDHY6RDZNG3OWQJ3DXHWUA4FTCMVL2PDPPA6T42DKQQK7JRILHJ6L5EKSSVJKUQQEFCP7UIFKE3RMS2XBJAGQLCTZJZYJ5CZPIJNOGBLXDQ%253D&icons=INKeWO9wTq_LcibbRohoEpvV--hnqcsAHBKisWsyJI8AXr_Teybrbe4m-ZcFGFM3b99mnT3A6rCp_8_yhgX0a2seCNI1dvkACt_kuDEJPJfK56YAI7LIPM1SNVlpdIUE9raA0mb4ZfGQXHbyw-VlMCCCT6xK7ngR8BQ7e5UywJpkbYNODGiwHU9wlrLF-wWU0J6zKXrVMW_4YtTZuiM4aOeaCYffojdcunKwVuCyFCUZ_hPgGHYiX8MtK7ag1Zv6jrt0tdQhcJaxvIxCR4J2iM4O8ELCHw49GCxrTqtBYjKg3i16VuJkHpcoDITObuCl-hWqRy7c6kbkrIYQX9W8JKmGQEpoqZpt5RdoXy7RREx8Su4ml7uyFfX3t6E6XUEf03lq84o3tke9aVuOQIxMNZct6siOY5r7fukTq3UPMlIsgb6S64avvY13RqVFmIT92MF2a2msoTLaV7iJFYHF3OXV-un-hPAiiSjXBoiPcVXgPlr4iMS7xvGpTVCoGeoHiMuq27NWr9TMV8ked_RwaxKDi0pbeaIOVEsTd2oSyd3ePzG-uov4EbDABSZKRcQ_qaPmU1TF_bQDegWOwTQ6MqdLqI4XN06EHbLk98A&ext_cid=0&px_id=31560190&min_cpm=0.05986779967415015&out_id=0&campaign_type=mq&aid=3412&cid=12971&uniq=&mid=2745519738323996710&skin_id=71&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.059731043245426274&cpm=0&verify_hash=b0e1759d18290f60742197eb4331f86f&is_native=1&real_bid=0.0027554961897432763&original_bid_usd=0.0031125&original_bid=0.0031125&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,130&need_redirect_show=0&applied_features=main-skins-settings,coef_098&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fi.wmgtr.com%2Fcim%2FKJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png&site=native-push-adult&price=0.0031125&hostname=auc-inpage-hz-2-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000031125&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.05&cpa=51871489-c4e5-40e4-b2ec-337c8a263ef5&prev_step_diff=744 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:09 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.05&cpa=950ca9a4-12b3-4646-8ce4-e19bc08c828e&prev_step_diff=745 | 45.133.44.25 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.05&cpa=950ca9a4-12b3-4646-8ce4-e19bc08c828e&prev_step_diff=745 IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.05&cpa=950ca9a4-12b3-4646-8ce4-e19bc08c828e&prev_step_diff=745 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:09 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Mon, 05 May 2025 13:41:09 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.25 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:09 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Mon, 05 May 2025 13:41:09 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=bd90282d-b8dc-490c-b1ca-c6e07755176b&prev_step_diff=1087 | 45.133.44.25 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=bd90282d-b8dc-490c-b1ca-c6e07755176b&prev_step_diff=1087 IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=bd90282d-b8dc-490c-b1ca-c6e07755176b&prev_step_diff=1087 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:09 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Mon, 05 May 2025 13:41:09 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 69bd97630e.9460a8c99f.com/in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1635306071&sid=4244134629&tcid=0&ver=8.159.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1885&icons=glf0FQOxTP72suz7sQoYNR7xg1gEaaowTAwXumkO5leLvbI-2iqYJ9THqju0NAUprCU3EtFTvulCdR-xyP-7aSsfWxkEfxCk5FzHC3EpQERQ2Vl-AWvVXSDciBApjes8z7_gf9ls5UISG1swQJkn_agkpHxQs_qUGOvtd6Dfj35T0LsIMA&ext_cid=0&px_id=594068&min_cpm=0.003072832744543398&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=199388528788246901&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0011535414331080185&cpm=0&verify_hash=4b383ed4dfc944c8efc0972c45604c44&is_native=4&real_bid=3.089166655719299e-05&original_bid_usd=0.00008229&original_bid=8.229e-05&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-mainstream&price=0.00008229&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000008228999999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=baa7c84d-c9b8-475b-a792-2432859fae36&prev_step_diff=1087 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/269bd97630e.9460a8c99f.com/in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1635306071&sid=4244134629&tcid=0&ver=8.159.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1885&icons=glf0FQOxTP72suz7sQoYNR7xg1gEaaowTAwXumkO5leLvbI-2iqYJ9THqju0NAUprCU3EtFTvulCdR-xyP-7aSsfWxkEfxCk5FzHC3EpQERQ2Vl-AWvVXSDciBApjes8z7_gf9ls5UISG1swQJkn_agkpHxQs_qUGOvtd6Dfj35T0LsIMA&ext_cid=0&px_id=594068&min_cpm=0.003072832744543398&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=199388528788246901&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0011535414331080185&cpm=0&verify_hash=4b383ed4dfc944c8efc0972c45604c44&is_native=4&real_bid=3.089166655719299e-05&original_bid_usd=0.00008229&original_bid=8.229e-05&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-mainstream&price=0.00008229&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000008228999999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=baa7c84d-c9b8-475b-a792-2432859fae36&prev_step_diff=1087 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject9460a8c99f.com Fingerprint00:D5:87:E5:D8:C9:D7:F6:51:6F:7F:1F:D2:C4:2E:AF:60:F0:69:D3 ValidityWed, 01 May 2024 14:01:56 GMT - Tue, 30 Jul 2024 14:01:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1635306071&sid=4244134629&tcid=0&ver=8.159.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1885&icons=glf0FQOxTP72suz7sQoYNR7xg1gEaaowTAwXumkO5leLvbI-2iqYJ9THqju0NAUprCU3EtFTvulCdR-xyP-7aSsfWxkEfxCk5FzHC3EpQERQ2Vl-AWvVXSDciBApjes8z7_gf9ls5UISG1swQJkn_agkpHxQs_qUGOvtd6Dfj35T0LsIMA&ext_cid=0&px_id=594068&min_cpm=0.003072832744543398&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=199388528788246901&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0011535414331080185&cpm=0&verify_hash=4b383ed4dfc944c8efc0972c45604c44&is_native=4&real_bid=3.089166655719299e-05&original_bid_usd=0.00008229&original_bid=8.229e-05&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-mainstream&price=0.00008229&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000008228999999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.05&cpa=baa7c84d-c9b8-475b-a792-2432859fae36&prev_step_diff=1087 HTTP/1.1
Host: 69bd97630e.9460a8c99f.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:09 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 69bd97630e.9460a8c99f.com/in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1635306071&sid=4244134629&tcid=0&ver=8.159.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=&crtid=86d733b882093adde2a284d86ee69d0e&url=https%3A%2F%2Fxml.galaxypush.com%2Fgo%3Fs1%3D278-3888-1689-3396-0-0-5577%26s2%3Dpublisher.com%26s3%3D31594068%26sid%3D65e9ebdae9961953db3092b48d3e55d9%26rnd%3D487027916&icons=LNJZUQlsh4UPpmHO6JbQSyC9IlLdvGxyvBgTxTvwCQ3bWRxSQjvqBkRBpjnwEIjqEmRKR0EgpjeDhOvLDaTb2HwwiggKPIQTE0mmJ9nsA_2-XGG2prMoBXV0UqO9rVeMvN8FwfUteiwv9ROjisYzaoC78_C0xFjQljo&ext_cid=0&px_id=31594068&min_cpm=0.002190568203481267&out_id=0&campaign_type=mq&aid=3431&cid=13195&uniq=&mid=199388528788246901&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0020377396322041864&cpm=0&verify_hash=ad7ddc0129faa3994787b38ae28b5152&is_native=1&real_bid=7.654890364408438e-05&original_bid_usd=0.000141&original_bid=0.000141&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=83,108,0,101&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fs-img.adskeeper.com%2Fg%2F5523126%2F200x200%2F0x154x684x684%2FaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDMvMTAxOTI0LzM0Njc2YmE2NzgxZDU4YzNhMDI2MTQwNzVjMDliNGQ4LmpwZWc.webp%3Fv%3D1714916469-Sr7tF_QtwyItExZVmHB7MYx8ePx391xdWV1It3GtyEU&site=native-push-mainstream&price=0.000141&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000014100000000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.05&cpa=c0fd9e12-affc-4a00-b28e-9135aadb7958&prev_step_diff=1087 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/269bd97630e.9460a8c99f.com/in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1635306071&sid=4244134629&tcid=0&ver=8.159.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=&crtid=86d733b882093adde2a284d86ee69d0e&url=https%3A%2F%2Fxml.galaxypush.com%2Fgo%3Fs1%3D278-3888-1689-3396-0-0-5577%26s2%3Dpublisher.com%26s3%3D31594068%26sid%3D65e9ebdae9961953db3092b48d3e55d9%26rnd%3D487027916&icons=LNJZUQlsh4UPpmHO6JbQSyC9IlLdvGxyvBgTxTvwCQ3bWRxSQjvqBkRBpjnwEIjqEmRKR0EgpjeDhOvLDaTb2HwwiggKPIQTE0mmJ9nsA_2-XGG2prMoBXV0UqO9rVeMvN8FwfUteiwv9ROjisYzaoC78_C0xFjQljo&ext_cid=0&px_id=31594068&min_cpm=0.002190568203481267&out_id=0&campaign_type=mq&aid=3431&cid=13195&uniq=&mid=199388528788246901&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0020377396322041864&cpm=0&verify_hash=ad7ddc0129faa3994787b38ae28b5152&is_native=1&real_bid=7.654890364408438e-05&original_bid_usd=0.000141&original_bid=0.000141&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=83,108,0,101&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fs-img.adskeeper.com%2Fg%2F5523126%2F200x200%2F0x154x684x684%2FaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDMvMTAxOTI0LzM0Njc2YmE2NzgxZDU4YzNhMDI2MTQwNzVjMDliNGQ4LmpwZWc.webp%3Fv%3D1714916469-Sr7tF_QtwyItExZVmHB7MYx8ePx391xdWV1It3GtyEU&site=native-push-mainstream&price=0.000141&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000014100000000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.05&cpa=c0fd9e12-affc-4a00-b28e-9135aadb7958&prev_step_diff=1087 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject9460a8c99f.com Fingerprint00:D5:87:E5:D8:C9:D7:F6:51:6F:7F:1F:D2:C4:2E:AF:60:F0:69:D3 ValidityWed, 01 May 2024 14:01:56 GMT - Tue, 30 Jul 2024 14:01:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916468&subid=1635306071&sid=4244134629&tcid=0&ver=8.159.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=&crtid=86d733b882093adde2a284d86ee69d0e&url=https%3A%2F%2Fxml.galaxypush.com%2Fgo%3Fs1%3D278-3888-1689-3396-0-0-5577%26s2%3Dpublisher.com%26s3%3D31594068%26sid%3D65e9ebdae9961953db3092b48d3e55d9%26rnd%3D487027916&icons=LNJZUQlsh4UPpmHO6JbQSyC9IlLdvGxyvBgTxTvwCQ3bWRxSQjvqBkRBpjnwEIjqEmRKR0EgpjeDhOvLDaTb2HwwiggKPIQTE0mmJ9nsA_2-XGG2prMoBXV0UqO9rVeMvN8FwfUteiwv9ROjisYzaoC78_C0xFjQljo&ext_cid=0&px_id=31594068&min_cpm=0.002190568203481267&out_id=0&campaign_type=mq&aid=3431&cid=13195&uniq=&mid=199388528788246901&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0020377396322041864&cpm=0&verify_hash=ad7ddc0129faa3994787b38ae28b5152&is_native=1&real_bid=7.654890364408438e-05&original_bid_usd=0.000141&original_bid=0.000141&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=83,108,0,101&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fs-img.adskeeper.com%2Fg%2F5523126%2F200x200%2F0x154x684x684%2FaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDMvMTAxOTI0LzM0Njc2YmE2NzgxZDU4YzNhMDI2MTQwNzVjMDliNGQ4LmpwZWc.webp%3Fv%3D1714916469-Sr7tF_QtwyItExZVmHB7MYx8ePx391xdWV1It3GtyEU&site=native-push-mainstream&price=0.000141&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000014100000000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.05&cpa=c0fd9e12-affc-4a00-b28e-9135aadb7958&prev_step_diff=1087 HTTP/1.1
Host: 69bd97630e.9460a8c99f.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:09 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| storage.mbidstorage.com/log/count.html | 104.21.65.172 | 301 Moved Permanently | 633 B |
URL GET HTTP/3storage.mbidstorage.com/log/count.html IP104.21.65.172:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectmbidstorage.com Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95 ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT
Hashde9c17db83b16b8dd0cd7a2dbde0cf2b a782379004bdca90d0d6ce4722d04f850cbfd1e4 de0af197aa1a8534aebc6b1fc14a4a03e32a953d094b65215adc76ef4eadea58
GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 05 May 2024 13:41:09 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTzp2vCNbfi%2BRjqnKe8Reb7nMBm14h0H5w7MZbz84QFYIHBRjvRzKDutD%2Bp8QKq4RuaOJtNITDPAn0WIY9bOzRc4C4nYORri28plkQU6Dp8GMkc7MkKk0htJ1grZCRWjOOUL22UGIIqHTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f1257d2fd056a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 173.194.221.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP173.194.221.84:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:i9-joqwo3bjoG5sgXL6J2gNfjIWnBw:2iplrNO6v9ANELSg; Expires=Tue, 05-May-2026 13:41:09 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 May 2024 13:41:09 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyi6Wz0CrXhrEup26FLsArd7kDaesWvWpWL3uNGy6m5vKSWC_UPZoK2og5EhHqz4xkG_vhBuQ
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-4dyDrtLKJporLYSNUMV1aA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| tracking.eu.antskre.com/rtb/feedimpression?uuid=ceb794ab-f5b3-4cb0-a5bc-93b82ed20d46&s=101&d=136&feedid=e703&rt=1714916468890&sb=0.0031125&db=0.006225&subid=31560190&tokid=null&url=33UD4M74WKMZBIVYTJCKPWFUUBWD4LES4WOBDSIEPJFNXFW4OE5AMPSMB36TV4TIVUQKMEQNDRYLAWBZ5M7LXEQ3PFE3HYXBSG2CNB7F4GGWYTBC3RJN73ZVXCYC4SBVQIKQEQPTMOHRIZI3LX7OOPPAGRHHDMJSC7CAPE6PIVJX6P4GATCQ%3D%3D%3D%3D&i=88d0bd&u=d27150&g=NO&ad=&sp=&spv=&sm=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.05&cpa=a77a55ad-0bf5-4ffb-aeb7-a184752a48cd&prev_step_diff=744 | 138.68.123.32 | 302 Found | 0 B |
URL GET HTTP/1.1tracking.eu.antskre.com/rtb/feedimpression?uuid=ceb794ab-f5b3-4cb0-a5bc-93b82ed20d46&s=101&d=136&feedid=e703&rt=1714916468890&sb=0.0031125&db=0.006225&subid=31560190&tokid=null&url=33UD4M74WKMZBIVYTJCKPWFUUBWD4LES4WOBDSIEPJFNXFW4OE5AMPSMB36TV4TIVUQKMEQNDRYLAWBZ5M7LXEQ3PFE3HYXBSG2CNB7F4GGWYTBC3RJN73ZVXCYC4SBVQIKQEQPTMOHRIZI3LX7OOPPAGRHHDMJSC7CAPE6PIVJX6P4GATCQ%3D%3D%3D%3D&i=88d0bd&u=d27150&g=NO&ad=&sp=&spv=&sm=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.05&cpa=a77a55ad-0bf5-4ffb-aeb7-a184752a48cd&prev_step_diff=744 IP138.68.123.32:443 ASN#14061 DIGITALOCEAN-ASN
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject*.eu.aneorwd.com FingerprintCD:A6:81:96:85:76:60:87:7E:56:86:CC:F2:9D:E1:B5:8B:3B:8D:F8 ValidityThu, 07 Mar 2024 07:43:45 GMT - Wed, 05 Jun 2024 07:43:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rtb/feedimpression?uuid=ceb794ab-f5b3-4cb0-a5bc-93b82ed20d46&s=101&d=136&feedid=e703&rt=1714916468890&sb=0.0031125&db=0.006225&subid=31560190&tokid=null&url=33UD4M74WKMZBIVYTJCKPWFUUBWD4LES4WOBDSIEPJFNXFW4OE5AMPSMB36TV4TIVUQKMEQNDRYLAWBZ5M7LXEQ3PFE3HYXBSG2CNB7F4GGWYTBC3RJN73ZVXCYC4SBVQIKQEQPTMOHRIZI3LX7OOPPAGRHHDMJSC7CAPE6PIVJX6P4GATCQ%3D%3D%3D%3D&i=88d0bd&u=d27150&g=NO&ad=&sp=&spv=&sm=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.05&cpa=a77a55ad-0bf5-4ffb-aeb7-a184752a48cd&prev_step_diff=744 HTTP/1.1
Host: tracking.eu.antskre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
referrer-policy: no-referrer
location: https://zarrag.xyz/dsp/ph/icm?aid=8560160511805310893&mid=0&sid=610&t=1714916468&subid=570331560190
content-length: 0
date: Sun, 05 May 2024 13:41:09 GMT
|
|
| accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyi6Wz0CrXhrEup26FLsArd7kDaesWvWpWL3uNGy6m5vKSWC_UPZoK2og5EhHqz4xkG_vhBuQ | 173.194.221.84 | 302 Found | 427 B |
URL GET HTTP/2accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyi6Wz0CrXhrEup26FLsArd7kDaesWvWpWL3uNGy6m5vKSWC_UPZoK2og5EhHqz4xkG_vhBuQ IP173.194.221.84:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
File typeHTML document, ASCII text, with very long lines (405) Hash39b209ee66f08f663ca5f3dc383de2e9 18ea246a5c981e780838d4e713c61ad3146d4f67 0d264652c3d97c9511091ad732b484582de3c5d4a412f9af6defcbef4c2de362
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyi6Wz0CrXhrEup26FLsArd7kDaesWvWpWL3uNGy6m5vKSWC_UPZoK2og5EhHqz4xkG_vhBuQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:GF57Ot6BGw2mg0diCoIfIRD1oSt3Wg:kawLGMFZ6P-5JhoZ;Path=/;Expires=Tue, 05-May-2026 13:41:09 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 May 2024 13:41:09 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQz1J5Weh2aoHjwjEJIUqEQsrfj_2uNF6WZyX-rg6cAe1iqJWy1io3YyviwABdu4u57MDQlSLQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1023416554%3A1714916469765320&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-TNnOpjEzAGHvCBLSB-zTBw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 427
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| zarrag.xyz/dsp/ph/icm?aid=8560160511805310893&mid=0&sid=610&t=1714916468&subid=570331560190 | 31.220.27.102 | 302 Found | 0 B |
URL GET HTTP/2zarrag.xyz/dsp/ph/icm?aid=8560160511805310893&mid=0&sid=610&t=1714916468&subid=570331560190 IP31.220.27.102:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectzarrag.xyz Fingerprint68:95:5B:82:88:0B:01:7A:A1:7C:DA:40:29:11:FC:75:C6:9A:F9:BD ValidityWed, 01 May 2024 08:54:02 GMT - Tue, 30 Jul 2024 08:54:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /dsp/ph/icm?aid=8560160511805310893&mid=0&sid=610&t=1714916468&subid=570331560190 HTTP/1.1
Host: zarrag.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:09 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
location: https://i.wmgtr.com/cic/uwe0gwF2RXoswvsh6KyW-iimZos3_6ts.png
X-Firefox-Spdy: h2
|
|
| csbi1gfxo3bs.s4.adsco.re/ |  185.200.116.51 | 200 OK | 0 B |
URL POST HTTP/2csbi1gfxo3bs.s4.adsco.re/ IP185.200.116.51:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject*.s4.adsco.re Fingerprint6C:EA:F6:8F:57:34:25:F9:39:76:98:E0:61:B8:C8:86:AD:CC:68:0A ValidityFri, 19 Apr 2024 09:12:40 GMT - Thu, 18 Jul 2024 09:12:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: csbi1gfxo3bs.s4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:09 GMT
content-type: text/html
content-length: 0
last-modified: Tue, 03 Oct 2023 13:29:59 GMT
etag: "651c1757-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| storage.mbidstorage.com/log/count.html | 104.21.65.172 | 301 Moved Permanently | 665 B |
URL GET HTTP/3storage.mbidstorage.com/log/count.html IP104.21.65.172:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectmbidstorage.com Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95 ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT
Hash36cde65989001452e4fac12b27551c2f d106e411b1ccb1636933c25c36a5d6dec4babbcf af2adc841d1a80aa97b6300f1c4a815fd3b6232e028d7e6dda5116262c752556
GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 05 May 2024 13:41:09 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SyAK%2F0mrT%2FrKTnxozs%2BqMueQRHpBP4DYYs%2FKfZWsgW%2F8GWIgqenoLjkiVH4z9VappGFNZONa6NjUExyj38P3jol5rLPYbhbnvwuyy9NGU1r3Huez4F%2FLMnz7jPjakudMl2LAnpKsj1k9QA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f1257f5a9256a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| storage.mbidstorage.com/log/count.html | 104.21.65.172 | 301 Moved Permanently | 827 B |
URL GET HTTP/3storage.mbidstorage.com/log/count.html IP104.21.65.172:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectmbidstorage.com Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95 ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT
Hasha198e8b6062ce3a71d825af50bb903f7 73970fa36a38ff31f413823bd8a986d7fb4f5af9 d38d79085dcc20fd7d7690fbb72f551f6f890802155cd479f61cc489292d0ff4
GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 05 May 2024 13:41:09 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F68Rz%2BGTfSR%2Fl06thDXstoiXrpD8DsJ0VqtXqYUhGY2dMfqeCJTFHPbMevu3OoJAy23mokOXAE75odgSxy16NJnjAzj7VJcpFWYi2v3gea7q0r1wooILVOt3bXoQ%2FioRyvAfoGaDpi4psw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f125808c0356a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| mcpuwpsh.com/get/ | 94.130.197.240 | 200 OK | 6.4 kB |
IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92 ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hash5f1ce0f89a4e3242e0b4f2a3b3b9cbad 77793e6f33c9129e3b8b106731c1322bf6e057d0 6dc5f0a94f04baee79dc2074ebedc04d638708735d8a276c6bc7cdbfe00dbb17
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1409
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Sun, 05 May 2024 13:41:10 GMT
content-type: application/json
content-length: 6416
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mcpuwpsh.com/get/ | 94.130.197.240 | 200 OK | 6.4 kB |
IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92 ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hash64f438759f1cdab4e72b01840e11a484 c72dcca45a121e8ed9ab160c95a597b0f2c787e7 e118ca0ee77d84d37f6a1573914a670e9b0d6a16fc7a6b0f62fe45e65a647100
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1408
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Sun, 05 May 2024 13:41:10 GMT
content-type: application/json
content-length: 6401
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| bid.onclckpop.com/get/ | 94.130.197.240 | 200 OK | 6.6 kB |
IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92 ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hash4815c5fb6e557952861eb8e70d726d8a adc41f1c913223d3d7b6ec80040621fc18b6b42d fab5820ef56dc714e9e121dabde81e4434dbd9806e9d862c26cf8dd69d506d0f
POST /get/ HTTP/1.1
Host: bid.onclckpop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1531
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Sun, 05 May 2024 13:41:11 GMT
content-type: application/json
content-length: 6635
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| storage.mbidstorage.com/log/count.html | 104.21.65.172 | 301 Moved Permanently | 367 B |
URL GET HTTP/3storage.mbidstorage.com/log/count.html IP104.21.65.172:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectmbidstorage.com Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95 ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT
Hashc641da1164310c0bf1f7e1f68efdddf3 4cb587b8e280e4d2951aefa8c4a0b425b879b279 6b55bf0e403aef2a967b74e0e5b89f27fd851cc69a969e8b9aacd6dd06343438
GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 05 May 2024 13:41:09 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8P%2BLIEeamoVcCaGfkKcy5f7GLOIf0YDOCA6zttV2iggrAg4tnLbnt0Mi8cJhXh8iqkSzdnk3GHpdZtxbMqoqdL8zMlvI%2BDux4THG0Is8Gou1d0WbvpRRqC6LvqEdi1CG9VAosAoctR%2FTDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f1257db88a56a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 69bd97630e.9460a8c99f.com/in/multy | 168.119.25.102 | 200 OK | 0 B |
URL POST HTTP/269bd97630e.9460a8c99f.com/in/multy IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject9460a8c99f.com Fingerprint00:D5:87:E5:D8:C9:D7:F6:51:6F:7F:1F:D2:C4:2E:AF:60:F0:69:D3 ValidityWed, 01 May 2024 14:01:56 GMT - Tue, 30 Jul 2024 14:01:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
OPTIONS /in/multy HTTP/1.1
Host: 69bd97630e.9460a8c99f.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:13 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| i.wmgtr.com/cic/uwe0gwF2RXoswvsh6KyW-iimZos3_6ts.png | 45.133.44.32 | 200 OK | 13 kB |
URL GET HTTP/2i.wmgtr.com/cic/uwe0gwF2RXoswvsh6KyW-iimZos3_6ts.png IP45.133.44.32:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjecti.wmgtr.com FingerprintC3:69:C8:AD:52:95:77:79:3A:41:14:93:DE:ED:EA:B0:DA:18:DE:0E ValiditySat, 20 Apr 2024 03:01:12 GMT - Fri, 19 Jul 2024 03:01:11 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2022:08:30 20:15:26], baseline, precision 8, 192x192, components 3 Hash47a01952086fc563140600937f1cfe58 6ce721ef10c9299d95613a32b1d1f201e20d6b3c 4db017b689878a5b038bf012414b30d924ed1c78475ade9f44d9737195df62ba
GET /cic/uwe0gwF2RXoswvsh6KyW-iimZos3_6ts.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:10 GMT
content-type: image/jpeg
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
cache-control: max-age=82800
expires: Mon, 06 May 2024 12:41:10 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| 69bd97630e.9460a8c99f.com/in/multy | 168.119.25.102 | 200 OK | 4.3 kB |
URL POST HTTP/269bd97630e.9460a8c99f.com/in/multy IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject9460a8c99f.com Fingerprint00:D5:87:E5:D8:C9:D7:F6:51:6F:7F:1F:D2:C4:2E:AF:60:F0:69:D3 ValidityWed, 01 May 2024 14:01:56 GMT - Tue, 30 Jul 2024 14:01:55 GMT
Hash7e102468f1ee93505458798423c7d13f 82f579b07bf91bc2063d8ecb92d35766c9ac76f9 365ad356a57a549786795abacc2c2062124423e0286c507e59ede161c60142d8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /in/multy HTTP/1.1
Host: 69bd97630e.9460a8c99f.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2609
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:13 GMT
content-type: application/json
content-length: 4302
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=c60c9b4b-4c70-4d5f-9911-b5bb8c893c28&prev_step_diff=614 | 45.133.44.25 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=c60c9b4b-4c70-4d5f-9911-b5bb8c893c28&prev_step_diff=614 IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=c60c9b4b-4c70-4d5f-9911-b5bb8c893c28&prev_step_diff=614 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:14 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Mon, 05 May 2025 13:41:14 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 69bd97630e.9460a8c99f.com/in/show/?tag_ab=c&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916473&subid=1511354673&sid=4087117001&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=56.771140710931384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&icons=_2KiavVPrp8A5AUKDlHnlHe72v3uRXtewN9eWPy9-s09NrGkZeHDyIGgQFKMVXknGXiI4dZLEMXJSa8GLkBOtWwZnEbGPB0VR2982M2w8faSZQwmdiKYAQMBo77M7CpOySjjW-j5wnYu6G56R38K9AIZQqAzwkclAanP3TCU_ILF5WRphQ&ext_cid=0&px_id=529500&min_cpm=0.008617083575409377&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=8556402097469408107&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0032445030971128964&cpm=0&verify_hash=336817b8c19e693c73dbfd373303d848&is_native=4&real_bid=0.0010398744305663975&original_bid_usd=0.002761805&original_bid=0.002761805&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=3&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002761805&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000027618050000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=fec3e824-2b6e-40e9-9d42-40ff4acb4b89&prev_step_diff=615 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/269bd97630e.9460a8c99f.com/in/show/?tag_ab=c&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916473&subid=1511354673&sid=4087117001&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=56.771140710931384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&icons=_2KiavVPrp8A5AUKDlHnlHe72v3uRXtewN9eWPy9-s09NrGkZeHDyIGgQFKMVXknGXiI4dZLEMXJSa8GLkBOtWwZnEbGPB0VR2982M2w8faSZQwmdiKYAQMBo77M7CpOySjjW-j5wnYu6G56R38K9AIZQqAzwkclAanP3TCU_ILF5WRphQ&ext_cid=0&px_id=529500&min_cpm=0.008617083575409377&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=8556402097469408107&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0032445030971128964&cpm=0&verify_hash=336817b8c19e693c73dbfd373303d848&is_native=4&real_bid=0.0010398744305663975&original_bid_usd=0.002761805&original_bid=0.002761805&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=3&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002761805&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000027618050000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=fec3e824-2b6e-40e9-9d42-40ff4acb4b89&prev_step_diff=615 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject9460a8c99f.com Fingerprint00:D5:87:E5:D8:C9:D7:F6:51:6F:7F:1F:D2:C4:2E:AF:60:F0:69:D3 ValidityWed, 01 May 2024 14:01:56 GMT - Tue, 30 Jul 2024 14:01:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /in/show/?tag_ab=c&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916473&subid=1511354673&sid=4087117001&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=56.771140710931384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&icons=_2KiavVPrp8A5AUKDlHnlHe72v3uRXtewN9eWPy9-s09NrGkZeHDyIGgQFKMVXknGXiI4dZLEMXJSa8GLkBOtWwZnEbGPB0VR2982M2w8faSZQwmdiKYAQMBo77M7CpOySjjW-j5wnYu6G56R38K9AIZQqAzwkclAanP3TCU_ILF5WRphQ&ext_cid=0&px_id=529500&min_cpm=0.008617083575409377&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=8556402097469408107&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0032445030971128964&cpm=0&verify_hash=336817b8c19e693c73dbfd373303d848&is_native=4&real_bid=0.0010398744305663975&original_bid_usd=0.002761805&original_bid=0.002761805&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=3&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002761805&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000027618050000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.13&cpa=fec3e824-2b6e-40e9-9d42-40ff4acb4b89&prev_step_diff=615 HTTP/1.1
Host: 69bd97630e.9460a8c99f.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:14 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 69bd97630e.9460a8c99f.com/in/show/?tag_ab=c&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916473&subid=1511354673&sid=4087117001&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=56.771140710931384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DRTAWTbxVFInx6SoJgkRIjXcQCE6AH1YTfAXb_2noRDhU_8QGhlc7VP1YzCiD52wBotCt8l8S9CS646lhc7_OvACJEc_jygwcpPWcFTesVpDYq5VkMAEqQ5AAcBmL4s6e5vlbCmyUorBxvJgbbpH5M1_3GS1W0NjnMY7enu2SUd0s2v425szh8Z3paOCEuPCtqpo_apAVk-EP8CMonGPse8VA06Qo3kHTy66gLCfiyegeiTZoeOdSoznqVa0GQmk8RcX6sVQ7TKwvDDXFv49NgtGuQ6ANXG9xJAR9Qa068Afc7wug8jdqof3sQ1l7QDxRsHxMj_WcRbABZPRGkBz_jrtNbKR8LMuGHd1_edYUcw6_nMRop8TfG8tW62xAHQNZPphVk2CY8EHKe4W_qhvcm711LNZZCl50jMXVCKjZf1rvKwVEoFOQ_8zTVP-0qT7LergnLK76_eEF5tAE5QYA9bpvvtBV0xnUFfMClVBnlKJ6-LlJqvYIgBYId8PcgMfRLFvoZgqlHciuma_IS2Eb84BxMtexsBEijkMPyLZFkaOfEXmKvtmokNncks_ELyklAasOvRcB&icons=RuRWEXGIz920bFA9ACoTMf_9FZWX8Y9kohPzNjgDkEkcU7BAaVcm8IU9yixMD9Gi0jbmnTwG6sD2YwhiFQHO2k6ThXfXyLgEA2uSKN-1QXiYObk65vYVrkAmuNbFc4V6vrdtSrkEOMbkpX-QNAuOWgbLij_xa0_ufHp-LzB-Aa2dA9nZPcQ0RWDglRU7eoWlGGaZFHm5L0C3haKc9YxSLDal1QydzSKDIE-WHEzgqxeCrlK31x106VzoqxixbWTQDDjVrppfzur4XoQP4Pm7HoZyJdObCLIuUy68RmYltxt0oZP5a34IiIAOLGnT-q-V9PIykjuzgnkQpPPLHgNcyJ6pqskjoq4--xTZBNoy7v3CnNhauDzlEkHSW7rWIc8V-YUMFiYJKe57F1HBNHQZYKmfAzerKhN_LipZFaiYn-LJuJYha_zNyGl9tARHsfO2AJLRMeu4anoxJ_3IpB-36GsURWE5UJuRs39z5jaG9mSMRHMH7lO-7Sh3LEKDVp2dh7mzPXWvTf_4yhdGL4q7mvqqiEK1XGz5JsTZkQIetM-4b2aYclVAgH_xyhwGqy0pkTflYkJmoaCBlmtiIvRupQGxTHckCXKNUGS82xpmrUhSY3A5y3S9MmWmIjO-R-c2s5_XIoRPsvvUBL4kexaU7tKcCVAj8VOYK1VTZt1lQzwPHN4eDjvDHzUND9DrqXo3bovIoEc&ext_cid=0&px_id=31529500&min_cpm=0.04101191100939118&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=8556402097469408107&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.04783452217629315&cpm=0&verify_hash=ef50f0a1df72852ccdcbae6d699ae2f7&is_native=1&real_bid=0.00322125010192395&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93,81&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=3&expiration_timestamp=1714974073&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000375&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&st=0.13&cpa=170c4d42-79df-46e3-88cf-515d20bf2c84&prev_step_diff=614 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/269bd97630e.9460a8c99f.com/in/show/?tag_ab=c&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916473&subid=1511354673&sid=4087117001&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=56.771140710931384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DRTAWTbxVFInx6SoJgkRIjXcQCE6AH1YTfAXb_2noRDhU_8QGhlc7VP1YzCiD52wBotCt8l8S9CS646lhc7_OvACJEc_jygwcpPWcFTesVpDYq5VkMAEqQ5AAcBmL4s6e5vlbCmyUorBxvJgbbpH5M1_3GS1W0NjnMY7enu2SUd0s2v425szh8Z3paOCEuPCtqpo_apAVk-EP8CMonGPse8VA06Qo3kHTy66gLCfiyegeiTZoeOdSoznqVa0GQmk8RcX6sVQ7TKwvDDXFv49NgtGuQ6ANXG9xJAR9Qa068Afc7wug8jdqof3sQ1l7QDxRsHxMj_WcRbABZPRGkBz_jrtNbKR8LMuGHd1_edYUcw6_nMRop8TfG8tW62xAHQNZPphVk2CY8EHKe4W_qhvcm711LNZZCl50jMXVCKjZf1rvKwVEoFOQ_8zTVP-0qT7LergnLK76_eEF5tAE5QYA9bpvvtBV0xnUFfMClVBnlKJ6-LlJqvYIgBYId8PcgMfRLFvoZgqlHciuma_IS2Eb84BxMtexsBEijkMPyLZFkaOfEXmKvtmokNncks_ELyklAasOvRcB&icons=RuRWEXGIz920bFA9ACoTMf_9FZWX8Y9kohPzNjgDkEkcU7BAaVcm8IU9yixMD9Gi0jbmnTwG6sD2YwhiFQHO2k6ThXfXyLgEA2uSKN-1QXiYObk65vYVrkAmuNbFc4V6vrdtSrkEOMbkpX-QNAuOWgbLij_xa0_ufHp-LzB-Aa2dA9nZPcQ0RWDglRU7eoWlGGaZFHm5L0C3haKc9YxSLDal1QydzSKDIE-WHEzgqxeCrlK31x106VzoqxixbWTQDDjVrppfzur4XoQP4Pm7HoZyJdObCLIuUy68RmYltxt0oZP5a34IiIAOLGnT-q-V9PIykjuzgnkQpPPLHgNcyJ6pqskjoq4--xTZBNoy7v3CnNhauDzlEkHSW7rWIc8V-YUMFiYJKe57F1HBNHQZYKmfAzerKhN_LipZFaiYn-LJuJYha_zNyGl9tARHsfO2AJLRMeu4anoxJ_3IpB-36GsURWE5UJuRs39z5jaG9mSMRHMH7lO-7Sh3LEKDVp2dh7mzPXWvTf_4yhdGL4q7mvqqiEK1XGz5JsTZkQIetM-4b2aYclVAgH_xyhwGqy0pkTflYkJmoaCBlmtiIvRupQGxTHckCXKNUGS82xpmrUhSY3A5y3S9MmWmIjO-R-c2s5_XIoRPsvvUBL4kexaU7tKcCVAj8VOYK1VTZt1lQzwPHN4eDjvDHzUND9DrqXo3bovIoEc&ext_cid=0&px_id=31529500&min_cpm=0.04101191100939118&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=8556402097469408107&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.04783452217629315&cpm=0&verify_hash=ef50f0a1df72852ccdcbae6d699ae2f7&is_native=1&real_bid=0.00322125010192395&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93,81&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=3&expiration_timestamp=1714974073&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000375&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&st=0.13&cpa=170c4d42-79df-46e3-88cf-515d20bf2c84&prev_step_diff=614 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject9460a8c99f.com Fingerprint00:D5:87:E5:D8:C9:D7:F6:51:6F:7F:1F:D2:C4:2E:AF:60:F0:69:D3 ValidityWed, 01 May 2024 14:01:56 GMT - Tue, 30 Jul 2024 14:01:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /in/show/?tag_ab=c&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&refdom=www.amdahost.com&auction_time=1714916473&subid=1511354673&sid=4087117001&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-05&iabcat=IAB25-3&keywords=adult&user_fp=8813937839896526330&score=56.771140710931384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253D4052ec577a%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DRTAWTbxVFInx6SoJgkRIjXcQCE6AH1YTfAXb_2noRDhU_8QGhlc7VP1YzCiD52wBotCt8l8S9CS646lhc7_OvACJEc_jygwcpPWcFTesVpDYq5VkMAEqQ5AAcBmL4s6e5vlbCmyUorBxvJgbbpH5M1_3GS1W0NjnMY7enu2SUd0s2v425szh8Z3paOCEuPCtqpo_apAVk-EP8CMonGPse8VA06Qo3kHTy66gLCfiyegeiTZoeOdSoznqVa0GQmk8RcX6sVQ7TKwvDDXFv49NgtGuQ6ANXG9xJAR9Qa068Afc7wug8jdqof3sQ1l7QDxRsHxMj_WcRbABZPRGkBz_jrtNbKR8LMuGHd1_edYUcw6_nMRop8TfG8tW62xAHQNZPphVk2CY8EHKe4W_qhvcm711LNZZCl50jMXVCKjZf1rvKwVEoFOQ_8zTVP-0qT7LergnLK76_eEF5tAE5QYA9bpvvtBV0xnUFfMClVBnlKJ6-LlJqvYIgBYId8PcgMfRLFvoZgqlHciuma_IS2Eb84BxMtexsBEijkMPyLZFkaOfEXmKvtmokNncks_ELyklAasOvRcB&icons=RuRWEXGIz920bFA9ACoTMf_9FZWX8Y9kohPzNjgDkEkcU7BAaVcm8IU9yixMD9Gi0jbmnTwG6sD2YwhiFQHO2k6ThXfXyLgEA2uSKN-1QXiYObk65vYVrkAmuNbFc4V6vrdtSrkEOMbkpX-QNAuOWgbLij_xa0_ufHp-LzB-Aa2dA9nZPcQ0RWDglRU7eoWlGGaZFHm5L0C3haKc9YxSLDal1QydzSKDIE-WHEzgqxeCrlK31x106VzoqxixbWTQDDjVrppfzur4XoQP4Pm7HoZyJdObCLIuUy68RmYltxt0oZP5a34IiIAOLGnT-q-V9PIykjuzgnkQpPPLHgNcyJ6pqskjoq4--xTZBNoy7v3CnNhauDzlEkHSW7rWIc8V-YUMFiYJKe57F1HBNHQZYKmfAzerKhN_LipZFaiYn-LJuJYha_zNyGl9tARHsfO2AJLRMeu4anoxJ_3IpB-36GsURWE5UJuRs39z5jaG9mSMRHMH7lO-7Sh3LEKDVp2dh7mzPXWvTf_4yhdGL4q7mvqqiEK1XGz5JsTZkQIetM-4b2aYclVAgH_xyhwGqy0pkTflYkJmoaCBlmtiIvRupQGxTHckCXKNUGS82xpmrUhSY3A5y3S9MmWmIjO-R-c2s5_XIoRPsvvUBL4kexaU7tKcCVAj8VOYK1VTZt1lQzwPHN4eDjvDHzUND9DrqXo3bovIoEc&ext_cid=0&px_id=31529500&min_cpm=0.04101191100939118&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=8556402097469408107&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.04783452217629315&cpm=0&verify_hash=ef50f0a1df72852ccdcbae6d699ae2f7&is_native=1&real_bid=0.00322125010192395&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93,81&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=3&expiration_timestamp=1714974073&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000375&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&st=0.13&cpa=170c4d42-79df-46e3-88cf-515d20bf2c84&prev_step_diff=614 HTTP/1.1
Host: 69bd97630e.9460a8c99f.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:14 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| imgsdn.com/ie?v=4&c=IWO_pTDGKb09EUOwYJ5T9PfYKrkA5pF-UsPUVlCWltbKMBIZf-u5MsDdy4OXATkWeGqjMZfC_sPCQ4d2XbIkd3FT2SVcw8f5LbJIjlIbWRD6n0GfYeLDilVNnGt5YjjNwpfgLtPxbGyqm7qV6smcHqzo1u5AKvgWgr-06EQjuCUuLnYzS4Y4ILXVDnb05uF9vSrVh261dJGRT9L2Dx9Kn6A67X5DerItfh3QcXJpEXevNyBdvxaG6Br2D8KGnBTPGNCRmxFxf3YoLw0al39c7uNSz66J9H2M-j0nWU_GiynoC6w5xtqhgI5ocQ9FPRSzliFZDDN0_Cg8TNrBQM8F5GIMqyPzOwmCY9dcWyM-FeZU-uPFA4PosB0_Y9tpMqT8KX_j3lsOu3z_lv9PKVkQRjYEOP-3gTrp5ozNozRcz91TDmrp3gWqof1UYEq0pA==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&st=0.13&cpa=924d4570-e13a-4bc7-9285-ad2398331e3c&prev_step_diff=614 | 138.201.194.90 | 301 Moved Permanently | 0 B |
URL GET HTTP/1.1imgsdn.com/ie?v=4&c=IWO_pTDGKb09EUOwYJ5T9PfYKrkA5pF-UsPUVlCWltbKMBIZf-u5MsDdy4OXATkWeGqjMZfC_sPCQ4d2XbIkd3FT2SVcw8f5LbJIjlIbWRD6n0GfYeLDilVNnGt5YjjNwpfgLtPxbGyqm7qV6smcHqzo1u5AKvgWgr-06EQjuCUuLnYzS4Y4ILXVDnb05uF9vSrVh261dJGRT9L2Dx9Kn6A67X5DerItfh3QcXJpEXevNyBdvxaG6Br2D8KGnBTPGNCRmxFxf3YoLw0al39c7uNSz66J9H2M-j0nWU_GiynoC6w5xtqhgI5ocQ9FPRSzliFZDDN0_Cg8TNrBQM8F5GIMqyPzOwmCY9dcWyM-FeZU-uPFA4PosB0_Y9tpMqT8KX_j3lsOu3z_lv9PKVkQRjYEOP-3gTrp5ozNozRcz91TDmrp3gWqof1UYEq0pA==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&st=0.13&cpa=924d4570-e13a-4bc7-9285-ad2398331e3c&prev_step_diff=614 IP138.201.194.90:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnimrute.com FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4 ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=IWO_pTDGKb09EUOwYJ5T9PfYKrkA5pF-UsPUVlCWltbKMBIZf-u5MsDdy4OXATkWeGqjMZfC_sPCQ4d2XbIkd3FT2SVcw8f5LbJIjlIbWRD6n0GfYeLDilVNnGt5YjjNwpfgLtPxbGyqm7qV6smcHqzo1u5AKvgWgr-06EQjuCUuLnYzS4Y4ILXVDnb05uF9vSrVh261dJGRT9L2Dx9Kn6A67X5DerItfh3QcXJpEXevNyBdvxaG6Br2D8KGnBTPGNCRmxFxf3YoLw0al39c7uNSz66J9H2M-j0nWU_GiynoC6w5xtqhgI5ocQ9FPRSzliFZDDN0_Cg8TNrBQM8F5GIMqyPzOwmCY9dcWyM-FeZU-uPFA4PosB0_Y9tpMqT8KX_j3lsOu3z_lv9PKVkQRjYEOP-3gTrp5ozNozRcz91TDmrp3gWqof1UYEq0pA==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&st=0.13&cpa=924d4570-e13a-4bc7-9285-ad2398331e3c&prev_step_diff=614 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Sun, 05 May 2024 13:41:13 GMT
content-length: 0
location: https://img.vmmcdn.com/get/19802132/551816_icon.png
x-app-id: 14
|
|
| img.vmmcdn.com/get/36870469/551816_image.jpg | 46.4.121.113 | 200 OK | 12 kB |
URL GET HTTP/2img.vmmcdn.com/get/36870469/551816_image.jpg IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3 Hashee921bcd225785444d8ab128ca1d0941 e92f5588c738df6912e3658d883aeb66b486560b 4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c
GET /get/36870469/551816_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.1
date: Sun, 05 May 2024 13:41:14 GMT
content-type: image/jpeg
content-length: 12075
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-2f2b"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| img.vmmcdn.com/get/19802132/551816_icon.png | 46.4.121.113 | 200 OK | 23 kB |
URL GET HTTP/2img.vmmcdn.com/get/19802132/551816_icon.png IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash4d5759f010e127f070785e4925447047 22919607ad63be452b8a5aa4324a7d1c2855b074 6d1b78db1808b279554f122373ff2fd4e448313c41d199d92a929e31d2825931
GET /get/19802132/551816_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Sun, 05 May 2024 13:41:14 GMT
content-type: image/png
content-length: 23172
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-5a84"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/css/root.css | 172.67.183.69 | 200 OK | 9.4 kB |
URL GET HTTP/3www.amdahost.com/css/root.css IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
File typeASCII text, with very long lines (3175), with no line terminators Hashb29e82a0b6fab49b186f1878409b49cf 632d7a94b851c7c879e29825bee06920d7b5cb99 5b7746d8aa2c0a8a908f6a5df646167afb319fc1d2a6ec08d275e195a275afdf
GET /css/root.css HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=4052ec577a
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:41:04 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=6128
last-modified: Tue, 27 Feb 2024 08:09:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 43
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CnyfNNb%2BGEy48GpuaZdLOs%2Flp6RU0IM7iTdPnzddnd2YdMuvr%2BnJflEQedRLM6WoPErJl67t%2BGYZZl2JsU%2BmzQze8YNT3OX4q0E0SG%2Fao6QWiZaq9ZF1O1IdTebqB0UrCMvM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f1255faba35697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| storage.mbidstorage.com/log/count.html | 104.21.65.172 | 301 Moved Permanently | 6.7 kB |
URL GET HTTP/3storage.mbidstorage.com/log/count.html IP104.21.65.172:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectmbidstorage.com Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95 ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT
Hashbb97d3ed64a3326b82d12ffd0b5db714 6c60c1f60c4f8eb37c2a1706ef35cdd8a7536c8c 7f543dafbfab09e45c80d8e4535254ab472c5d3e6790fae1f3833c3aec5e6938
GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 05 May 2024 13:41:09 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JuXfVKgpquxw%2FZHhC%2Bj7Lf%2FNCctTxHvMn7Mz5o1L9%2FR3kuLCieYPLWqsbCuV7osYMgG50jRvRWeK%2BZ7MD2fkXIt0GhxakiMP%2FLc1FinMKloJ%2FHZzVAKpu3r3CiazP46pkwg5QeNjkcFtXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f125809c1656a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.amdahost.com/cdn-cgi/rum? | 172.67.183.69 | 204 No Content | 0 B |
URL POST HTTP/3www.amdahost.com/cdn-cgi/rum? IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 520
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=4052ec577a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 204 No Content
date: Sun, 05 May 2024 13:41:31 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87f126054db15697-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| cdn.fluidplayer.com/v3/current/fluidplayer.min.js |  185.76.9.17 | 200 OK | 233 kB |
URL GET HTTP/2cdn.fluidplayer.com/v3/current/fluidplayer.min.js IP185.76.9.17:443 ASN#60068 Datacamp Limited
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectfluidplayer.com FingerprintCD:21:BA:85:8A:CA:A4:37:0F:0A:BD:F7:50:25:DA:75:9E:D3:FB:76 ValidityMon, 26 Feb 2024 13:51:53 GMT - Sun, 26 May 2024 13:51:52 GMT
File typeJavaScript source, ASCII text, with very long lines (65463) Size233 kB (232616 bytes) Hash9829e8e730a9125e695789512d85177a e20a0d55ab1722ef3ad13741a2b8975413d43909 7c38ede4727de973827091514a83d24a039bda1d0d4cac219eb20571a2cc3698
GET /v3/current/fluidplayer.min.js HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 13:23:13 GMT
etag: W/"65fc34c1-38ca8"
expires: Fri, 22 Mar 2024 21:42:05 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-77-nzt: EwwBuUwJDQHXl+AAAAwBuUwKDAH3AAAAAAwBJRPCMQH3AAAAAA
x-77-nzt-ray: c0a4cc28e535afc6708c37660449e72d
x-accel-expires: @1714945369
x-accel-date: 1714858969
x-77-cache: HIT
x-77-age: 57495
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 57495
x-77-pop: stockholmSE
X-Firefox-Spdy: h2
|
|
| storage.multstorage.com/log/count.html | 104.21.30.242 | 200 OK | 882 B |
URL GET HTTP/2storage.multstorage.com/log/count.html IP104.21.30.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectmultstorage.com Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT
File typeHTML document, ASCII text, with very long lines (919), with no line terminators Hash053b1fe641da8057571d40ebaf1624ab 09b2648b7d08c84621298f0b939cea5170a65022 6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 3f9a1763f58c4d6bc3c525c881673c72
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yj9IRH%2FE90wd9MhZLDsjT9o4UayC7GEcwCsvj06D%2FfBH5p9NnLtdHvqKNjLNuqG9Tis2pl%2Fj09Syx4wOwZQ1tKvTDbxwxPc7BwuKQS0tsGwKT%2FdX8enVsje56l%2FGvBo2cSc4RTic90mrEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f12575f9675697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| js.mbidpp.com/popunder-admanager/build.m.js | 45.133.44.53 | 200 OK | 97 kB |
URL GET HTTP/2js.mbidpp.com/popunder-admanager/build.m.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectjs.mbidpp.com Fingerprint5B:B3:95:84:D0:2B:0C:9A:68:98:53:B0:A4:A5:68:88:B2:A5:5F:82 ValidityThu, 18 Apr 2024 03:01:11 GMT - Wed, 17 Jul 2024 03:01:10 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder-admanager/build.m.js HTTP/1.1
Host: js.mbidpp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:08 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| b57dqedu4.com/get/2020088?zoneid=2020088&jp=_clzkhd4d39iqqbep1iutsw&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2082713602430464&eclog=0&im=1&uf=0 | 212.117.190.201 | 200 OK | 3.0 kB |
URL GET HTTP/2b57dqedu4.com/get/2020088?zoneid=2020088&jp=_clzkhd4d39iqqbep1iutsw&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2082713602430464&eclog=0&im=1&uf=0 IP212.117.190.201:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerBuypass AS-983163327 Subject Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT
File typeASCII text, with very long lines (3309), with no line terminators Hash21e3064c319d7b891874a19832f9a216 a80e67458fc0455c57069d4cf1f6776366469228 bf731529925d2922aa7f52a620a71c36bf7fa21d69dddd253b087fe209b4bc98
GET /get/2020088?zoneid=2020088&jp=_clzkhd4d39iqqbep1iutsw&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2082713602430464&eclog=0&im=1&uf=0 HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:05 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Sun, 08 Jun 2025 13:41:05 GMT; Secure; SameSite=None
UID=24050508415793732ae5b64e6db7d3bcd220; Path=/; Expires=Sun, 08 Jun 2025 13:41:05 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
|
|
| js.mbidadm.com/static/scripts.m.js | 45.133.44.52 | 200 OK | 109 kB |
URL GET HTTP/2js.mbidadm.com/static/scripts.m.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectjs.mbidadm.com FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80 ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT
Size109 kB (109375 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/scripts.m.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab3f"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:06 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js | 212.117.190.201 | 200 OK | 106 kB |
URL GET HTTP/2b57dqedu4.com/t/9/fret/meow4/2020088/0d68ddef.js IP212.117.190.201:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerBuypass AS-983163327 Subject Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT
File typeJavaScript source, ASCII text, with very long lines (65106) Size106 kB (106460 bytes) Hash5c1245ce45f7e0a8ff772bf695857a27 fad29ae9877616251044562b679427d9450199f7 9eee888953ac3827e3a1951d646e67fd6c34a47c7f4ff861c8b875218889513b
GET /t/9/fret/meow4/2020088/0d68ddef.js HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:05 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-1a022"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.fluidplayer.com/v3/current/6aef4fee473c54e96ff8.svg | 185.76.9.17 | 200 OK | 19 kB |
URL GET HTTP/2cdn.fluidplayer.com/v3/current/6aef4fee473c54e96ff8.svg IP185.76.9.17:443 ASN#60068 Datacamp Limited
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectfluidplayer.com FingerprintCD:21:BA:85:8A:CA:A4:37:0F:0A:BD:F7:50:25:DA:75:9E:D3:FB:76 ValidityMon, 26 Feb 2024 13:51:53 GMT - Sun, 26 May 2024 13:51:52 GMT
File typeSVG Scalable Vector Graphics image Hash805524b1fa0e091076d7afbf68e31133 ab696de0e85a7ce728cbe9b4131f5f4d528fb788 ad0276c58ec6a9875a2e1d39d972950763aac2e8f6262638d5868402ae2466fd
GET /v3/current/6aef4fee473c54e96ff8.svg HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:05 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 13:23:12 GMT
etag: W/"65fc34c0-4880"
expires: Fri, 22 Mar 2024 21:45:09 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-77-nzt: EwwBuUwJDQH34N8AAAwBuUwKDAH3AAAAAAwBisclxAGzgVEBAA
x-77-nzt-ray: c0a4cc28e535afc6718c3766eac16d37
x-accel-expires: @1714945553
x-accel-date: 1714859153
x-77-cache: HIT
x-77-age: 57312
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 57312
x-77-pop: stockholmSE
X-Firefox-Spdy: h2
|
|
| pyknrhm5c.com/chicken.gif?z=2025683&pb=76299d8b7a96d87e12e062686ad0de211714923666&psp=Yiu6RcfyIeKcmm_5p2QnoRTWP7f3qvbKO106pqE5XkmnlwlW1vOwPbhgQBc1yOKoUmZft62OhhtBJ_m2utPUMZKRtnjMiMP_dB7fHiAtF239tAW2VFTcGc7vb4dgKtzD3-5vpz3X-WX7fpYjVOLfquYOz8F3bZZEJuyYOFEQFiRxwXsgzSCfBSH0b33KlyV_Sh7OzsHN3p-k-OPMF9C6pUWDv4mr_QDjIQr7Wv9d1bitZZ41ZZC24cOeXb8teFeghqv6EQ-b_Jj8afvYmdV8_-w-FbmrXaL4BfLgiGxRflbqRawMk52iYFNT2GvWbLoX4_nNoVVYUBK-IxaXPf4gc_qItqxgaxZ7wNecHJqaDp-vu2SEhDZcnre8vqAC4susOeW36NKEzEYzKNIBbfi77j_bYQ-npD7NhJEF0YgJ_OAURO8OK1UTPtvQo9jIzc0bi5F0Y1ZCPY89qJuLRqwfqozE2iLJfjWUj9FwXx0rTZlV-0Qd_99Z1iDQXT-JpitK2mPuo-1mpQOwlgGS4ulGBAR2Z4PuJMaPx3A6LNMSGd-rAd_pojNkwOIiN1S4sHMlcKSy2h9rRtswEb2aQDcp_phHfy-JzPMfZkKflinpUtyJ_yCFjd97kPc27zVxlLwEFeqd5HARJfxUqAl8GtY2hZ-T44OPfGtrwlVjONZE1pz1kT_K1VGti8pE0y9eJ-_NrhcWx2gHT8KkWGKTMe3GZ_mz-zcyBR11jBCNLYyn7PoEUA==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897463369632256&eclog=0&im=1&_=0.3128420339884843 | 212.117.190.201 | 200 OK | 43 B |
URL GET HTTP/2pyknrhm5c.com/chicken.gif?z=2025683&pb=76299d8b7a96d87e12e062686ad0de211714923666&psp=Yiu6RcfyIeKcmm_5p2QnoRTWP7f3qvbKO106pqE5XkmnlwlW1vOwPbhgQBc1yOKoUmZft62OhhtBJ_m2utPUMZKRtnjMiMP_dB7fHiAtF239tAW2VFTcGc7vb4dgKtzD3-5vpz3X-WX7fpYjVOLfquYOz8F3bZZEJuyYOFEQFiRxwXsgzSCfBSH0b33KlyV_Sh7OzsHN3p-k-OPMF9C6pUWDv4mr_QDjIQr7Wv9d1bitZZ41ZZC24cOeXb8teFeghqv6EQ-b_Jj8afvYmdV8_-w-FbmrXaL4BfLgiGxRflbqRawMk52iYFNT2GvWbLoX4_nNoVVYUBK-IxaXPf4gc_qItqxgaxZ7wNecHJqaDp-vu2SEhDZcnre8vqAC4susOeW36NKEzEYzKNIBbfi77j_bYQ-npD7NhJEF0YgJ_OAURO8OK1UTPtvQo9jIzc0bi5F0Y1ZCPY89qJuLRqwfqozE2iLJfjWUj9FwXx0rTZlV-0Qd_99Z1iDQXT-JpitK2mPuo-1mpQOwlgGS4ulGBAR2Z4PuJMaPx3A6LNMSGd-rAd_pojNkwOIiN1S4sHMlcKSy2h9rRtswEb2aQDcp_phHfy-JzPMfZkKflinpUtyJ_yCFjd97kPc27zVxlLwEFeqd5HARJfxUqAl8GtY2hZ-T44OPfGtrwlVjONZE1pz1kT_K1VGti8pE0y9eJ-_NrhcWx2gHT8KkWGKTMe3GZ_mz-zcyBR11jBCNLYyn7PoEUA==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897463369632256&eclog=0&im=1&_=0.3128420339884843 IP212.117.190.201:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerBuypass AS-983163327 Subject Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87 ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT
File typeGIF image data, version 89a, 1 x 1 Hash28e463819a210071de3b45ebe7633613 6dccd571828ec0912629119cf7eabfea9f33ddbc 44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=2025683&pb=76299d8b7a96d87e12e062686ad0de211714923666&psp=Yiu6RcfyIeKcmm_5p2QnoRTWP7f3qvbKO106pqE5XkmnlwlW1vOwPbhgQBc1yOKoUmZft62OhhtBJ_m2utPUMZKRtnjMiMP_dB7fHiAtF239tAW2VFTcGc7vb4dgKtzD3-5vpz3X-WX7fpYjVOLfquYOz8F3bZZEJuyYOFEQFiRxwXsgzSCfBSH0b33KlyV_Sh7OzsHN3p-k-OPMF9C6pUWDv4mr_QDjIQr7Wv9d1bitZZ41ZZC24cOeXb8teFeghqv6EQ-b_Jj8afvYmdV8_-w-FbmrXaL4BfLgiGxRflbqRawMk52iYFNT2GvWbLoX4_nNoVVYUBK-IxaXPf4gc_qItqxgaxZ7wNecHJqaDp-vu2SEhDZcnre8vqAC4susOeW36NKEzEYzKNIBbfi77j_bYQ-npD7NhJEF0YgJ_OAURO8OK1UTPtvQo9jIzc0bi5F0Y1ZCPY89qJuLRqwfqozE2iLJfjWUj9FwXx0rTZlV-0Qd_99Z1iDQXT-JpitK2mPuo-1mpQOwlgGS4ulGBAR2Z4PuJMaPx3A6LNMSGd-rAd_pojNkwOIiN1S4sHMlcKSy2h9rRtswEb2aQDcp_phHfy-JzPMfZkKflinpUtyJ_yCFjd97kPc27zVxlLwEFeqd5HARJfxUqAl8GtY2hZ-T44OPfGtrwlVjONZE1pz1kT_K1VGti8pE0y9eJ-_NrhcWx2gHT8KkWGKTMe3GZ_mz-zcyBR11jBCNLYyn7PoEUA==&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4897463369632256&eclog=0&im=1&_=0.3128420339884843 HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2405050841fe36afc8aad848288264ceecaf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
|
|
| static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 | 104.16.79.73 | 200 OK | 19 kB |
URL GET HTTP/2static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP104.16.79.73:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectcloudflareinsights.com Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00 ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT
File typeJavaScript source, ASCII text, with very long lines (19189), with no line terminators Hash4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192
GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:04 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f12560b84356b1-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Comic+Neue&display=swap | 142.250.74.106 | 200 OK | 420 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Comic+Neue&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (429), with no line terminators Hash75f97bdeb174d8b64c2078ceff6726a3 beb63d63eb0398c4e6f15b6f2ad83c9fd7ef272d 0dd00245b771e2aada55e76fe50ee64c186e9413f70b1fc54da284a2cab024c6
GET /css2?family=Comic+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 May 2024 13:41:05 GMT
date: Sun, 05 May 2024 13:41:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.tailwindcss.com/ | 104.22.20.144 | 302 Found | 366 kB |
IP104.22.20.144:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerCloudflare, Inc. Subjecttailwindcss.com Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49 ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT
Size366 kB (365681 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sun, 05 May 2024 13:41:04 GMT
cache-control: max-age=14400
location: /3.4.3
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::vstdv-1714915110074-bf023dc61525
cf-cache-status: HIT
age: 823
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f125606a2e1c0a-OSL
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js | 172.67.183.69 | 200 OK | 7.9 kB |
URL GET HTTP/3www.amdahost.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
File typeJavaScript source, ASCII text, with very long lines (7858), with no line terminators Hash6621bd89faa87044fd4c87f50930eb43 a704b738784e2d863f30fdf87db6b3849ffbde5a 07f2418284452142cc6ab3777f9c9892b7acc1df27584ac6c0ef3b21d42a666e
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
vary: accept-encoding
content-encoding: br
cache-control: max-age=14400, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S8d%2Bc5Gu0LIwA9onFjMoVCe2%2FRKUdbzDbuEbocZW3oXQ43jcDZPY%2BcIRJnW8YdgboIDhjogtUOTxmB%2FHHD%2FNwnmJHyypNEbMUtRRHkCExW6XhrV2XJr8GzCEcDLaBNElokS2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f1256b4efe5697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| xadsmart.com/pajzmitypuvrerifsrc?ewmqBXbg=BQLyAAAAAAAACZUAAtorawY6nOXsCoYIv_KuvRKW4MXys3kW0rjmOL7dI0sJQXHffkzZRDUNyVGWMc81eLlAEltgo1MTuvPQJV6Sm0Q0THZusbY801X7aAvVXpmoIGi7CBP2rW5vEo0koq6PinYW-AuzBOWriS9SN8Qe4CYouy8aqPwn7Jwz7K1s3JhN2qQ4MRK_d3a1pKRzGlWu2_barymHE8EIqrAHEncuhO6jcump9CoFWNYswHIsGXaI8HpIJTeV2rRjvW-jLE9iVKO4i_I_QYjFrkpd7UNnxlwOen8X5HIB0v6AP5jaztO0Zvel6bMxs16oJ3oaQyoaY7eBYlvGIfJ3s1nRWR2brd79WuunBlTPIxMB3Gl00CwoukGiVObxTnA-9hkP5h6cQp0UzeFv6u-Qt_RmPdzqlSHA9S1_A5ET4upXQSbunJhuzYHHvmeKk9U5ESjfgrbnvYfvirB0cbPCctuzxeM8n2RVi-C8wNEOy-dwi-T1yGzCe99XDjfPuCO7PKwgx6gg5cx6pRXIG2pqNFWe1D45qeagRytsZ_ZeCM_bqI7aRAvyFEV9M2cinPF0HcYB1TPxm0o8Gfe5_iR5ubSRE0rBB9Q-ixRIPTJ8Cy335aGbLuMm0c6ZHkZ0L2Y-T9iQ--AvDS_o7oR1r2FcYqi5LB24Xz3_GwnsSL5sc_8ZD-0TnqBK1binrQY_PXpLe9o--_e57xujyvAkLL4mUaCHymsd_lzMVk90fiaqztRgamaTUM4pirTpaTdHoNkW9cC7N7PXzjBIkit9Ydh3-gFVOYuYsfHlKLVT4ai3Is630hp-Q-0R4IqoX0Wehy1_kAAgNvSnsOtvvFea1Vzd1js1Be0M6c0WBUCkyvabI1YuqZftpjunqifUBmmXJwSPZ6XraD3s2BH9Lk44-E2l3T6gODtCx-YoxvsrDNv8tViAllkfUwULEUdvhqUaITDi831AAyxICJjVohIkWF_ueporEP2-p__JpCtbH6dWkY0udoSYQoG_&XKwMFUsb=4&WniIycUs=5085941&yOGriChT=0.001&QixEgsJH=2,0&lZEBiIdG=&ZsotGnpu=&s=1280,1024,1,1280,1024,0 | 104.153.197.251 | 200 OK | 44 B |
URL GET HTTP/2xadsmart.com/pajzmitypuvrerifsrc?ewmqBXbg=BQLyAAAAAAAACZUAAtorawY6nOXsCoYIv_KuvRKW4MXys3kW0rjmOL7dI0sJQXHffkzZRDUNyVGWMc81eLlAEltgo1MTuvPQJV6Sm0Q0THZusbY801X7aAvVXpmoIGi7CBP2rW5vEo0koq6PinYW-AuzBOWriS9SN8Qe4CYouy8aqPwn7Jwz7K1s3JhN2qQ4MRK_d3a1pKRzGlWu2_barymHE8EIqrAHEncuhO6jcump9CoFWNYswHIsGXaI8HpIJTeV2rRjvW-jLE9iVKO4i_I_QYjFrkpd7UNnxlwOen8X5HIB0v6AP5jaztO0Zvel6bMxs16oJ3oaQyoaY7eBYlvGIfJ3s1nRWR2brd79WuunBlTPIxMB3Gl00CwoukGiVObxTnA-9hkP5h6cQp0UzeFv6u-Qt_RmPdzqlSHA9S1_A5ET4upXQSbunJhuzYHHvmeKk9U5ESjfgrbnvYfvirB0cbPCctuzxeM8n2RVi-C8wNEOy-dwi-T1yGzCe99XDjfPuCO7PKwgx6gg5cx6pRXIG2pqNFWe1D45qeagRytsZ_ZeCM_bqI7aRAvyFEV9M2cinPF0HcYB1TPxm0o8Gfe5_iR5ubSRE0rBB9Q-ixRIPTJ8Cy335aGbLuMm0c6ZHkZ0L2Y-T9iQ--AvDS_o7oR1r2FcYqi5LB24Xz3_GwnsSL5sc_8ZD-0TnqBK1binrQY_PXpLe9o--_e57xujyvAkLL4mUaCHymsd_lzMVk90fiaqztRgamaTUM4pirTpaTdHoNkW9cC7N7PXzjBIkit9Ydh3-gFVOYuYsfHlKLVT4ai3Is630hp-Q-0R4IqoX0Wehy1_kAAgNvSnsOtvvFea1Vzd1js1Be0M6c0WBUCkyvabI1YuqZftpjunqifUBmmXJwSPZ6XraD3s2BH9Lk44-E2l3T6gODtCx-YoxvsrDNv8tViAllkfUwULEUdvhqUaITDi831AAyxICJjVohIkWF_ueporEP2-p__JpCtbH6dWkY0udoSYQoG_&XKwMFUsb=4&WniIycUs=5085941&yOGriChT=0.001&QixEgsJH=2,0&lZEBiIdG=&ZsotGnpu=&s=1280,1024,1,1280,1024,0 IP104.153.197.251:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerSectigo Limited Subjectxadsmart.com FingerprintFC:E8:BA:57:31:46:6D:51:70:B5:42:35:6E:CF:97:6F:AF:38:C5:58 ValidityMon, 14 Aug 2023 00:00:00 GMT - Fri, 13 Sep 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashd5f0a25e4d3522d56d48ce7bc3e518fb 86794caff58f7fee6e684c2ba7195f970a8d6f4c 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /pajzmitypuvrerifsrc?ewmqBXbg=BQLyAAAAAAAACZUAAtorawY6nOXsCoYIv_KuvRKW4MXys3kW0rjmOL7dI0sJQXHffkzZRDUNyVGWMc81eLlAEltgo1MTuvPQJV6Sm0Q0THZusbY801X7aAvVXpmoIGi7CBP2rW5vEo0koq6PinYW-AuzBOWriS9SN8Qe4CYouy8aqPwn7Jwz7K1s3JhN2qQ4MRK_d3a1pKRzGlWu2_barymHE8EIqrAHEncuhO6jcump9CoFWNYswHIsGXaI8HpIJTeV2rRjvW-jLE9iVKO4i_I_QYjFrkpd7UNnxlwOen8X5HIB0v6AP5jaztO0Zvel6bMxs16oJ3oaQyoaY7eBYlvGIfJ3s1nRWR2brd79WuunBlTPIxMB3Gl00CwoukGiVObxTnA-9hkP5h6cQp0UzeFv6u-Qt_RmPdzqlSHA9S1_A5ET4upXQSbunJhuzYHHvmeKk9U5ESjfgrbnvYfvirB0cbPCctuzxeM8n2RVi-C8wNEOy-dwi-T1yGzCe99XDjfPuCO7PKwgx6gg5cx6pRXIG2pqNFWe1D45qeagRytsZ_ZeCM_bqI7aRAvyFEV9M2cinPF0HcYB1TPxm0o8Gfe5_iR5ubSRE0rBB9Q-ixRIPTJ8Cy335aGbLuMm0c6ZHkZ0L2Y-T9iQ--AvDS_o7oR1r2FcYqi5LB24Xz3_GwnsSL5sc_8ZD-0TnqBK1binrQY_PXpLe9o--_e57xujyvAkLL4mUaCHymsd_lzMVk90fiaqztRgamaTUM4pirTpaTdHoNkW9cC7N7PXzjBIkit9Ydh3-gFVOYuYsfHlKLVT4ai3Is630hp-Q-0R4IqoX0Wehy1_kAAgNvSnsOtvvFea1Vzd1js1Be0M6c0WBUCkyvabI1YuqZftpjunqifUBmmXJwSPZ6XraD3s2BH9Lk44-E2l3T6gODtCx-YoxvsrDNv8tViAllkfUwULEUdvhqUaITDi831AAyxICJjVohIkWF_ueporEP2-p__JpCtbH6dWkY0udoSYQoG_&XKwMFUsb=4&WniIycUs=5085941&yOGriChT=0.001&QixEgsJH=2,0&lZEBiIdG=&ZsotGnpu=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: xadsmart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
popads-node: wb9
access-control-allow-origin: *
asf: 6
cache-control: private, no-store, no-cache, must-revalidate, no-transform, max-age=0
pragma: no-cache
set-cookie: PP_CV=yes; expires=Sun, 05 May 2024 14:41:08 GMT; Max-Age=3600
fraudcheck=606936758b8dbe67e517b1a019f72ed5; expires=Tue, 04 Jun 2024 13:41:08 GMT; Max-Age=2592000; path=/; domain=.popads.net
popads-ec: 5
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Sun, 05 May 2024 13:41:09 GMT
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Bebas+Neue&display=swap | 142.250.74.106 | 200 OK | 799 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Bebas+Neue&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (817), with no line terminators Hashc493231efba2219e3348f16e938d7380 95b2c3d6221a58cbd7e96f2c05c40d03f53fb16c ff65de3252fffb1650fca0c23a1a87351bf5b2385dc11e35e19b94c3495e4cf0
GET /css2?family=Bebas+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 May 2024 13:41:05 GMT
date: Sun, 05 May 2024 13:41:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| i.wmgtr.com/cim/KJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png | 45.133.44.32 | 200 OK | 39 kB |
URL GET HTTP/2i.wmgtr.com/cim/KJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png IP45.133.44.32:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjecti.wmgtr.com FingerprintC3:69:C8:AD:52:95:77:79:3A:41:14:93:DE:ED:EA:B0:DA:18:DE:0E ValiditySat, 20 Apr 2024 03:01:12 GMT - Fri, 19 Jul 2024 03:01:11 GMT
File typePNG image data, 492 x 328, 8-bit colormap, non-interlaced Hash30226f3c552712ce525244bd1931d1a5 60045df0593328121db1f68f42f0753ae80b28b8 fbd51b9f789a308d3fa5a683cf83b34e7e4e7a6f033279cf9c5beeefb5655631
GET /cim/KJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:09 GMT
content-type: image/png
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
cache-control: max-age=82800
expires: Mon, 06 May 2024 12:41:09 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| xml.galaxypush.com/icon?sid=65e9ebdae9961953db3092b48d3e55d9&rnd=487027916&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.05&cpa=149f5a5e-8ee1-40d8-b4da-c2dd57451126&prev_step_diff=1087 | 199.182.164.180 | 302 Found | 0 B |
URL GET HTTP/2xml.galaxypush.com/icon?sid=65e9ebdae9961953db3092b48d3e55d9&rnd=487027916&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.05&cpa=149f5a5e-8ee1-40d8-b4da-c2dd57451126&prev_step_diff=1087 IP199.182.164.180:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject*.galaxypush.com Fingerprint08:09:E6:60:8C:AB:FF:F1:1E:41:C8:29:5E:91:F1:66:DE:EB:0C:9C ValiditySat, 09 Mar 2024 04:35:37 GMT - Fri, 07 Jun 2024 04:35:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /icon?sid=65e9ebdae9961953db3092b48d3e55d9&rnd=487027916&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.05&cpa=149f5a5e-8ee1-40d8-b4da-c2dd57451126&prev_step_diff=1087 HTTP/1.1
Host: xml.galaxypush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sun, 05 May 2024 13:41:10 GMT
location: https://c.adskeeper.com/c?pv=2&v=0|0|0|YJ8pkaLHymdU9jK65klEZ0hjnljAe7AMS93fCO-P_uBH4M0HEQubayf9pd_zP7Qvrfk7oeaZwwoo0_7J_qv1gg92cAq0icMzHtFizWa7naY*&cid=1488739&f=1&h2=bjao6ykRJ-s3uDIzFfBH-NQvLVlDks6BLeHJaJB1PnPHxwRrQteO1TDen2ZteKJU&rid=210e41c5-0ae5-11ef-8ff0-c84bd6826564&psid=820457
X-Firefox-Spdy: h2
|
|
| pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js | 212.117.190.201 | 200 OK | 91 kB |
URL GET HTTP/2pyknrhm5c.com/q/tdl/95/dnt/2025683/kep.js IP212.117.190.201:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerBuypass AS-983163327 Subject Fingerprint8C:0B:00:37:E9:46:0D:D7:64:26:AF:BD:4B:AC:9D:E3:CA:27:CD:87 ValidityFri, 03 May 2024 21:32:33 GMT - Tue, 29 Oct 2024 22:59:00 GMT
File typeJavaScript source, ASCII text, with very long lines (65107) Hashe0411427d3a21e45aeedb135ad163c3b fa7604ba1e0c74bb7f8ffb0d229ec10677872813 30e20e87ce0312c597365ca972e0e0bc4470a1ac11b6f6c026d5aa342d6576cd
GET /q/tdl/95/dnt/2025683/kep.js HTTP/1.1
Host: pyknrhm5c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:05 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-164ab"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| b57dqedu4.com/solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2082713602430464&eclog=0&im=1 | 212.117.190.201 | 200 OK | 43 B |
URL POST HTTP/2b57dqedu4.com/solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2082713602430464&eclog=0&im=1 IP212.117.190.201:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerBuypass AS-983163327 Subject Fingerprint17:76:24:C2:1F:79:27:A6:BF:60:AC:48:E1:7E:44:F5:FA:36:EB:6B ValidityWed, 01 May 2024 14:25:07 GMT - Sun, 27 Oct 2024 22:59:00 GMT
File typeGIF image data, version 89a, 1 x 1 Hash28e463819a210071de3b45ebe7633613 6dccd571828ec0912629119cf7eabfea9f33ddbc 44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
POST /solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=2082713602430464&eclog=0&im=1 HTTP/1.1
Host: b57dqedu4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:05 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: CHCK=1; Path=/; Expires=Sun, 08 Jun 2025 13:41:05 GMT; Secure; SameSite=None
UID=24050508410fab8cb81df74f00b076bd432a; Path=/; Expires=Sun, 08 Jun 2025 13:41:05 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
|
|
| js.onclckinpg.com/npc/sdk/wpu/npush.m.js | 45.133.44.53 | 200 OK | 169 kB |
URL GET HTTP/2js.onclckinpg.com/npc/sdk/wpu/npush.m.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectjs.onclckinpg.com Fingerprint8E:C2:D4:6B:E7:14:3A:3D:25:99:DE:85:47:21:6C:93:38:A2:CE:10 ValidityFri, 12 Apr 2024 03:01:31 GMT - Thu, 11 Jul 2024 03:01:30 GMT
Size169 kB (168568 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.onclckinpg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:08 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=72219311-15aa-4e9a-b0a5-70bfbf4fecf5&subid=1511354673&sid=4087117001&spot_id=529500&created_at=2024-05-05&timezone=0&ver=8.159.0&is_native=1 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=72219311-15aa-4e9a-b0a5-70bfbf4fecf5&subid=1511354673&sid=4087117001&spot_id=529500&created_at=2024-05-05&timezone=0&ver=8.159.0&is_native=1 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=72219311-15aa-4e9a-b0a5-70bfbf4fecf5&subid=1511354673&sid=4087117001&spot_id=529500&created_at=2024-05-05&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 May 2024 13:41:13 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap | 142.250.74.106 | 200 OK | 789 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (807), with no line terminators Hash6f717af0e726a10479b7e8bed93e5142 a115121febff939512aba08376c87856e8eb7d81 3f2d568b6fb6321a2e59f992275a60a22c904f5e8d84b7c6e43b1bb702ae86db
GET /css2?family=Poppins:wght@600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 May 2024 13:41:05 GMT
date: Sun, 05 May 2024 13:41:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.tailwindcss.com/3.4.3 | 104.22.20.144 | 200 OK | 366 kB |
URL GET HTTP/2cdn.tailwindcss.com/3.4.3 IP104.22.20.144:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerCloudflare, Inc. Subjecttailwindcss.com Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49 ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (52292) Size366 kB (365681 bytes) Hash4bdcdace639cc6c0f08a15c295482172 6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31 d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c
GET /3.4.3 HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:04 GMT
content-type: text/javascript
cache-control: max-age=31536000
content-encoding: br
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::rn74h-1711569125689-ef02b3caf33b
last-modified: Wed, 27 Mar 2024 19:52:06 GMT
cf-cache-status: HIT
age: 408552
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f12560da8a1c0a-OSL
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Karla&display=swap | 142.250.74.106 | 200 OK | 802 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Karla&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (820), with no line terminators Hash19b781ab6f09786f5d9e86ac26de083d 11ca72183489143542fafe4efb122b11f9b4c1d9 e17e04ca3c38fa955e6789b4818c7c24ffd3a99eae0830a01ca51ed8e968db8a
GET /css2?family=Karla&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 May 2024 13:41:05 GMT
date: Sun, 05 May 2024 13:41:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| c59049439d.68d6b65e65.com/c65cec1cbc28b7db44a16f3aca2200ad.js | 45.133.44.52 | 200 OK | 109 kB |
URL GET HTTP/2c59049439d.68d6b65e65.com/c65cec1cbc28b7db44a16f3aca2200ad.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectc59049439d.68d6b65e65.com Fingerprint57:57:2E:26:4E:E7:36:A7:05:19:24:B3:03:5E:B1:5F:6B:36:9E:E1 ValidityThu, 02 May 2024 02:20:34 GMT - Wed, 31 Jul 2024 02:20:33 GMT
Size109 kB (109340 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c65cec1cbc28b7db44a16f3aca2200ad.js HTTP/1.1
Host: c59049439d.68d6b65e65.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab1c"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:06 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| 32879.2481april2024.com/hyxBDIMyOAraQ8wooFnGLyBBnJMRooyILftVM5vPHJoWNprCpdgDpsnaV4Nhe92bwY4FdvZ5ganWQumxGvu6ZAmXn8LAurOEcQsVT9emhM2DqRTEhVSGTBKUOJsO?kws=video&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Sun%20May%2005%202024%2013%3A41%3A06%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 | 88.208.22.3 | 200 OK | 1.5 kB |
URL GET HTTP/232879.2481april2024.com/hyxBDIMyOAraQ8wooFnGLyBBnJMRooyILftVM5vPHJoWNprCpdgDpsnaV4Nhe92bwY4FdvZ5ganWQumxGvu6ZAmXn8LAurOEcQsVT9emhM2DqRTEhVSGTBKUOJsO?kws=video&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Sun%20May%2005%202024%2013%3A41%3A06%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 IP88.208.22.3:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject*.2481april2024.com FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49 ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT
File typeASCII text, with very long lines (1479), with no line terminators Hashb4b81c5a1d913795da7a4f56ba4f8e6b b6695566d3a16fc7d07330ab6751f0bb0116b318 9ebe55ae8e7657a6d3a77827762f30de24fe3cdee47747d21fd6aa2254535c44
GET /hyxBDIMyOAraQ8wooFnGLyBBnJMRooyILftVM5vPHJoWNprCpdgDpsnaV4Nhe92bwY4FdvZ5ganWQumxGvu6ZAmXn8LAurOEcQsVT9emhM2DqRTEhVSGTBKUOJsO?kws=video&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3D4052ec577a&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Sun%20May%2005%202024%2013%3A41%3A06%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:41:09 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Sun, 05 May 2024 13:41:09 UTC
expires: Sun, 05 May 2024 13:41:09 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| c59049439d.68d6b65e65.com/1d75e7beefdcd62607dc4fc0905787ea.js | 45.133.44.52 | 200 OK | 169 kB |
URL GET HTTP/2c59049439d.68d6b65e65.com/1d75e7beefdcd62607dc4fc0905787ea.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectc59049439d.68d6b65e65.com Fingerprint57:57:2E:26:4E:E7:36:A7:05:19:24:B3:03:5E:B1:5F:6B:36:9E:E1 ValidityThu, 02 May 2024 02:20:34 GMT - Wed, 31 Jul 2024 02:20:33 GMT
Size169 kB (168568 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1d75e7beefdcd62607dc4fc0905787ea.js HTTP/1.1
Host: c59049439d.68d6b65e65.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:08 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| c.adsco.re/ | 104.17.167.186 | 200 OK | 82 kB |
IP104.17.167.186:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73 ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (689) Hasha0b475c65fed312aba8d7c43a0cbc928 3fdd052b41c37318e44084be4f92d42fba4ded61 2dfb2101b24f80be00b1baecce7eec815e61a13381f6983051b6261b8035468a
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 13:41:07 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Wed, 05 Jun 2024 13:41:07 GMT
etag: W/"oLR1xl/tMSq6jXxDoMvJKA=="
cf-cache-status: HIT
age: 1085
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f125747faa568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| c59049439d.68d6b65e65.com/f4d5c1633ace9cc1956a10a67906ffc7.js | 45.133.44.52 | 200 OK | 97 kB |
URL GET HTTP/2c59049439d.68d6b65e65.com/f4d5c1633ace9cc1956a10a67906ffc7.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectc59049439d.68d6b65e65.com Fingerprint57:57:2E:26:4E:E7:36:A7:05:19:24:B3:03:5E:B1:5F:6B:36:9E:E1 ValidityThu, 02 May 2024 02:20:34 GMT - Wed, 31 Jul 2024 02:20:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /f4d5c1633ace9cc1956a10a67906ffc7.js HTTP/1.1
Host: c59049439d.68d6b65e65.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:08 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:08 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQz1J5Weh2aoHjwjEJIUqEQsrfj_2uNF6WZyX-rg6cAe1iqJWy1io3YyviwABdu4u57MDQlSLQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1023416554%3A1714916469765320&theme=mn&ddm=0 | 173.194.221.84 | 403 Forbidden | 0 B |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQz1J5Weh2aoHjwjEJIUqEQsrfj_2uNF6WZyX-rg6cAe1iqJWy1io3YyviwABdu4u57MDQlSLQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1023416554%3A1714916469765320&theme=mn&ddm=0 IP173.194.221.84:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQz1J5Weh2aoHjwjEJIUqEQsrfj_2uNF6WZyX-rg6cAe1iqJWy1io3YyviwABdu4u57MDQlSLQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1023416554%3A1714916469765320&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 May 2024 13:41:09 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-Mo_SyV_uz93BHaztAY8URg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.googleapis.com/css?family=Open+Sans | 142.250.74.106 | 200 OK | 5.8 kB |
URL GET HTTP/3fonts.googleapis.com/css?family=Open+Sans IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (5866), with no line terminators Hash9a9a7fec0410c78b8c7601306b9fa182 7d736470060c2cbab18d2a59c043202c2d3dbaac 6a2126bd16491c04d2f664d8acb3a7ad24ec144e02bffd62db7254bee91567f0
GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 May 2024 13:41:12 GMT
date: Sun, 05 May 2024 13:41:12 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.amdahost.com/watch_direct.php?id=4052ec577a | 172.67.183.69 | 200 OK | 15 kB |
URL User Request GET HTTP/2www.amdahost.com/watch_direct.php?id=4052ec577a IP172.67.183.69:443
CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch_direct.php?id=4052ec577a HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:04 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=f5871bdc0d5b5d885113e160c0cf19e5; path=/; domain=.amdahost.com
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XsQRTssDYCx0OsoHILoHhH2Cm1q4jBkjdnp4cU6MHvPvlVixPrhYvZEQqQ%2FrLMpH3YF5%2FNM4MudawZXLvhRVQ4Vt8GEnISvuUWOt5tIrv883Ze8Tx3a2U5HouHVbTAFf5o4e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f1255be879b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Archivo+Black&display=swap | 142.250.74.106 | 200 OK | 819 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Archivo+Black&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (837), with no line terminators Hashfa0b91b21b81c25b4d2bb89c6d9d84fb 1788d71d75cf429352999edca5573800814aba3f 5385a711b1675e90eb76b002d80f1c53e71449889caf26b5ee6ec34f3df23fa7
GET /css2?family=Archivo+Black&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 May 2024 13:41:05 GMT
date: Sun, 05 May 2024 13:41:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| js.onclckmn.com/static/onclicka.js | 45.133.44.52 | 200 OK | 1.7 kB |
URL GET HTTP/2js.onclckmn.com/static/onclicka.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectjs.onclckmn.com Fingerprint71:21:70:F5:FD:7C:41:28:07:3B:F6:EC:B5:FC:43:A9:49:6F:D3:65 ValidityThu, 25 Apr 2024 03:01:09 GMT - Wed, 24 Jul 2024 03:01:08 GMT
File typeJavaScript source, ASCII text, with very long lines (1886), with no line terminators Hash0d8e9eb897ac45d1e8228d70a2826bc7 0bf8815cb789c0821db5286a8de73fe2d06e02d5 8534f45f2fc3c1e92696729e5432e08aac34ba4586c5d307e5bffb7b8eb64622
GET /static/onclicka.js HTTP/1.1
Host: js.onclckmn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:05 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:14 GMT
etag: W/"6627832a-6c6"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:05 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| bid.mbidtg.com/tags/181085?version_name=c | 45.133.44.24 | 200 OK | 2.4 kB |
URL GET HTTP/2bid.mbidtg.com/tags/181085?version_name=c IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectbid.mbidtg.com Fingerprint62:EA:1B:EE:02:E5:88:CC:26:72:9B:BA:BF:B3:B6:2B:67:14:74:67 ValidityWed, 01 May 2024 03:00:45 GMT - Tue, 30 Jul 2024 03:00:44 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2722), with no line terminators Hashf3f8a4252c139a15faa50fb2aeb8b0f1 85edafbcba333a244a603e8a18270bc847bf9298 f24db3999e20ae67ca21ffa8724e803ee0e74c16d3f2e7b004fabe3a09566bbf
GET /tags/181085?version_name=c HTTP/1.1
Host: bid.mbidtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: application/json
server: nginx/1.24.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| www.xadsmart.com/cjs-data-http.min.css | 185.76.9.26 | 200 OK | 37 kB |
URL GET HTTP/2www.xadsmart.com/cjs-data-http.min.css IP185.76.9.26:443 ASN#60068 Datacamp Limited
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subject1376341044.rsc.cdn77.org Fingerprint68:8B:ED:E2:67:C5:82:02:7F:17:31:6A:4A:5F:F4:34:D3:AB:57:CF ValidityTue, 30 Apr 2024 06:35:29 GMT - Mon, 29 Jul 2024 06:35:28 GMT
File typeJavaScript source, ASCII text, with very long lines (1568) Hash89143c64b6d9409ff79f176dc54344e6 6aa380e46f1b2c6519a20476e6ddcf50861bfc2e 1dc75d21e634150f402bdbda97260adee439eabf0121fb9b49febd4cb28b5eba
GET /cjs-data-http.min.css HTTP/1.1
Host: www.xadsmart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: application/x-javascript
vary: Accept-Encoding, Origin
popads-node: wb11
expires: Mon, 06 May 2024 02:38:55 GMT
access-control-allow-origin: https://www.amdahost.com
link: <https://xadsmart.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-77-nzt: EwwBuUwJFAH3dDcAAAwBuUwKDAH3+QYAAAwBJRPCMQH3xkUIAA
x-77-nzt-ray: af5856303f598e75728c3766333e0e01
x-accel-expires: @1714963135
x-accel-date: 1714902270
x-77-cache: HIT
x-77-age: 14196
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 14196
x-77-pop: stockholmSE
X-Firefox-Spdy: h2
|
|
| js.mbidadm.com/static/scripts.m.js | 45.133.44.52 | 200 OK | 109 kB |
URL GET HTTP/2js.mbidadm.com/static/scripts.m.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=4052ec577a CertificateIssuerLet's Encrypt Subjectjs.mbidadm.com FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80 ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT
Size109 kB (109375 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/scripts.m.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:41:06 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab3f"
content-encoding: gzip
expires: Sun, 05 May 2024 13:46:06 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|