| www.amdahost.com/media/logo.png | 172.67.183.69 | 200 OK | 26 kB |
URL GET HTTP/3www.amdahost.com/media/logo.png IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typePNG image data, 382 x 70, 8-bit/color RGBA, non-interlaced Hash9c5c0fe1ed466c1a4801524b31777955 eb7bfae0af480eae554a937a9f64e96a0a4f734a 62b08c1489fff9fb4cf4d33857fb46d4f8298c3f74fc57f92279bdad95472640
GET /media/logo.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: image/png
content-length: 25625
last-modified: Fri, 15 Mar 2024 19:45:30 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5436
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BMDzX3num9FpffGewdmDPuYVtlAyZEO3jx4jmctlSVLjXS%2BBUOaq2UsWAPgNnkIWPCSliYs9Kgz5%2BOtAUwWTr17myQMHYD8PH0DE1uQaX6jJ0vi6O8ZHeF5Jp1yfglMqwyLu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a45adf490afa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.amdahost.com/watch_direct.php?id=e6ab017f08 | 172.67.183.69 | 200 OK | 50 kB |
URL User Request GET HTTP/2www.amdahost.com/watch_direct.php?id=e6ab017f08 IP172.67.183.69:443
CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1494), with CRLF, LF line terminators Hashbc672bbefec66c103a5b19427d4f54aa f0e3e26150854ce62a0a9fedfbdbbafd45fbb6c6 c4730a55a8f34cb1fd7fea19c98be434b12e04f43dfa6b144ac58fb5e4a168d8
GET /watch_direct.php?id=e6ab017f08 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599; path=/; domain=.amdahost.com
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nQhTXJWFr5W3rYtNzGPbmpuj%2BBDN0DwAwe14DLul8M9RpTvr3ysaaFlUDb0fWTPIee7RDSi4ZZJ%2BVVRQdHRS48bHlkBuJI5a1vIgpTIpXBWJQNQW6hWCOw4YwEnAGcjd9z%2BJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a4570c787131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css | 151.101.129.229 | 200 OK | 17 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css IP151.101.129.229:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
Hash373c68d52e3daa5cd7e1ae058fb6bd70 30a01afb8338555278162655e4a8e7ac57774f35 f53b0f6c14c09b5c263713876dfe7185531a3a424a91d192dfee3c5fa03493dd
GET /npm/remixicon@4.0.0/fonts/remixicon.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.0.0
x-jsd-version-type: version
etag: W/"200b1-MKAa+4M4VVJ4FiZV5KjnrFd3TzU"
content-encoding: br
accept-ranges: bytes
date: Thu, 23 May 2024 22:56:55 GMT
age: 6637305
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410034-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16743
X-Firefox-Spdy: h2
|
|
| jdxlh.ajscdn.com/ipp.js?id=Cfai9bWuWU2_Azxs8wzM8A&sub_id= | 172.67.131.230 | | 0 B |
URL jdxlh.ajscdn.com/ipp.js?id=Cfai9bWuWU2_Azxs8wzM8A&sub_id= IP172.67.131.230:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ipp.js?id=Cfai9bWuWU2_Azxs8wzM8A&sub_id= HTTP/1.1
Host: jdxlh.ajscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Thu, 23 May 2024 22:56:55 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: BYPASS
set-cookie: __inppu=278ad401-583d-4483-9033-1fd01aec5352; expires=Sat, 23 May 2026 22:56:55 GMT; path=/; secure; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=86IH5u3ckug57Ar1q9%2F2zQVosoNVfsPqWCbCdIXML06f3MWkTqEDtbintNm3NuacBos8pNB%2BsmRe9vNSqCXGjM1%2BGdrUaOVICfKS%2BMkT8horC7WoJaTp8A%2FCnkoDnx63e9c0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a45b5e08569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 32879.2481april2024.com/4/js/233169 | 88.208.22.4 | 200 OK | 6.6 kB |
URL GET HTTP/232879.2481april2024.com/4/js/233169 IP88.208.22.4:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subject*.2481april2024.com FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49 ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT
File typeJavaScript source, ASCII text, with very long lines (16647), with no line terminators Hash3973e0ffc1c56b5a8d35b475f8131b8f 3f4b417a43ccc8a20f42157baa1728f6a750be24 527fcc20bd46c3ff62a342fa63f431cacd0fecf4c69ee341135c6dd194131cc2
GET /4/js/233169 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:55 GMT
content-type: application/javascript; charset=UTF-8
content-length: 6577
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/home2/thumbnails/1713485608_77975d935ba87330.jpg | 172.67.183.69 | 200 OK | 43 kB |
URL GET HTTP/3www.amdahost.com/home2/thumbnails/1713485608_77975d935ba87330.jpg IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 960x540, components 3 Hash125f42409f4307f5ec3c9c6721821889 e920dc1eb933ffcbb2c2a76b5c9b1c01cc7c9125 768ae06ec9d2400e5601d714d4d610d2d3d41741f11750a28cd2ea4827969297
GET /home2/thumbnails/1713485608_77975d935ba87330.jpg HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: image/jpeg
content-length: 43084
last-modified: Sat, 18 May 2024 16:38:49 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cq313iV1qeynhZ1KMhRzPN%2FJFat5Kpji1lYqc0vUSOxDOWnyDn08M9B85IjKUBYxGYDPIkGvxC1fwg5A13nv8h3aT8IwgOcrLQUsO4rV2W1Q3a7OPfPa9mo8L1CSHbxwHwez"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a45aef560afa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=G-473NMXMZ7V | 142.250.74.168 | 200 OK | 102 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-473NMXMZ7V IP142.250.74.168:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint8C:4A:82:1E:00:9B:5C:E8:2B:28:8C:2B:B1:77:07:74:60:4F:7D:5E ValidityMon, 06 May 2024 13:42:09 GMT - Mon, 29 Jul 2024 13:42:08 GMT
File typeJavaScript source, ASCII text, with very long lines (5945) Size102 kB (102491 bytes) Hash9d1c982fe7972f79bb437947c895f4fc 69cae159d44ed45adeffabab8a4aa92a265d82d2 5bda565f42fff0b7714664b2858f4ca82327d4807c46804623674e0d4dd2e028
GET /gtag/js?id=G-473NMXMZ7V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 23 May 2024 22:56:55 GMT
expires: Thu, 23 May 2024 22:56:55 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102491
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js | 142.250.74.170 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js IP142.250.74.170:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77 ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30462
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 May 2024 08:25:23 GMT
expires: Fri, 23 May 2025 08:25:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 52292
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.tailwindcss.com/3.4.3 | 172.67.41.16 | 200 OK | 112 kB |
URL GET HTTP/2cdn.tailwindcss.com/3.4.3 IP172.67.41.16:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerCloudflare, Inc. Subjecttailwindcss.com Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49 ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (52292) Size112 kB (112401 bytes) Hash4bdcdace639cc6c0f08a15c295482172 6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31 d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c
GET /3.4.3 HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: text/javascript
cache-control: max-age=31536000
content-encoding: br
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::rn74h-1711569125689-ef02b3caf33b
last-modified: Wed, 27 Mar 2024 19:52:06 GMT
cf-cache-status: HIT
age: 1997103
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a45cde0e5688-OSL
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Lobster&display=swap | 142.250.74.106 | 200 OK | 990 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Lobster&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77 ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT
File typegzip compressed data, max compression Hash8a6f64294ad0aedbe167b2fbce6a1c0f 114c2e3e06a353dfc7dbc7f8ed42833f434bc55f bf09e414f4fc3589506af3a28295a574744565944db6320c616ca34df28b0d06
GET /css2?family=Lobster&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 May 2024 22:56:55 GMT
date: Thu, 23 May 2024 22:56:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2 | 216.58.207.227 | 200 OK | 13 kB |
URL GET HTTP/2fonts.gstatic.com/s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2 IP216.58.207.227:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 13184, version 1.0 Hash37b12babb3bd0f9d9587cc8ca89a19b9 49cfe5b31144493cec4f21dc63fb2f1051061b45 73351bb42cb7827d0cd08c5d5832140700139b86eb6dd9a49047017924cb3ed0
GET /s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 May 2024 02:41:45 GMT
expires: Fri, 23 May 2025 02:41:45 GMT
cache-control: public, max-age=31536000
age: 72911
last-modified: Wed, 27 Sep 2023 15:40:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 | 216.58.207.227 | 200 OK | 14 kB |
URL GET HTTP/2fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 IP216.58.207.227:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 13820, version 1.0 Hash2dd698f2699a5ef991625825011bff90 523ff9357131751e57dd78cb92b218a49a130d1d 02f5dfc0c21e92f3c724260f035833e627513a1b91230cc490a1ea756c95e5e5
GET /s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 May 2024 02:35:44 GMT
expires: Fri, 23 May 2025 02:35:44 GMT
cache-control: public, max-age=31536000
age: 73272
last-modified: Thu, 24 Aug 2023 21:28:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js | 172.67.183.69 | 302 Found | 0 B |
URL GET HTTP/3www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599; _ga_473NMXMZ7V=GS1.1.1716505016.1.0.1716505016.0.0.0; _ga=GA1.1.336599650.1716505016
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Thu, 23 May 2024 22:56:57 GMT
content-length: 0
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
cache-control: max-age=300, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4NfeAVyTn0b9Ux0zTw7mqWIct1HWffmp5NKklykiPIFL3K6k7aAYlXR%2B%2BEis3ccaJJyI1PTOfYvQ3Kj3gCGxkIJ%2Fgvr8H7reIkyaQN5B%2BhsvyhX7BAUEPZn5D%2B9ibz2zb4I4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a4652b1a0afa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 | 216.58.207.227 | 200 OK | 128 kB |
URL GET HTTP/2fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 IP216.58.207.227:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 128352, version 1.0 Size128 kB (128352 bytes) Hash53436aca8627a49f4deaaa44dc9e3c05 0bc0c675480d94ec7e8609dda6227f88c5d08d2c 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
GET /s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 May 2024 03:43:48 GMT
expires: Sat, 17 May 2025 03:43:48 GMT
cache-control: public, max-age=31536000
age: 587589
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/materialsymbolsrounded/v181/sykg-zNym6YjUruM-QrEh7-nyTnjDwKNJ_190Fjzag.woff2 | 216.58.207.227 | 200 OK | 4.3 MB |
URL GET HTTP/2fonts.gstatic.com/s/materialsymbolsrounded/v181/sykg-zNym6YjUruM-QrEh7-nyTnjDwKNJ_190Fjzag.woff2 IP216.58.207.227:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 4274492, version 1.0 Size4.3 MB (4274492 bytes) Hash7b788f88c4227a06890847e4bfcf2c15 d3440655edf947fdecdb36ecd0bf981a07a31d0c c05aed2f6bc12a25cf129528a922538865721a7c510e84a637f8cf95830b670f
GET /s/materialsymbolsrounded/v181/sykg-zNym6YjUruM-QrEh7-nyTnjDwKNJ_190Fjzag.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 4274492
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 May 2024 08:35:31 GMT
expires: Fri, 23 May 2025 08:35:31 GMT
cache-control: public, max-age=31536000
age: 51686
last-modified: Thu, 09 May 2024 19:16:50 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/home2/videos/1713485597_065e6856b10dc67b.mp4 | 172.67.183.69 | 206 Partial Content | 94 kB |
URL GET HTTP/3www.amdahost.com/home2/videos/1713485597_065e6856b10dc67b.mp4 IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
Hash945e787a69ebe4e1c1714e26805a9bfe fb761f44390492383871b907df4538d43bbd20c2 dacadf0ff5f1633960c64b37e00013667885151963a47965a941c3767b85679c
GET /home2/videos/1713485597_065e6856b10dc67b.mp4 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=9371648-
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599; _ga_473NMXMZ7V=GS1.1.1716505016.1.0.1716505016.0.0.0; _ga=GA1.1.336599650.1716505016
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Thu, 23 May 2024 22:56:57 GMT
content-type: video/mp4
content-length: 94186
last-modified: Sat, 18 May 2024 14:25:25 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
content-range: bytes 9371648-9465833/9465834
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V1hB%2Fa7t4Cd6iF16wtJYEg6bCmCXG7DHP%2FTXdcp7UKFrDR2eaAFo1tjASJvobJneIw0IsqKzxTUg1N8IwNJ0dkwQPZlsOuuEZ6krr0b57dj%2BCaSzsNm6RncUEmH70La5GjwP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a467cc790afa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.amdahost.com/cdn-cgi/challenge-platform/h/b/jsd/r/8888a4570c787131 | 172.67.183.69 | 200 OK | 0 B |
URL POST HTTP/3www.amdahost.com/cdn-cgi/challenge-platform/h/b/jsd/r/8888a4570c787131 IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/challenge-platform/h/b/jsd/r/8888a4570c787131 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12192
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599; _ga_473NMXMZ7V=GS1.1.1716505016.1.0.1716505016.0.0.0; _ga=GA1.1.336599650.1716505016
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:57 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=Gd5gxZLiheoQ6bqesQ7hrATZcDv9XRpT8lzTWIYNqlQ-1716505017-1.0.1.1-j2U3PCiKzKZgLKLef7uHKNTVD32IFd8dFUYu5NhxTEDDqcKxJ9H4TxzJQAJd7eEdhlpvbFkVkKGqF6g85v2i5Q; Path=/; Expires=Fri, 23-May-25 22:56:57 GMT; Domain=.amdahost.com; HttpOnly; Secure; SameSite=None; Partitioned
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y4AC8IcVYzTU4RR5djLgOb%2Fso4YU29tjaaVOrPiAvRDqLuLwsnf0FV%2BGiR5HwU%2BxeLM6d2sv1zVZN32tXzlLE0b0%2BlAduOeXtZbrwEJMbl9bZiU249IRbQ6ry%2B%2BhoqfoKJHl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a467cc7a0afa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.amdahost.com/home2/videos/1713485597_065e6856b10dc67b.mp4 | 172.67.183.69 | 206 Partial Content | 1.6 MB |
URL GET HTTP/3www.amdahost.com/home2/videos/1713485597_065e6856b10dc67b.mp4 IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
Size1.6 MB (1613196 bytes) Hasha1409053b7490a2cf4cc70b98b8199d2 7d92cb7c40aed07f2461f59ed56f97907faec9da c997c05d39831726edba2894b5793c959e12046207c8b2755de666c7cbfba1c1
GET /home2/videos/1713485597_065e6856b10dc67b.mp4 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=688128-
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599; _ga_473NMXMZ7V=GS1.1.1716505016.1.0.1716505017.0.0.0; _ga=GA1.1.336599650.1716505016; cf_clearance=Gd5gxZLiheoQ6bqesQ7hrATZcDv9XRpT8lzTWIYNqlQ-1716505017-1.0.1.1-j2U3PCiKzKZgLKLef7uHKNTVD32IFd8dFUYu5NhxTEDDqcKxJ9H4TxzJQAJd7eEdhlpvbFkVkKGqF6g85v2i5Q
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Thu, 23 May 2024 22:56:58 GMT
content-type: video/mp4
content-length: 8777706
last-modified: Sat, 18 May 2024 14:25:25 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1
content-range: bytes 688128-9465833/9465834
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AUaGwa%2Bi91%2FZVSqJcBAffQZW56ZACHpnUnHdlmviKxp%2BGoLXPTqwLkBPbXeGh%2FsfngeDBVb1zbfGRrvZJaRJJqUWwJ608SwLRWSbkp3GX1bQqkuF%2FKTZedF6Y0LQ%2F1j35xMl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a46c4e730afa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| bid.onclcktg.com/tags/181085?version_name=c | 45.133.44.25 | 200 OK | 2.4 kB |
URL GET HTTP/2bid.onclcktg.com/tags/181085?version_name=c IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectbid.onclcktg.com Fingerprint72:BD:E7:FE:B4:B7:86:81:94:C3:A7:21:65:2E:1E:86:32:16:C6:1A ValidityThu, 11 Apr 2024 03:00:17 GMT - Wed, 10 Jul 2024 03:00:16 GMT
Hash97a16b0346a28d51c77bac799dbce7d1 67c05e492ad0af00a0431aff8cc1de35019872bb 2b6113f81c95c4aa1af99b7de99476c05804a95f78c02caa750ca4b572d308f3
GET /tags/181085?version_name=c HTTP/1.1
Host: bid.onclcktg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:58 GMT
content-type: application/json
server: nginx/1.24.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/media/favicon-16x16.png | 172.67.183.69 | 200 OK | 936 B |
URL GET HTTP/3www.amdahost.com/media/favicon-16x16.png IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hashac0cd4d64276fa91e68993406abcd43d c9af1132645f2bccfb9295a4e45cc95e8e78b7b6 bf852eabb9e0bbeb89b360a2dc4ccc1b86f2ffea3dfa78f0c2bb8747be598382
GET /media/favicon-16x16.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599; _ga_473NMXMZ7V=GS1.1.1716505016.1.0.1716505017.0.0.0; _ga=GA1.1.336599650.1716505016; cf_clearance=Gd5gxZLiheoQ6bqesQ7hrATZcDv9XRpT8lzTWIYNqlQ-1716505017-1.0.1.1-j2U3PCiKzKZgLKLef7uHKNTVD32IFd8dFUYu5NhxTEDDqcKxJ9H4TxzJQAJd7eEdhlpvbFkVkKGqF6g85v2i5Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:58 GMT
content-type: image/png
content-length: 936
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eNdNRuHDutPOquhZt9WF8T%2BmGqrRwjwpebNjgi00mPF7zF4Ie2TCcofVRZYXX76wJVlOoTfZ5kU3e%2Bz6gInCZGJPLsm6omAjxVN7rO0zvlizExJPoZVy6W%2BV%2FwwdwUpO038p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a46ceec60afa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| js.onclckmn.com/static/onclicka.js | 45.133.44.53 | 200 OK | 1.4 kB |
URL GET HTTP/2js.onclckmn.com/static/onclicka.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectjs.onclckmn.com Fingerprint71:21:70:F5:FD:7C:41:28:07:3B:F6:EC:B5:FC:43:A9:49:6F:D3:65 ValidityThu, 25 Apr 2024 03:01:09 GMT - Wed, 24 Jul 2024 03:01:08 GMT
File typegzip compressed data, from Unix Hashccf0def0f7b615472d4e609774a6aa2a b93a076220e39e677da61230be25184282083379 2a1800ef52841b6ea262d21d6ccb959799b41676d72885de6867ec17504df158
GET /static/onclicka.js HTTP/1.1
Host: js.onclckmn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 14 May 2024 13:04:52 GMT
etag: W/"66436174-6c6"
content-encoding: gzip
expires: Thu, 23 May 2024 23:01:55 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| veepteero.com/88/63771 | 139.45.197.242 | 200 OK | 1.6 kB |
IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectveepteero.com Fingerprint13:68:56:48:EC:67:A6:93:BE:E0:36:BC:FA:04:75:6D:6E:D2:C1:91 ValiditySat, 23 Mar 2024 05:18:36 GMT - Fri, 21 Jun 2024 05:18:35 GMT
File typegzip compressed data, max speed, from Unix Hash071dee8efc34e2e45dedf6fae06297a5 35f35705a510f63e1520873b1c5df6ad66090248 e1a69c7c21e1edca38477f4d10aace7f75394d0824141a4baa7ae7cfd43363ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /88/63771 HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:57 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/zone?pub=0&zone_id=7443536&is_mobile=false&domain=www.amdahost.com&var=&ymid=&var_3=&tg=0&sw=3.1.512&drf= | 139.45.197.250 | 200 OK | 876 B |
URL GET HTTP/2moonoafy.net/zone?pub=0&zone_id=7443536&is_mobile=false&domain=www.amdahost.com&var=&ymid=&var_3=&tg=0&sw=3.1.512&drf= IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash1232afa4613da4a378ae26becda06b7b 0e818511b824c8081b837df5a0733d95a9f74e65 612dd3783fc57b00e2710295e428eb83e8d849966ef7fadfc19f292f5a93cff9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /zone?pub=0&zone_id=7443536&is_mobile=false&domain=www.amdahost.com&var=&ymid=&var_3=&tg=0&sw=3.1.512&drf= HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:58 GMT
content-type: application/json; charset=utf-8
content-length: 876
x-trace-id: 99ba2502f6058ffd36849bbd7c590179
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 4.adsco.re/ | 162.252.214.5 | 200 OK | 62 B |
IP162.252.214.5:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73 ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash5b41cb22f84f645a103acc7bfbf084ff bac3967b26d5ec4a0d09a580714e8219796816bd 709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 May 2024 22:56:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.amdahost.com
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
|
|
| 4.adsco.re:2087/ | 162.252.214.5 | | 62 B |
IP162.252.214.5:0
File typeASCII text, with no line terminators Hash5b41cb22f84f645a103acc7bfbf084ff bac3967b26d5ec4a0d09a580714e8219796816bd 709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc
GET / HTTP/1.1
Host: 4.adsco.re:2087
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 May 2024 22:56:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.amdahost.com
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
|
|
| my.rtmark.net/gid.js?userId=k6hr235639ds432425084l6s1ticf304 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=k6hr235639ds432425084l6s1ticf304 IP139.45.195.8:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectrtmark.net Fingerprint90:47:5A:A5:5F:5F:FA:E6:7C:6F:AB:D2:06:D1:D9:BD:F3:54:9E:6E ValiditySat, 11 May 2024 20:51:41 GMT - Fri, 09 Aug 2024 20:51:40 GMT
Hash9b198019b6f9b941a10b7ebb61dd35e0 4c495e7dc2b90c44527df9139c967ab549aaad2e fdc9025133b3671c0598224fd0e741d6c9b78929bb6ea31af03a0063e701be41
GET /gid.js?userId=k6hr235639ds432425084l6s1ticf304 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Cookie: ID=008065c2aa784798faf76b4f089f8b05
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008065c2aa784798faf76b4f089f8b05; expires=Fri, 23 May 2025 22:56:59 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| eedsaung.net/9?z=7443534&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=k6hr235639ds432425084l6s1ticf304 | 139.45.197.242 | 200 OK | 0 B |
URL POST HTTP/2eedsaung.net/9?z=7443534&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=k6hr235639ds432425084l6s1ticf304 IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjecteedsaung.net FingerprintB9:EB:EA:22:9B:30:C2:90:3A:52:EB:AB:26:22:69:B2:8F:BD:3D:D4 ValiditySat, 23 Mar 2024 20:31:40 GMT - Fri, 21 Jun 2024 20:31:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /9?z=7443534&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=k6hr235639ds432425084l6s1ticf304 HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| alwingulla.com/88/tag.min.js | 104.21.72.155 | 200 OK | 26 kB |
URL GET HTTP/2alwingulla.com/88/tag.min.js IP104.21.72.155:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectalwingulla.com FingerprintFD:86:A4:E5:CD:44:A9:09:65:93:E5:C6:54:0E:F3:76:EF:8D:D0:68 ValidityFri, 10 May 2024 17:12:43 GMT - Thu, 08 Aug 2024 17:12:42 GMT
File typeJavaScript source, ASCII text, with very long lines (65494) Hashfd49b523d293bca0082ec819eb8447ed 29cbc5b41233344c9e6c1b17d8d24f445128c9b7 8b7a3711f0aab9b5944d8750a8ea7e2fb7f7ef576deb770ed12437df33b90c3d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /88/tag.min.js HTTP/1.1
Host: alwingulla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: d47821375109be8e1db4ec6cef5aba9d
cache-control: max-age=86400
last-modified: Thu, 23 May 2024 14:21:37 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Fri, 24 May 2024 15:59:02 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 25073
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=prFKpyabRaT22yXe0M3Q0bnvSakcijjzOJnHePoawmC2RmYRefZCtGjl6%2FixpBKDzl1aCNbNiBP3bLSLW44VfoKa2a5c%2BRONfNkVHCQakiEsTPGmdsxr%2F7%2BihlvXrEBkzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a45b6a55b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/3bT/27mJf/universal.min.js?v=3.1.512 | 139.45.197.250 | 200 OK | 34 kB |
URL GET HTTP/2moonoafy.net/3bT/27mJf/universal.min.js?v=3.1.512 IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typegzip compressed data, max speed, from Unix Hashc24398061ba8dd6d8f1a1c888243ed34 35fa0682fcc61dd96caaed38225134e90e321718 36a173ed7ecf722824d78601bd2b16856143413c661ebfc342b26aa19e0f26de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /3bT/27mJf/universal.min.js?v=3.1.512 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/javascript
last-modified: Wed, 22 May 2024 13:57:03 GMT
etag: W/"664df9af-15fb3"
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js | 139.45.195.8 | 200 OK | 65 B |
IP139.45.195.8:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectrtmark.net Fingerprint90:47:5A:A5:5F:5F:FA:E6:7C:6F:AB:D2:06:D1:D9:BD:F3:54:9E:6E ValiditySat, 11 May 2024 20:51:41 GMT - Fri, 09 Aug 2024 20:51:40 GMT
Hash9b198019b6f9b941a10b7ebb61dd35e0 4c495e7dc2b90c44527df9139c967ab549aaad2e fdc9025133b3671c0598224fd0e741d6c9b78929bb6ea31af03a0063e701be41
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Cookie: ID=008065c2aa784798faf76b4f089f8b05
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008065c2aa784798faf76b4f089f8b05; expires=Fri, 23 May 2025 22:56:59 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/cdn-cgi/rum? | 172.67.183.69 | 204 No Content | 0 B |
URL POST HTTP/3www.amdahost.com/cdn-cgi/rum? IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1082
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599; _ga_473NMXMZ7V=GS1.1.1716505016.1.0.1716505017.0.0.0; _ga=GA1.1.336599650.1716505016; cf_clearance=Gd5gxZLiheoQ6bqesQ7hrATZcDv9XRpT8lzTWIYNqlQ-1716505017-1.0.1.1-j2U3PCiKzKZgLKLef7uHKNTVD32IFd8dFUYu5NhxTEDDqcKxJ9H4TxzJQAJd7eEdhlpvbFkVkKGqF6g85v2i5Q; a=BX7cNxFpZ16zr2Asf8HH4CBWe4Lv1qT5; prefetchAd_7443532=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 23 May 2024 22:56:59 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8888a4750a670afa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| onclckmetrics.com//in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxODM3NDg2MTczNDUyNjUwNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMi4xIiwidGFnX2lkIjoxODEwODUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6Mi4yNCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== | 168.119.25.20 | 200 OK | 0 B |
URL GET HTTP/2onclckmetrics.com//in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxODM3NDg2MTczNDUyNjUwNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMi4xIiwidGFnX2lkIjoxODEwODUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6Mi4yNCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== IP168.119.25.20:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxODM3NDg2MTczNDUyNjUwNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMi4xIiwidGFnX2lkIjoxODEwODUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6Mi4yNCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: onclckmetrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 23 May 2024 22:56:59 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| onclckmetrics.com//in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxODM3NDg2MTczNDUyNjUwNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMi4xIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6Mi4yNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== | 168.119.25.20 | 200 OK | 0 B |
URL GET HTTP/2onclckmetrics.com//in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxODM3NDg2MTczNDUyNjUwNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMi4xIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6Mi4yNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== IP168.119.25.20:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxODM3NDg2MTczNDUyNjUwNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMi4xIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6Mi4yNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: onclckmetrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 23 May 2024 22:56:59 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js | 172.67.183.69 | 200 OK | 3.7 kB |
URL GET HTTP/3www.amdahost.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typeJavaScript source, ASCII text, with very long lines (7858), with no line terminators Hash4d6fa234f5c7d26706ec473ff4d9c9d9 9fba8953b8c502ec31281fbf1736646b132b09fe 0b12d88b67490392d605c26e9144a35ec9b62456e8ab243c6fae7ca86136a66f
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599; _ga_473NMXMZ7V=GS1.1.1716505016.1.0.1716505016.0.0.0; _ga=GA1.1.336599650.1716505016
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:57 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
cache-control: max-age=14400, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CL3Aj7tEP%2FZxRHyWMryfjIqUZSsLFrlYueJk0lpRhZOwc9C9Qyt0GBwnQhlikY8h89EhVpaZUoKq28UOZIeSgunY8OjaNkIPOJPm1w8P11PyUEE2cbaDbA8No5uGQbl%2B%2FkQN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a4665bb70afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| js.onclmng.com/log/count.html | 45.133.44.53 | 200 OK | 949 B |
URL GET HTTP/2js.onclmng.com/log/count.html IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectjs.onclmng.com FingerprintB3:BD:42:00:AB:0A:D1:81:F6:DF:A9:BF:45:0F:B4:82:56:28:B3:64 ValidityWed, 10 Apr 2024 08:09:23 GMT - Tue, 09 Jul 2024 08:09:22 GMT
File typegzip compressed data, from Unix Hashbc2fa8be24378451709099bf399869a2 00d0b3fd6ca8a704a67db6f15d74c881b309b0ab 250208199b3875e9cb34779e81a7fad365b2d85f7ec3ef188c506d0607fc2ec2
GET /log/count.html HTTP/1.1
Host: js.onclmng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: text/html; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 09 Oct 2023 14:41:31 GMT
etag: W/"6524111b-361"
content-encoding: gzip
expires: Thu, 23 May 2024 23:01:59 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=179977 | 157.90.84.242 | 204 No Content | 0 B |
URL OPTIONS HTTP/1.1fp.metricswpsh.com/fp?tag_id=179977 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 23 May 2024 22:56:59 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
|
|
| www.amdahost.com/sw.js | 172.67.183.69 | 200 OK | 2.5 kB |
IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typeJavaScript source, ASCII text, with very long lines (5209), with no line terminators Hash8c835b5e700130a4d86a342d23ccaac4 a8b75235c94555d05ee9a85db701259d678f0f2b 56703d69701fec751308810a481a7878d79952b6f7da803793de759c49925feb
GET /sw.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599; _ga_473NMXMZ7V=GS1.1.1716505016.1.0.1716505017.0.0.0; _ga=GA1.1.336599650.1716505016; cf_clearance=Gd5gxZLiheoQ6bqesQ7hrATZcDv9XRpT8lzTWIYNqlQ-1716505017-1.0.1.1-j2U3PCiKzKZgLKLef7uHKNTVD32IFd8dFUYu5NhxTEDDqcKxJ9H4TxzJQAJd7eEdhlpvbFkVkKGqF6g85v2i5Q; a=BX7cNxFpZ16zr2Asf8HH4CBWe4Lv1qT5; prefetchAd_7443532=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=5236
last-modified: Wed, 22 May 2024 02:24:55 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4623
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t60yMPbT3vsijignaDes2g%2B%2FSJ4%2F8m4H6nnrgosDu5R44QedmENRNAUF6gJMLhoZekZYQNpBI7wADRenuwAeWWnzWgXj6iCQCyrP%2FruCBob1OnoFG%2BWLwGRD5IWXbds4hsoI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a4750a650afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adsco.re/p | 162.252.214.5 | 200 OK | 811 B |
IP162.252.214.5:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73 ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File typeASCII text, with very long lines (1020), with no line terminators Hash58b73fa99fa8bfb822c822b73b7109bd 7ad17126084785a60c3cca2f79f529c70209cc24 0c04dc134d8977facf19ae13157e3c74b3b364e00150108ab8ada1b877baa8b3
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1569
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 May 2024 22:56:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Accept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
Access-Control-Allow-Origin: https://www.amdahost.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: application/json
Content-Length: 776
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: e87b3f34e579a1736edc60aa8653c082
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| eedsaung.net/121?rnd=1670084103&z=7443534&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D7443534%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D817643919866081280&cln={CELL_NUMBER}&btp=7&rb=EyRxMZU9BtS0WacY3iHCYv13c7P7yCT28oUTjftaA7-C7wD6zg04yyP4gnUUtGAIrXKKt0yqIdVlyFLnRlR4Z75P2kga0MZUWa7kEf6ck1IZKES9Rng5t8EGBoF_643MLcGno9j8kMO7ua2YeCztux-roe7mBqwJZuywM_NzbeM84-ypbYLijHadIRzQXPQMJ4XyknDBtNloi7vUkOvw5xX7CCKep9AQb6P_Mgk4ACKL5OyIi0oxMSk9QfG0vyv8HSBjqw55Jd8WZhMVXJZpHWJHO5dE40pkbrGl_owKMZbPSwQ34Yomsm0jmKPJvk8i4EO-xMB1_Raa7085CwLSjhc_4FCFslMc9XCWe3q4CYdObwwMUSAl9rdSpxNCkGm2A9Pz99c-vnw2O858IUk_XZ5ZiNbcLgM7t0OBlZ-ux8K8tDQNGsCf6eaG1UKLHCqzZuEokfT6PtrQH-UlM5KbRdvjWxyv6WdHOtSNpdfvW-GrCHimLHYyoIpJ9m00dUDl63qbR0R5ZXa6C6xffx0tI5hIzQFT7g4e_UQj3ygPcM85S776AOz0AZEXAw88R_YO_GHlbgRe2ZnC_Tm40ihoRF1el-KB1oQOSj8WLcMXFDYXUixuk-C-6Mafe2gvFSrg&bag=ydU9kaAfa6I=&ruid=3a7ab970-801f-42a8-b1cc-0c525f8e2764&subid=817643919866081280 | 139.45.197.242 | 302 Found | 0 B |
URL GET HTTP/2eedsaung.net/121?rnd=1670084103&z=7443534&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D7443534%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D817643919866081280&cln={CELL_NUMBER}&btp=7&rb=EyRxMZU9BtS0WacY3iHCYv13c7P7yCT28oUTjftaA7-C7wD6zg04yyP4gnUUtGAIrXKKt0yqIdVlyFLnRlR4Z75P2kga0MZUWa7kEf6ck1IZKES9Rng5t8EGBoF_643MLcGno9j8kMO7ua2YeCztux-roe7mBqwJZuywM_NzbeM84-ypbYLijHadIRzQXPQMJ4XyknDBtNloi7vUkOvw5xX7CCKep9AQb6P_Mgk4ACKL5OyIi0oxMSk9QfG0vyv8HSBjqw55Jd8WZhMVXJZpHWJHO5dE40pkbrGl_owKMZbPSwQ34Yomsm0jmKPJvk8i4EO-xMB1_Raa7085CwLSjhc_4FCFslMc9XCWe3q4CYdObwwMUSAl9rdSpxNCkGm2A9Pz99c-vnw2O858IUk_XZ5ZiNbcLgM7t0OBlZ-ux8K8tDQNGsCf6eaG1UKLHCqzZuEokfT6PtrQH-UlM5KbRdvjWxyv6WdHOtSNpdfvW-GrCHimLHYyoIpJ9m00dUDl63qbR0R5ZXa6C6xffx0tI5hIzQFT7g4e_UQj3ygPcM85S776AOz0AZEXAw88R_YO_GHlbgRe2ZnC_Tm40ihoRF1el-KB1oQOSj8WLcMXFDYXUixuk-C-6Mafe2gvFSrg&bag=ydU9kaAfa6I=&ruid=3a7ab970-801f-42a8-b1cc-0c525f8e2764&subid=817643919866081280 IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjecteedsaung.net FingerprintB9:EB:EA:22:9B:30:C2:90:3A:52:EB:AB:26:22:69:B2:8F:BD:3D:D4 ValiditySat, 23 Mar 2024 20:31:40 GMT - Fri, 21 Jun 2024 20:31:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /121?rnd=1670084103&z=7443534&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D7443534%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D817643919866081280&cln={CELL_NUMBER}&btp=7&rb=EyRxMZU9BtS0WacY3iHCYv13c7P7yCT28oUTjftaA7-C7wD6zg04yyP4gnUUtGAIrXKKt0yqIdVlyFLnRlR4Z75P2kga0MZUWa7kEf6ck1IZKES9Rng5t8EGBoF_643MLcGno9j8kMO7ua2YeCztux-roe7mBqwJZuywM_NzbeM84-ypbYLijHadIRzQXPQMJ4XyknDBtNloi7vUkOvw5xX7CCKep9AQb6P_Mgk4ACKL5OyIi0oxMSk9QfG0vyv8HSBjqw55Jd8WZhMVXJZpHWJHO5dE40pkbrGl_owKMZbPSwQ34Yomsm0jmKPJvk8i4EO-xMB1_Raa7085CwLSjhc_4FCFslMc9XCWe3q4CYdObwwMUSAl9rdSpxNCkGm2A9Pz99c-vnw2O858IUk_XZ5ZiNbcLgM7t0OBlZ-ux8K8tDQNGsCf6eaG1UKLHCqzZuEokfT6PtrQH-UlM5KbRdvjWxyv6WdHOtSNpdfvW-GrCHimLHYyoIpJ9m00dUDl63qbR0R5ZXa6C6xffx0tI5hIzQFT7g4e_UQj3ygPcM85S776AOz0AZEXAw88R_YO_GHlbgRe2ZnC_Tm40ihoRF1el-KB1oQOSj8WLcMXFDYXUixuk-C-6Mafe2gvFSrg&bag=ydU9kaAfa6I=&ruid=3a7ab970-801f-42a8-b1cc-0c525f8e2764&subid=817643919866081280 HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=k6hr235639ds432425084l6s1ticf304; oaidts=1716505018
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-length: 0
location: https://securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7443534&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=817643919866081280
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: aed6b030d5d5ca27013b16e497b1c4c9
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=181085 | 157.90.84.242 | 204 No Content | 58 B |
URL OPTIONS HTTP/1.1fp.metricswpsh.com/fp?tag_id=181085 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash87385fcd2a67fc74d2fa67366ba68ea2 a604cdbb1d31ce257e8643eee9219c9c724c200c 9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995
POST /fp?tag_id=181085 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1837
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 May 2024 22:56:59 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=2997100807857195156; Expires=Fri, 23 May 2025 22:56:59 GMT; Secure; SameSite=None
Vary: Origin
|
|
| eedsaung.net/11?rnd=413891673&z=7443534&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=EyRxMZU9BtS0WacY3iHCYv13c7P7yCT28oUTjftaA7-C7wD6zg04yyP4gnUUtGAIrXKKt0yqIdVlyFLnRlR4Z75P2kga0MZUWa7kEf6ck1IZKES9Rng5t8EGBoF_643MLcGno9j8kMO7ua2YeCztux-roe7mBqwJZuywM_NzbeM84-ypbYLijHadIRzQXPQMJ4XyknDBtNloi7vUkOvw5xX7CCKep9AQb6P_Mgk4ACKL5OyIi0oxMSk9QfG0vyv8HSBjqw55Jd8WZhMVXJZpHWJHO5dE40pkbrGl_owKMZbPSwQ34Yomsm0jmKPJvk8i4EO-xMB1_Raa7085CwLSjhc_4FCFslMc9XCWe3q4CYdObwwMUSAl9rdSpxNCkGm2A9Pz99c-vnw2O858IUk_XZ5ZiNbcLgM7t0OBlZ-ux8K8tDQNGsCf6eaG1UKLHCqzZuEokfT6PtrQH-UlM5KbRdvjWxyv6WdHOtSNpdfvW-GrCHimLHYyoIpJ9m00dUDl63qbR0R5ZXa6C6xffx0tI5hIzQFT7g4e_UQj3ygPcM85S776AOz0AZEXAw88R_YO_GHlbgRe2ZnC_Tm40ihoRF1el-KB1oQOSj8WLcMXFDYXUixuk-C-6Mafe2gvFSrg&ruid=3a7ab970-801f-42a8-b1cc-0c525f8e2764&subid=817643919866081280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=234 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2eedsaung.net/11?rnd=413891673&z=7443534&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=EyRxMZU9BtS0WacY3iHCYv13c7P7yCT28oUTjftaA7-C7wD6zg04yyP4gnUUtGAIrXKKt0yqIdVlyFLnRlR4Z75P2kga0MZUWa7kEf6ck1IZKES9Rng5t8EGBoF_643MLcGno9j8kMO7ua2YeCztux-roe7mBqwJZuywM_NzbeM84-ypbYLijHadIRzQXPQMJ4XyknDBtNloi7vUkOvw5xX7CCKep9AQb6P_Mgk4ACKL5OyIi0oxMSk9QfG0vyv8HSBjqw55Jd8WZhMVXJZpHWJHO5dE40pkbrGl_owKMZbPSwQ34Yomsm0jmKPJvk8i4EO-xMB1_Raa7085CwLSjhc_4FCFslMc9XCWe3q4CYdObwwMUSAl9rdSpxNCkGm2A9Pz99c-vnw2O858IUk_XZ5ZiNbcLgM7t0OBlZ-ux8K8tDQNGsCf6eaG1UKLHCqzZuEokfT6PtrQH-UlM5KbRdvjWxyv6WdHOtSNpdfvW-GrCHimLHYyoIpJ9m00dUDl63qbR0R5ZXa6C6xffx0tI5hIzQFT7g4e_UQj3ygPcM85S776AOz0AZEXAw88R_YO_GHlbgRe2ZnC_Tm40ihoRF1el-KB1oQOSj8WLcMXFDYXUixuk-C-6Mafe2gvFSrg&ruid=3a7ab970-801f-42a8-b1cc-0c525f8e2764&subid=817643919866081280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=234 IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjecteedsaung.net FingerprintB9:EB:EA:22:9B:30:C2:90:3A:52:EB:AB:26:22:69:B2:8F:BD:3D:D4 ValiditySat, 23 Mar 2024 20:31:40 GMT - Fri, 21 Jun 2024 20:31:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=413891673&z=7443534&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=EyRxMZU9BtS0WacY3iHCYv13c7P7yCT28oUTjftaA7-C7wD6zg04yyP4gnUUtGAIrXKKt0yqIdVlyFLnRlR4Z75P2kga0MZUWa7kEf6ck1IZKES9Rng5t8EGBoF_643MLcGno9j8kMO7ua2YeCztux-roe7mBqwJZuywM_NzbeM84-ypbYLijHadIRzQXPQMJ4XyknDBtNloi7vUkOvw5xX7CCKep9AQb6P_Mgk4ACKL5OyIi0oxMSk9QfG0vyv8HSBjqw55Jd8WZhMVXJZpHWJHO5dE40pkbrGl_owKMZbPSwQ34Yomsm0jmKPJvk8i4EO-xMB1_Raa7085CwLSjhc_4FCFslMc9XCWe3q4CYdObwwMUSAl9rdSpxNCkGm2A9Pz99c-vnw2O858IUk_XZ5ZiNbcLgM7t0OBlZ-ux8K8tDQNGsCf6eaG1UKLHCqzZuEokfT6PtrQH-UlM5KbRdvjWxyv6WdHOtSNpdfvW-GrCHimLHYyoIpJ9m00dUDl63qbR0R5ZXa6C6xffx0tI5hIzQFT7g4e_UQj3ygPcM85S776AOz0AZEXAw88R_YO_GHlbgRe2ZnC_Tm40ihoRF1el-KB1oQOSj8WLcMXFDYXUixuk-C-6Mafe2gvFSrg&ruid=3a7ab970-801f-42a8-b1cc-0c525f8e2764&subid=817643919866081280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=234 HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Cookie: scm=1; OAID=k6hr235639ds432425084l6s1ticf304; oaidts=1716505018
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 2336e689a7b1d9cc82261989957fa45d
access-control-expose-headers: X-Sc
set-cookie: OAID=k6hr235639ds432425084l6s1ticf304; expires=Fri, 23 May 2025 22:56:59 GMT; secure; SameSite=None
oaidts=1716505018; expires=Fri, 23 May 2025 22:56:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=179977 | 157.90.84.242 | 204 No Content | 58 B |
URL OPTIONS HTTP/1.1fp.metricswpsh.com/fp?tag_id=179977 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash87385fcd2a67fc74d2fa67366ba68ea2 a604cdbb1d31ce257e8643eee9219c9c724c200c 9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995
POST /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1835
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 May 2024 22:56:59 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=14563383269858383244; Expires=Fri, 23 May 2025 22:56:59 GMT; Secure; SameSite=None
Vary: Origin
|
|
| gishejuy.com/500/7443533?excludes=&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=5&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 | 139.45.197.242 | 200 OK | 0 B |
URL OPTIONS HTTP/2gishejuy.com/500/7443533?excludes=&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=5&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /500/7443533?excludes=&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=5&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| blekdhvra3su.l4.adsco.re/ | 185.200.118.51 | 200 OK | 0 B |
URL POST HTTP/2blekdhvra3su.l4.adsco.re/ IP185.200.118.51:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subject*.l4.adsco.re Fingerprint6A:0E:41:E3:DE:94:4F:DE:EA:FD:23:FA:26:1D:19:3A:24:53:08:53 ValiditySun, 19 May 2024 09:12:48 GMT - Sat, 17 Aug 2024 09:12:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: blekdhvra3su.l4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 02 Jun 2023 14:03:32 GMT
etag: "6479f6b4-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| veepteero.com/?rb=PYh7_E4x95l3RjPnxXBW0-vgxH58QnT91__M7PbAtCQFWYuDOdufpdbfhB2Q2R8lhVkUpcWJ_W4SDVDURZp6GJoJYurytBA5kl7aAMULnkzgwc6pgTYdEK037YZ7XhoIPQjm8ZIps_zp3IeEde9a9LDGwjED3GWSjTW2mMtACOxkRw2sjWJMuch_N57eR6XFOclxc5lwmTdjlhgiQyD023bjcvH-3zjM8LWnM9kvDv9tZeCLzEOQ15v25-rjKerkX8_P6-g5RXp3i9qY&request_ab2=0&zoneid=7443532&js_build=iclick-v1.803.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.803.0&navlng=en-US&pnt=0&pnrc=0&bs=4b01250b-9f6f-458d-a241-809a814d766f&wasm=1&userId=k6hr235639ds432425084l6s1ticf304&m=link | 139.45.197.242 | 200 OK | 1.9 kB |
URL GET HTTP/2veepteero.com/?rb=PYh7_E4x95l3RjPnxXBW0-vgxH58QnT91__M7PbAtCQFWYuDOdufpdbfhB2Q2R8lhVkUpcWJ_W4SDVDURZp6GJoJYurytBA5kl7aAMULnkzgwc6pgTYdEK037YZ7XhoIPQjm8ZIps_zp3IeEde9a9LDGwjED3GWSjTW2mMtACOxkRw2sjWJMuch_N57eR6XFOclxc5lwmTdjlhgiQyD023bjcvH-3zjM8LWnM9kvDv9tZeCLzEOQ15v25-rjKerkX8_P6-g5RXp3i9qY&request_ab2=0&zoneid=7443532&js_build=iclick-v1.803.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.803.0&navlng=en-US&pnt=0&pnrc=0&bs=4b01250b-9f6f-458d-a241-809a814d766f&wasm=1&userId=k6hr235639ds432425084l6s1ticf304&m=link IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectveepteero.com Fingerprint13:68:56:48:EC:67:A6:93:BE:E0:36:BC:FA:04:75:6D:6E:D2:C1:91 ValiditySat, 23 Mar 2024 05:18:36 GMT - Fri, 21 Jun 2024 05:18:35 GMT
Hash45ed20f1aa121989b46503d50a21b5c8 8189a1f30fa2186322761e3b6b83050976b9f58f 60d7211b449f2de77052eb84c78a95107b7f3b6bfa915f37bf800ffef484b882
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?rb=PYh7_E4x95l3RjPnxXBW0-vgxH58QnT91__M7PbAtCQFWYuDOdufpdbfhB2Q2R8lhVkUpcWJ_W4SDVDURZp6GJoJYurytBA5kl7aAMULnkzgwc6pgTYdEK037YZ7XhoIPQjm8ZIps_zp3IeEde9a9LDGwjED3GWSjTW2mMtACOxkRw2sjWJMuch_N57eR6XFOclxc5lwmTdjlhgiQyD023bjcvH-3zjM8LWnM9kvDv9tZeCLzEOQ15v25-rjKerkX8_P6-g5RXp3i9qY&request_ab2=0&zoneid=7443532&js_build=iclick-v1.803.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.803.0&navlng=en-US&pnt=0&pnrc=0&bs=4b01250b-9f6f-458d-a241-809a814d766f&wasm=1&userId=k6hr235639ds432425084l6s1ticf304&m=link HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/json
x-trace-id: c5a8ea4fdf2f68a854c4876fb3b7f1a9
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=k6hr235639ds432425084l6s1ticf304; expires=Fri, 23 May 2025 22:56:59 GMT; path=/; secure; SameSite=None
oaidts=1716505019; expires=Fri, 23 May 2025 22:56:59 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 30 May 2024 22:56:59 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashbb41e243940e43d8485fd6e133772835 7fdbb3c1757afd5b3f2a1f30502e52ccedbeff13 592fade665b2d10f429226e4953c29084cc48eb1ada5015e32ca27ada1f8ed17
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: application/json
Content-Length: 531
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| blekdhvra3su.n4.adsco.re/ | 38.132.109.115 | | 0 B |
URL blekdhvra3su.n4.adsco.re/ IP38.132.109.115:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: blekdhvra3su.n4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:00 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 16 Jun 2023 08:37:42 GMT
etag: "648c1f56-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=caed6371-80e0-4f4b-8595-b63956aa28ca | 139.45.195.254 | 200 OK | 12 B |
URL POST HTTP/1.1fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=caed6371-80e0-4f4b-8595-b63956aa28ca IP139.45.195.254:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerSectigo Limited Subjectfleraprt.com Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=caed6371-80e0-4f4b-8595-b63956aa28ca HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1767
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 23 May 2024 22:57:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://www.amdahost.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| moonoafy.net/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| 4.adsco.re/ | 162.252.214.5 | 200 OK | 62 B |
IP162.252.214.5:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73 ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash5b41cb22f84f645a103acc7bfbf084ff bac3967b26d5ec4a0d09a580714e8219796816bd 709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://c.adsco.re/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 May 2024 22:57:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
|
|
| moonoafy.net/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash1342d4f109ad4dda21e59553c172aa73 904a38468617716ca2b356ca090e7e0a858c70f9 7821bceb6fb5e826551fa64cd31ced88f5adbd86a7426d4029548fe46f34c995
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: application/json
Content-Length: 1797
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| js.onclmng.com/log/count.html | 45.133.44.53 | 200 OK | 446 B |
URL GET HTTP/2js.onclmng.com/log/count.html IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectjs.onclmng.com FingerprintB3:BD:42:00:AB:0A:D1:81:F6:DF:A9:BF:45:0F:B4:82:56:28:B3:64 ValidityWed, 10 Apr 2024 08:09:23 GMT - Tue, 09 Jul 2024 08:09:22 GMT
File typeJavaScript source, ASCII text, with very long lines (700) Hash3687dd990cf8db416a176f9612a85d63 e1f242e2d852c5f77dea4b0336e77715213d9ffa 84707a4648beed4bece34cc68166733ea0f92ed1adf982022a616e5faf24235c
GET /log/count.html HTTP/1.1
Host: js.onclmng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: text/html; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 09 Oct 2023 14:41:31 GMT
etag: W/"6524111b-361"
content-encoding: gzip
expires: Thu, 23 May 2024 23:01:59 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| c.adsco.re/ | 104.17.166.186 | | 29 kB |
IP104.17.166.186:0
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73 ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (881) Hash0d683bdf35d89f985a1029aba278a5d9 97bc8ba038325c26b258e59baebb62d55498b1b3 3f549d3829f1c3139f3b9803aee55f74ee3a9a38c53a816b5344bc20c3168208
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Sun, 23 Jun 2024 22:56:59 GMT
etag: W/"DWg73zXYn5haECmronil2Q=="
content-encoding: gzip
cf-cache-status: HIT
age: 2476
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a4744f761bfa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| nereserv.com/in/dip?event_id=6b1af66a-8750-41c8-bdd8-786f3825a18d&subid=1615035347&spot_id=594070&created_at=2024-05-23&timezone=0&ver=1.142.0 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?event_id=6b1af66a-8750-41c8-bdd8-786f3825a18d&subid=1615035347&spot_id=594070&created_at=2024-05-23&timezone=0&ver=1.142.0 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?event_id=6b1af66a-8750-41c8-bdd8-786f3825a18d&subid=1615035347&spot_id=594070&created_at=2024-05-23&timezone=0&ver=1.142.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:00 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mbdippex.com/in/multy | 94.130.198.6 | 204 No Content | 0 B |
IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:00 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| js.onclckpp.com/popunder-admanager/build.m.js | 45.133.44.53 | 200 OK | 46 kB |
URL GET HTTP/2js.onclckpp.com/popunder-admanager/build.m.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectjs.onclckpp.com FingerprintA8:6D:6C:51:D2:87:DA:A4:84:97:5D:DD:FE:A3:4B:E9:D6:C6:DA:71 ValidityFri, 12 Apr 2024 03:01:03 GMT - Thu, 11 Jul 2024 03:01:02 GMT
File typegzip compressed data, from Unix Hashe50ef1cfcdada4e2099f5cf8d716a6c1 de5a74bc7544c3259085e8ee2813aa5e32d5d499 c2ea139e6be45585cf2ab9074bda7a0f693589ec086375ca0f38349b8e39972a
GET /popunder-admanager/build.m.js HTTP/1.1
Host: js.onclckpp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 15 May 2024 14:49:12 GMT
etag: W/"6644cb68-18a0b"
content-encoding: gzip
expires: Thu, 23 May 2024 23:01:59 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| onclckip.com/in/dip?site=native-push&wl=0&event_id=91c00660-0984-49be-8783-36fae00bccd0&subid=1635306071&sid=3639579455&spot_id=594068&created_at=2024-05-23&timezone=0&ver=8.162.0&is_native=1 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/2onclckip.com/in/dip?site=native-push&wl=0&event_id=91c00660-0984-49be-8783-36fae00bccd0&subid=1635306071&sid=3639579455&spot_id=594068&created_at=2024-05-23&timezone=0&ver=8.162.0&is_native=1 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=0&event_id=91c00660-0984-49be-8783-36fae00bccd0&subid=1635306071&sid=3639579455&spot_id=594068&created_at=2024-05-23&timezone=0&ver=8.162.0&is_native=1 HTTP/1.1
Host: onclckip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:00 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mbddip.com/in/dip?site=native-push&wl=1&event_id=d7780363-7fb0-4fb6-a754-dff839e904b4&subid=1211831614&sid=2671718952&spot_id=560190&created_at=2024-05-23&timezone=0&ver=8.162.0&is_native=1 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/2mbddip.com/in/dip?site=native-push&wl=1&event_id=d7780363-7fb0-4fb6-a754-dff839e904b4&subid=1211831614&sid=2671718952&spot_id=560190&created_at=2024-05-23&timezone=0&ver=8.162.0&is_native=1 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=d7780363-7fb0-4fb6-a754-dff839e904b4&subid=1211831614&sid=2671718952&spot_id=560190&created_at=2024-05-23&timezone=0&ver=8.162.0&is_native=1 HTTP/1.1
Host: mbddip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:00 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?pub=0&userId=a9c3b965f3034bb389a21dfddc8be8cc&zoneId=7443536&checkDuplicate=true&ymid=&var=&source=pusher | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?pub=0&userId=a9c3b965f3034bb389a21dfddc8be8cc&zoneId=7443536&checkDuplicate=true&ymid=&var=&source=pusher IP139.45.195.8:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectrtmark.net Fingerprint90:47:5A:A5:5F:5F:FA:E6:7C:6F:AB:D2:06:D1:D9:BD:F3:54:9E:6E ValiditySat, 11 May 2024 20:51:41 GMT - Fri, 09 Aug 2024 20:51:40 GMT
Hash9b198019b6f9b941a10b7ebb61dd35e0 4c495e7dc2b90c44527df9139c967ab549aaad2e fdc9025133b3671c0598224fd0e741d6c9b78929bb6ea31af03a0063e701be41
GET /gid.js?pub=0&userId=a9c3b965f3034bb389a21dfddc8be8cc&zoneId=7443536&checkDuplicate=true&ymid=&var=&source=pusher HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Cookie: ID=008065c2aa784798faf76b4f089f8b05
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008065c2aa784798faf76b4f089f8b05; expires=Fri, 23 May 2025 22:57:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| xadsmart.com/kmwnlyofnnnsn?LiEPcCdh=BQLyAAAAAAAACZUAAp6UsWGNZ9BTJsQ3f4wcRWlP5cxCGRM8yodRWzKH6UII04MNmaVoGw6inQNOC0iL3nc09o97Uv05NPYdLirgBqpkvw0mDXBcss3ZZXiPmi6yKdD5sIZfhnnATJB59RhXzqWXUt5QZ52xiVw0Ao6ZboxEohqclrIZH4LEA4-DT42UR_ymMljmNRrj3MHRE5BZpwIBaGk5w3jjfiQJ4KCUgJa7PwTunO5uyyBiuaVrEBGJjGzSUzarhXPuec317hOgFNCoaqbLz358g_NBOmkCkCcFPLzOERXQaxdEj4fnPte0IKIl3CAiku8VaR_XAjn8pL-Yy_ihQxEW7yOcfmEFaFBrG1MsfbNXmeoFC6EK9DwZmJSEV9IwYLFPDxwMIeRntGbGCKw94Lq7HgsTORhQtBHYoh6f4lU6KlGRgK8VzSr5a3XENW4UklQKehp8n5zBoyP7fCUdCQPSKNQJctLXFfvY9WHkzlWF4rd8Zo47tSU1Yx1_BKyo3rSfH8TtfXFDOhWwUa9v8XLZcs0cmLd_ro29qFucQt4A9Evc8PrT5RNScnBPkjsmo431rbtDkNSxVj0oEukRcUdCxFBUPhnS0j_8KRAe4KGELVMgc5Z0U0Dug_H_rjUjhVGjLh8JGnjPoRH4QKpVMjrezA2B8-OJ3gjkMXOvp1FrjW561JLBBRuCD2DFaeMZbaScwbxbEsLY0N4Cl24leBiyZnMkSdbJzkiGPGBgHEIFL19hr8PDa14x-x8v-1DSgdw4BlHcPgximyeDrx7op5thbw8gBNVR3BvEdlfisJMIAAMYWc7bIJT4AwKt9_FPBC4mMPQcDiTzH69ALzYSjK6h7ihMTGgc0M3S234F8ntqlPUQBioRFjd8nX-OzfenTUYr-t9XZbO1G6is12HwRJLoFNGKrV1WW4ONqwuzv7STlRrhocM1tz0PlnBZifpCcS_Wj202uojRz2IjNkmy5UfdVfoykEXjN4RG5AQqv6lu7e7yGv0ciYGN&SDcMBmLk=4&mSybfGiT=5085941&jgyspSxn=&ezUdgCit=0,0&oHKyGDuX=&AJkYWoiM=&s=1280,1024,1,1280,1024,0 | 104.153.197.251 | 200 OK | 44 B |
URL GET HTTP/2xadsmart.com/kmwnlyofnnnsn?LiEPcCdh=BQLyAAAAAAAACZUAAp6UsWGNZ9BTJsQ3f4wcRWlP5cxCGRM8yodRWzKH6UII04MNmaVoGw6inQNOC0iL3nc09o97Uv05NPYdLirgBqpkvw0mDXBcss3ZZXiPmi6yKdD5sIZfhnnATJB59RhXzqWXUt5QZ52xiVw0Ao6ZboxEohqclrIZH4LEA4-DT42UR_ymMljmNRrj3MHRE5BZpwIBaGk5w3jjfiQJ4KCUgJa7PwTunO5uyyBiuaVrEBGJjGzSUzarhXPuec317hOgFNCoaqbLz358g_NBOmkCkCcFPLzOERXQaxdEj4fnPte0IKIl3CAiku8VaR_XAjn8pL-Yy_ihQxEW7yOcfmEFaFBrG1MsfbNXmeoFC6EK9DwZmJSEV9IwYLFPDxwMIeRntGbGCKw94Lq7HgsTORhQtBHYoh6f4lU6KlGRgK8VzSr5a3XENW4UklQKehp8n5zBoyP7fCUdCQPSKNQJctLXFfvY9WHkzlWF4rd8Zo47tSU1Yx1_BKyo3rSfH8TtfXFDOhWwUa9v8XLZcs0cmLd_ro29qFucQt4A9Evc8PrT5RNScnBPkjsmo431rbtDkNSxVj0oEukRcUdCxFBUPhnS0j_8KRAe4KGELVMgc5Z0U0Dug_H_rjUjhVGjLh8JGnjPoRH4QKpVMjrezA2B8-OJ3gjkMXOvp1FrjW561JLBBRuCD2DFaeMZbaScwbxbEsLY0N4Cl24leBiyZnMkSdbJzkiGPGBgHEIFL19hr8PDa14x-x8v-1DSgdw4BlHcPgximyeDrx7op5thbw8gBNVR3BvEdlfisJMIAAMYWc7bIJT4AwKt9_FPBC4mMPQcDiTzH69ALzYSjK6h7ihMTGgc0M3S234F8ntqlPUQBioRFjd8nX-OzfenTUYr-t9XZbO1G6is12HwRJLoFNGKrV1WW4ONqwuzv7STlRrhocM1tz0PlnBZifpCcS_Wj202uojRz2IjNkmy5UfdVfoykEXjN4RG5AQqv6lu7e7yGv0ciYGN&SDcMBmLk=4&mSybfGiT=5085941&jgyspSxn=&ezUdgCit=0,0&oHKyGDuX=&AJkYWoiM=&s=1280,1024,1,1280,1024,0 IP104.153.197.251:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerSectigo Limited Subjectxadsmart.com FingerprintFC:E8:BA:57:31:46:6D:51:70:B5:42:35:6E:CF:97:6F:AF:38:C5:58 ValidityMon, 14 Aug 2023 00:00:00 GMT - Fri, 13 Sep 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashd5f0a25e4d3522d56d48ce7bc3e518fb 86794caff58f7fee6e684c2ba7195f970a8d6f4c 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /kmwnlyofnnnsn?LiEPcCdh=BQLyAAAAAAAACZUAAp6UsWGNZ9BTJsQ3f4wcRWlP5cxCGRM8yodRWzKH6UII04MNmaVoGw6inQNOC0iL3nc09o97Uv05NPYdLirgBqpkvw0mDXBcss3ZZXiPmi6yKdD5sIZfhnnATJB59RhXzqWXUt5QZ52xiVw0Ao6ZboxEohqclrIZH4LEA4-DT42UR_ymMljmNRrj3MHRE5BZpwIBaGk5w3jjfiQJ4KCUgJa7PwTunO5uyyBiuaVrEBGJjGzSUzarhXPuec317hOgFNCoaqbLz358g_NBOmkCkCcFPLzOERXQaxdEj4fnPte0IKIl3CAiku8VaR_XAjn8pL-Yy_ihQxEW7yOcfmEFaFBrG1MsfbNXmeoFC6EK9DwZmJSEV9IwYLFPDxwMIeRntGbGCKw94Lq7HgsTORhQtBHYoh6f4lU6KlGRgK8VzSr5a3XENW4UklQKehp8n5zBoyP7fCUdCQPSKNQJctLXFfvY9WHkzlWF4rd8Zo47tSU1Yx1_BKyo3rSfH8TtfXFDOhWwUa9v8XLZcs0cmLd_ro29qFucQt4A9Evc8PrT5RNScnBPkjsmo431rbtDkNSxVj0oEukRcUdCxFBUPhnS0j_8KRAe4KGELVMgc5Z0U0Dug_H_rjUjhVGjLh8JGnjPoRH4QKpVMjrezA2B8-OJ3gjkMXOvp1FrjW561JLBBRuCD2DFaeMZbaScwbxbEsLY0N4Cl24leBiyZnMkSdbJzkiGPGBgHEIFL19hr8PDa14x-x8v-1DSgdw4BlHcPgximyeDrx7op5thbw8gBNVR3BvEdlfisJMIAAMYWc7bIJT4AwKt9_FPBC4mMPQcDiTzH69ALzYSjK6h7ihMTGgc0M3S234F8ntqlPUQBioRFjd8nX-OzfenTUYr-t9XZbO1G6is12HwRJLoFNGKrV1WW4ONqwuzv7STlRrhocM1tz0PlnBZifpCcS_Wj202uojRz2IjNkmy5UfdVfoykEXjN4RG5AQqv6lu7e7yGv0ciYGN&SDcMBmLk=4&mSybfGiT=5085941&jgyspSxn=&ezUdgCit=0,0&oHKyGDuX=&AJkYWoiM=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: xadsmart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
popads-node: wb9
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Thu, 23 May 2024 22:57:00 GMT
X-Firefox-Spdy: h2
|
|
| 9117453fd2.7272fa42e2.com/in/multy | 167.235.163.216 | 200 OK | 0 B |
URL POST HTTP/29117453fd2.7272fa42e2.com/in/multy IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subject7272fa42e2.com Fingerprint85:2B:24:9B:D8:4E:85:25:4D:97:72:5F:13:A7:8A:7D:2A:41:3A:37 ValiditySun, 19 May 2024 14:02:27 GMT - Sat, 17 Aug 2024 14:02:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /in/multy HTTP/1.1
Host: 9117453fd2.7272fa42e2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:00 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashe1ad5d362e3074c46c2dc3e5323e48ac faf84009947a3fea5b96c12874b72c0b59c1a9c2 907ec7622d34d92d078cdb5ec824c85835934fdd941d3e584703fc89d61e3a3b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: application/json
Content-Length: 531
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hashe73c257771e512ee2c3f3d5e885ffb90 4c2e7035d7d1090c7e6b7e1c9c678532c9cab675 a130829b1bf867128e0f14130992d3e23da81f10001e087ad7dd0a98b4afb5ae
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 23 May 2024 22:57:00 GMT
Last-Modified: Thu, 23 May 2024 22:06:13 GMT
Server: ECAcc (amb/6B09)
X-Cache: Miss from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ePraTWsNLfg3x3Qs_W1rVicg1JDM9p_8p1Z5uF2N-WVKICzw69fi0w==
Age: 3047
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=7443534&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=817643919866081280&ctrl_fetch_dest=iframe_v2_no_model&ctrl_id=664fc9bca97f3084500141&ctrl_ts=1716505020.6943&ctrl_ab=burp | 143.204.55.41 | 302 Found | 0 B |
URL GET HTTP/2track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=7443534&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=817643919866081280&ctrl_fetch_dest=iframe_v2_no_model&ctrl_id=664fc9bca97f3084500141&ctrl_ts=1716505020.6943&ctrl_ab=burp IP143.204.55.41:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerAmazon Subjecttrack.jefytrack.com FingerprintD9:FC:91:D1:FD:F0:F4:2D:48:E9:47:EE:31:A0:1C:23:D3:9A:29:D8 ValiditySun, 21 Apr 2024 00:00:00 GMT - Tue, 20 May 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /145f6684-c379-407a-a2eb-922622a713e1?zoneid=7443534&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=817643919866081280&ctrl_fetch_dest=iframe_v2_no_model&ctrl_id=664fc9bca97f3084500141&ctrl_ts=1716505020.6943&ctrl_ab=burp HTTP/1.1
Host: track.jefytrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-length: 0
location: https://externalde.com/out/xyhkxckud/?ctrl_id=664fc9bca97f3084500141&ctrl_ab=burp&ctrl_ts=1716505020.6943&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wuqidao1vltm5mg13gqk61cc
date: Thu, 23 May 2024 22:57:00 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 145f6684-c379-407a-a2eb-922622a713e1-v4=Ox7JpCC2BX1vdGl3AYfShM6RYc41CRZbpzLNgp6GNyM; Max-Age=86400; Expires=Fri, 24-May-2024 22:57:00 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22wuqidao1vltm5mg13gqk61cc%22%2C%22caid%22%3A%22145f6684-c379-407a-a2eb-922622a713e1%22%7D; Max-Age=31536000; Expires=Fri, 23-May-2025 22:57:00 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
x-cache: Miss from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SqUQA1kQW-aRQ9u6d38oPJ_i9SRvcLyHXJbQPRNxYQDHnRtnDwWdGg==
X-Firefox-Spdy: h2
|
|
| moonoafy.net/3bT/27mJf/defaultSkin.min.js | 139.45.197.250 | 200 OK | 19 kB |
URL GET HTTP/2moonoafy.net/3bT/27mJf/defaultSkin.min.js IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typegzip compressed data, max speed, from Unix Hashdd9f49ca80d19372c905c14be0f2703a d086d7f00b253ece204314de7ab15e65a6e8a3d3 156819fd056bf34c394585e5e1cb3cd493cf1ddfc09906099dfe9a226bc19222
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /3bT/27mJf/defaultSkin.min.js HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: application/javascript
last-modified: Wed, 22 May 2024 13:57:03 GMT
etag: W/"664df9af-df7c"
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| mbdippex.com/in/multy | 94.130.198.6 | 204 No Content | 2.5 kB |
IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd15e8aa318001c8b5fa05258e8762349 e8fc79e3ea92ad0d5d75f2fb8f21327b6e9440c0 30a0bbafcb730d6e4db7ae7da7a4e38ad77e2f30854bbededc14156e33e78cde
POST /in/multy HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2189
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:01 GMT
content-type: application/json
content-length: 2528
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| mbdippex.com/in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1211831614&sid=2671718952&tcid=0&ver=8.162.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=65.61780890758979&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&icons=bR9wbHDlusRa0ssLJ5jTc3lBfii9smyGoTdG9bK8MOSAjiRGf70t3TeXnRkx9F3SknWA1pF21FVwju59z0l2bLjQzOUrtFxCxz8QWYzKhBEU7j6yEhgw7TT5lxC3xQiVw6dKoW9zhuMUeCBP0QD-AT3gZ-KIAHAsJLk7PxCRxNLhKfEJNQ&ext_cid=0&px_id=560190&min_cpm=0.007603759892354236&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1093840267693460922&skin_id=82&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.002047230744423709&cpm=0&verify_hash=fb48ab691a91c39308da63cda8f9e3ae&is_native=4&real_bid=0.00016697600126236518&original_bid_usd=0.000620177&original_bid=0.000620177&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,20,108,0,114&need_redirect_show=0&applied_features=coef_098,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000620177&hostname=auc-inpage-hz-14-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006201769999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&mlc=1&st=0.06&cpa=4022ee63-4650-4473-9dea-a314e9779fcb&prev_step_diff=751 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/2mbdippex.com/in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1211831614&sid=2671718952&tcid=0&ver=8.162.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=65.61780890758979&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&icons=bR9wbHDlusRa0ssLJ5jTc3lBfii9smyGoTdG9bK8MOSAjiRGf70t3TeXnRkx9F3SknWA1pF21FVwju59z0l2bLjQzOUrtFxCxz8QWYzKhBEU7j6yEhgw7TT5lxC3xQiVw6dKoW9zhuMUeCBP0QD-AT3gZ-KIAHAsJLk7PxCRxNLhKfEJNQ&ext_cid=0&px_id=560190&min_cpm=0.007603759892354236&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1093840267693460922&skin_id=82&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.002047230744423709&cpm=0&verify_hash=fb48ab691a91c39308da63cda8f9e3ae&is_native=4&real_bid=0.00016697600126236518&original_bid_usd=0.000620177&original_bid=0.000620177&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,20,108,0,114&need_redirect_show=0&applied_features=coef_098,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000620177&hostname=auc-inpage-hz-14-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006201769999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&mlc=1&st=0.06&cpa=4022ee63-4650-4473-9dea-a314e9779fcb&prev_step_diff=751 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1211831614&sid=2671718952&tcid=0&ver=8.162.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=65.61780890758979&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&icons=bR9wbHDlusRa0ssLJ5jTc3lBfii9smyGoTdG9bK8MOSAjiRGf70t3TeXnRkx9F3SknWA1pF21FVwju59z0l2bLjQzOUrtFxCxz8QWYzKhBEU7j6yEhgw7TT5lxC3xQiVw6dKoW9zhuMUeCBP0QD-AT3gZ-KIAHAsJLk7PxCRxNLhKfEJNQ&ext_cid=0&px_id=560190&min_cpm=0.007603759892354236&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1093840267693460922&skin_id=82&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.002047230744423709&cpm=0&verify_hash=fb48ab691a91c39308da63cda8f9e3ae&is_native=4&real_bid=0.00016697600126236518&original_bid_usd=0.000620177&original_bid=0.000620177&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,20,108,0,114&need_redirect_show=0&applied_features=coef_098,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000620177&hostname=auc-inpage-hz-14-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006201769999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&mlc=1&st=0.06&cpa=4022ee63-4650-4473-9dea-a314e9779fcb&prev_step_diff=751 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mbdippex.com/in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1211831614&sid=2671718952&tcid=0&ver=8.162.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=65.61780890758979&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&icons=d3VKvp8sOA_5U_2IM3FYvfAWLi2RsJ_5zduajdB9XW_Q96Y_MmNL_Vqk1CWJL0XCfCThxZxkrW2MMVovmE7IButwXMRs8WhQD4YG766kQWe94Jqv9I8-0U_bHaUqCViYyMW3u90YHb4TCJ3kRYdyNUs_dbHgxYP5eguf_FQnCtCtuPXjoQ&ext_cid=0&px_id=560190&min_cpm=0.0024147451071198853&out_id=0&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1093840267693460922&skin_id=82&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0006501442040816414&cpm=0&verify_hash=31ba7e2dcd29e410f01182bc546f127e&is_native=4&real_bid=0.00016697600126236518&original_bid_usd=0.000620177&original_bid=0.000620177&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,114,20,27,108&need_redirect_show=0&applied_features=coef_098,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000620177&hostname=auc-inpage-hz-14-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006201769999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&st=0.06&cpa=718356ea-511c-4966-8e90-67ff56013def&prev_step_diff=751 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/2mbdippex.com/in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1211831614&sid=2671718952&tcid=0&ver=8.162.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=65.61780890758979&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&icons=d3VKvp8sOA_5U_2IM3FYvfAWLi2RsJ_5zduajdB9XW_Q96Y_MmNL_Vqk1CWJL0XCfCThxZxkrW2MMVovmE7IButwXMRs8WhQD4YG766kQWe94Jqv9I8-0U_bHaUqCViYyMW3u90YHb4TCJ3kRYdyNUs_dbHgxYP5eguf_FQnCtCtuPXjoQ&ext_cid=0&px_id=560190&min_cpm=0.0024147451071198853&out_id=0&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1093840267693460922&skin_id=82&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0006501442040816414&cpm=0&verify_hash=31ba7e2dcd29e410f01182bc546f127e&is_native=4&real_bid=0.00016697600126236518&original_bid_usd=0.000620177&original_bid=0.000620177&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,114,20,27,108&need_redirect_show=0&applied_features=coef_098,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000620177&hostname=auc-inpage-hz-14-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006201769999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&st=0.06&cpa=718356ea-511c-4966-8e90-67ff56013def&prev_step_diff=751 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1211831614&sid=2671718952&tcid=0&ver=8.162.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=2653789976978307114&score=65.61780890758979&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1886&icons=d3VKvp8sOA_5U_2IM3FYvfAWLi2RsJ_5zduajdB9XW_Q96Y_MmNL_Vqk1CWJL0XCfCThxZxkrW2MMVovmE7IButwXMRs8WhQD4YG766kQWe94Jqv9I8-0U_bHaUqCViYyMW3u90YHb4TCJ3kRYdyNUs_dbHgxYP5eguf_FQnCtCtuPXjoQ&ext_cid=0&px_id=560190&min_cpm=0.0024147451071198853&out_id=0&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1093840267693460922&skin_id=82&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0006501442040816414&cpm=0&verify_hash=31ba7e2dcd29e410f01182bc546f127e&is_native=4&real_bid=0.00016697600126236518&original_bid_usd=0.000620177&original_bid=0.000620177&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,114,20,27,108&need_redirect_show=0&applied_features=coef_098,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000620177&hostname=auc-inpage-hz-14-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006201769999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&st=0.06&cpa=718356ea-511c-4966-8e90-67ff56013def&prev_step_diff=751 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| c.adsco.re/ | 104.17.166.186 | | 30 kB |
IP104.17.166.186:0
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73 ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash2a9d9788b212dd4b34e4ad38484e1dd2 6f97718f8ec22b039a61189ef65678bedaab226a 7851718debee7d822d211062636fcc0c6f86ea789e467c3579e4068050d65c1f
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.adsco.re/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 23 May 2024 22:57:00 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Sun, 23 Jun 2024 22:57:00 GMT
etag: W/"DWg73zXYn5haECmronil2Q=="
content-encoding: gzip
cf-cache-status: HIT
age: 2477
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a47859c21bfa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.25 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:01 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Fri, 23 May 2025 22:57:01 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.25 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:01 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Fri, 23 May 2025 22:57:01 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&st=0.06&cpa=48e622b8-e55d-4904-9b4d-35c8b60aec34&prev_step_diff=751 | 45.133.44.25 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&st=0.06&cpa=48e622b8-e55d-4904-9b4d-35c8b60aec34&prev_step_diff=751 IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&st=0.06&cpa=48e622b8-e55d-4904-9b4d-35c8b60aec34&prev_step_diff=751 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:01 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Fri, 23 May 2025 22:57:01 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9117453fd2.7272fa42e2.com/in/multy | 167.235.163.216 | 200 OK | 9.1 kB |
URL POST HTTP/29117453fd2.7272fa42e2.com/in/multy IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subject7272fa42e2.com Fingerprint85:2B:24:9B:D8:4E:85:25:4D:97:72:5F:13:A7:8A:7D:2A:41:3A:37 ValiditySun, 19 May 2024 14:02:27 GMT - Sat, 17 Aug 2024 14:02:26 GMT
Hasheee3c545a5df879a933d7b8160d70a19 b4555bf67dbce2b3ffa8983527c5cbc556675833 bf183a04e5ed48b266d2e01307bb3f9f0d4f6ccbd739ef8385c2189f0d7f7c3c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /in/multy HTTP/1.1
Host: 9117453fd2.7272fa42e2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2188
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:01 GMT
content-type: application/json
content-length: 9131
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| blekdhvra3su.s4.adsco.re/ | 185.200.116.51 | 200 OK | 0 B |
URL POST HTTP/2blekdhvra3su.s4.adsco.re/ IP185.200.116.51:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subject*.s4.adsco.re FingerprintA3:35:E6:78:D3:CB:C1:40:D0:51:17:BB:29:D6:1E:83:B6:22:EC:D3 ValiditySun, 19 May 2024 09:12:45 GMT - Sat, 17 Aug 2024 09:12:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: blekdhvra3su.s4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:01 GMT
content-type: text/html
content-length: 0
last-modified: Tue, 03 Oct 2023 13:29:59 GMT
etag: "651c1757-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.07&cpa=887c6c99-a776-4dc9-bee0-d11cda41d7cc&prev_step_diff=910 | 45.133.44.25 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.07&cpa=887c6c99-a776-4dc9-bee0-d11cda41d7cc&prev_step_diff=910 IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.07&cpa=887c6c99-a776-4dc9-bee0-d11cda41d7cc&prev_step_diff=910 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:01 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Fri, 23 May 2025 22:57:01 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.25 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:01 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Fri, 23 May 2025 22:57:01 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9117453fd2.7272fa42e2.com/in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1635306071&sid=3639579455&tcid=0&ver=8.162.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=13355722562280583589&score=58.615133351335835&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2F25608.2483may2024.com%2FhyVCCoEzPg7nZtczvQOYbhxKk9RQ5tiAZvtUX8ieEJ8SPJyUyTnZ5qBw5bRMsj6XUaadDeA%3F_%3Dc3b4e406-1957-11ef-864c-d18a0e318d21%26d%3DBQ5qQHPeG5fukTlhOoM4KYdIuPAtTkU9wluVuzux9_YfZjLxWi2uzTlUyR0WD5n6kPSP8Ar0rOVNrxYZicZYF9h-TYCYc_yVYXjBHeksNYQaMDoUYgD2F0geQjgo0QC36v9iIXcR4H9vzoM8PthBb6iVSjHOu6yDocmGumJCkz8kE7ENzpRsqRBIJXVX7ZflxcqRtfnd-BUqQw0ku-QbKeTvUoIDs5wVsa_JFdZ1Hl2oIoYWB8Gsfs4pfvDeNyMDOjJBcnB5Y2GwXCNi5gaB-4oD66N_xXDysTQVoFu3P8-nWhxK6gjqZQg4RBNuFMb01qYI0S51LkjuFv69z-gcswbga_3B0X4WsEFe-Ylv8eZcnP3CcRhujNKuscjMnh-nLmw5Z7xnr_yleD8wq1etAVcNeh0phcKDXaywNOYGsCIqmlbKqXuqEssv1AJAXpEZMcCEUC5zrAig3-B5v4Ie-Uw9MQuUItfV0r9bGKlmkci5vYqg3nR2nBk4eod4oWe5NUBJ5B6-vVl4ca95v_M_Ppn2NoDgMa4ct0i7maUJ_-ebFpmQKMXaCKqgU5OreDBwr8Dq3wT0xATFMouDb0caJ2w6eMZ9Mj1nRBQ7KfRUpxqCI3g1wHFHzp8RZb8vUErGp4y8fP96hE4Z7wzGA8q4nChf_WMRvR65COLSscq1sRYddIs2PYEIlnvSbn-jp3ZqVlIbF2zOWWVtLCXO0_URCY3Z1l7ni3CTmFGKBdA_rJjyuMXTZQNZbjB84KXVGoIlqXYsTjA7zZ9VgWuX9egaPV7JR6j88NYmcX5XvLhpxt7Au_2X08PYcs08_jqn2HtE3rvUQhcSQMAMhOe8Jxq0uyN15oi8fBcyPJSUMOm4DDpbKd97Joj5-DUfm1nWLR-djyS22R-JkY21S9jvSSB5a04SCr2f_ibI05xB8PpldkJnEpmPOogAolQeLySzRle3qJgbmBheJ-QGb8OIIyY1RnUzNSnkJeINQZjD1ticT0MjKeRSKb0frbdQfIKWoLpJ1UQbRZgPhf8UaaNZKmlvhsIIuVQZ4Pr0Tidvo_S8xYqhpMakLy9gz_W3bfT-7lZCsObJET26skRjWAt5Gxdr3wKt0by4bgVJWj22aRAc3dWgMQDeNvn7QPq5cL-VNDocSmF1d2rcSMpPW9YjFHC89eIWJGzxkmrWqEvgH93CSWx5h408BJp9FZB_yZAZ4J4sGqF4RH_w7Y8VB0plpdCPA8D6vx6ow20H1Mo_EBclyW1NgRvYxueE-gBS-I6Fg6tlFsM7tVFsVucsR8KH8V8dS-PnrgWfaBO0s-P4rXpdcEQhbDs_gOsyU6IsYgjArRSry0sNE8o_ZlglBARYo_7-5PP5JIH-8ohIu_2X300dd6abRG3ZG9QdXsyweHIeYTfPnjsOj_mOmP4OfiBGOzk5veUL6-vOz5N8tbAtwqoa02MdUFL1O6dipjScxYW0_0cN4mzZLJ4iv0r0GjrFwt8kUiz2ARyeU4c5EKE6LZ5lC8TA68Il7GjWQd3tGlAVMcwoz22-r-DPnul2l-gnaGbn6dlp6_M7A019WL-r3mcaUaR1r4H0z2aJVu0b&icons=Ebfounnd8-qq3Ac7rSgrIqBQxokX3S2Z5KcEyidTtzf1cB7jB7OocopsTA6JurUzGwAGfx-44SfFdaVwKnPHN2fg01tyLIvB5zULH53-0WN7lVMpLhxMPqGHdHNBN0TisWd2pgIUSuSA9SAlUZjaWWfE_XyD1V9M55Uj015OMzdc6k-8rA&ext_cid=0&px_id=121755214&min_cpm=0.0005678832365128371&out_id=1&campaign_type=lq-pop&aid=3301&cid=12270&uniq=&mid=8729532530169158489&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.8378740789772436e-05&cpm=0&verify_hash=972aa2c3af7592e1f67c5daea406cbeb&is_native=2&real_bid=2.6631999015807996e-06&original_bid_usd=0.000004&original_bid=4e-06&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,83,89,20,27,108&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1716591420&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-mainstream&price=0.000004&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000000039999999999999994&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.07&cpa=22a805cf-ad54-47f5-aa9d-d8561176172b&prev_step_diff=910 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/29117453fd2.7272fa42e2.com/in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1635306071&sid=3639579455&tcid=0&ver=8.162.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=13355722562280583589&score=58.615133351335835&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2F25608.2483may2024.com%2FhyVCCoEzPg7nZtczvQOYbhxKk9RQ5tiAZvtUX8ieEJ8SPJyUyTnZ5qBw5bRMsj6XUaadDeA%3F_%3Dc3b4e406-1957-11ef-864c-d18a0e318d21%26d%3DBQ5qQHPeG5fukTlhOoM4KYdIuPAtTkU9wluVuzux9_YfZjLxWi2uzTlUyR0WD5n6kPSP8Ar0rOVNrxYZicZYF9h-TYCYc_yVYXjBHeksNYQaMDoUYgD2F0geQjgo0QC36v9iIXcR4H9vzoM8PthBb6iVSjHOu6yDocmGumJCkz8kE7ENzpRsqRBIJXVX7ZflxcqRtfnd-BUqQw0ku-QbKeTvUoIDs5wVsa_JFdZ1Hl2oIoYWB8Gsfs4pfvDeNyMDOjJBcnB5Y2GwXCNi5gaB-4oD66N_xXDysTQVoFu3P8-nWhxK6gjqZQg4RBNuFMb01qYI0S51LkjuFv69z-gcswbga_3B0X4WsEFe-Ylv8eZcnP3CcRhujNKuscjMnh-nLmw5Z7xnr_yleD8wq1etAVcNeh0phcKDXaywNOYGsCIqmlbKqXuqEssv1AJAXpEZMcCEUC5zrAig3-B5v4Ie-Uw9MQuUItfV0r9bGKlmkci5vYqg3nR2nBk4eod4oWe5NUBJ5B6-vVl4ca95v_M_Ppn2NoDgMa4ct0i7maUJ_-ebFpmQKMXaCKqgU5OreDBwr8Dq3wT0xATFMouDb0caJ2w6eMZ9Mj1nRBQ7KfRUpxqCI3g1wHFHzp8RZb8vUErGp4y8fP96hE4Z7wzGA8q4nChf_WMRvR65COLSscq1sRYddIs2PYEIlnvSbn-jp3ZqVlIbF2zOWWVtLCXO0_URCY3Z1l7ni3CTmFGKBdA_rJjyuMXTZQNZbjB84KXVGoIlqXYsTjA7zZ9VgWuX9egaPV7JR6j88NYmcX5XvLhpxt7Au_2X08PYcs08_jqn2HtE3rvUQhcSQMAMhOe8Jxq0uyN15oi8fBcyPJSUMOm4DDpbKd97Joj5-DUfm1nWLR-djyS22R-JkY21S9jvSSB5a04SCr2f_ibI05xB8PpldkJnEpmPOogAolQeLySzRle3qJgbmBheJ-QGb8OIIyY1RnUzNSnkJeINQZjD1ticT0MjKeRSKb0frbdQfIKWoLpJ1UQbRZgPhf8UaaNZKmlvhsIIuVQZ4Pr0Tidvo_S8xYqhpMakLy9gz_W3bfT-7lZCsObJET26skRjWAt5Gxdr3wKt0by4bgVJWj22aRAc3dWgMQDeNvn7QPq5cL-VNDocSmF1d2rcSMpPW9YjFHC89eIWJGzxkmrWqEvgH93CSWx5h408BJp9FZB_yZAZ4J4sGqF4RH_w7Y8VB0plpdCPA8D6vx6ow20H1Mo_EBclyW1NgRvYxueE-gBS-I6Fg6tlFsM7tVFsVucsR8KH8V8dS-PnrgWfaBO0s-P4rXpdcEQhbDs_gOsyU6IsYgjArRSry0sNE8o_ZlglBARYo_7-5PP5JIH-8ohIu_2X300dd6abRG3ZG9QdXsyweHIeYTfPnjsOj_mOmP4OfiBGOzk5veUL6-vOz5N8tbAtwqoa02MdUFL1O6dipjScxYW0_0cN4mzZLJ4iv0r0GjrFwt8kUiz2ARyeU4c5EKE6LZ5lC8TA68Il7GjWQd3tGlAVMcwoz22-r-DPnul2l-gnaGbn6dlp6_M7A019WL-r3mcaUaR1r4H0z2aJVu0b&icons=Ebfounnd8-qq3Ac7rSgrIqBQxokX3S2Z5KcEyidTtzf1cB7jB7OocopsTA6JurUzGwAGfx-44SfFdaVwKnPHN2fg01tyLIvB5zULH53-0WN7lVMpLhxMPqGHdHNBN0TisWd2pgIUSuSA9SAlUZjaWWfE_XyD1V9M55Uj015OMzdc6k-8rA&ext_cid=0&px_id=121755214&min_cpm=0.0005678832365128371&out_id=1&campaign_type=lq-pop&aid=3301&cid=12270&uniq=&mid=8729532530169158489&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.8378740789772436e-05&cpm=0&verify_hash=972aa2c3af7592e1f67c5daea406cbeb&is_native=2&real_bid=2.6631999015807996e-06&original_bid_usd=0.000004&original_bid=4e-06&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,83,89,20,27,108&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1716591420&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-mainstream&price=0.000004&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000000039999999999999994&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.07&cpa=22a805cf-ad54-47f5-aa9d-d8561176172b&prev_step_diff=910 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subject7272fa42e2.com Fingerprint85:2B:24:9B:D8:4E:85:25:4D:97:72:5F:13:A7:8A:7D:2A:41:3A:37 ValiditySun, 19 May 2024 14:02:27 GMT - Sat, 17 Aug 2024 14:02:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1635306071&sid=3639579455&tcid=0&ver=8.162.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=13355722562280583589&score=58.615133351335835&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2F25608.2483may2024.com%2FhyVCCoEzPg7nZtczvQOYbhxKk9RQ5tiAZvtUX8ieEJ8SPJyUyTnZ5qBw5bRMsj6XUaadDeA%3F_%3Dc3b4e406-1957-11ef-864c-d18a0e318d21%26d%3DBQ5qQHPeG5fukTlhOoM4KYdIuPAtTkU9wluVuzux9_YfZjLxWi2uzTlUyR0WD5n6kPSP8Ar0rOVNrxYZicZYF9h-TYCYc_yVYXjBHeksNYQaMDoUYgD2F0geQjgo0QC36v9iIXcR4H9vzoM8PthBb6iVSjHOu6yDocmGumJCkz8kE7ENzpRsqRBIJXVX7ZflxcqRtfnd-BUqQw0ku-QbKeTvUoIDs5wVsa_JFdZ1Hl2oIoYWB8Gsfs4pfvDeNyMDOjJBcnB5Y2GwXCNi5gaB-4oD66N_xXDysTQVoFu3P8-nWhxK6gjqZQg4RBNuFMb01qYI0S51LkjuFv69z-gcswbga_3B0X4WsEFe-Ylv8eZcnP3CcRhujNKuscjMnh-nLmw5Z7xnr_yleD8wq1etAVcNeh0phcKDXaywNOYGsCIqmlbKqXuqEssv1AJAXpEZMcCEUC5zrAig3-B5v4Ie-Uw9MQuUItfV0r9bGKlmkci5vYqg3nR2nBk4eod4oWe5NUBJ5B6-vVl4ca95v_M_Ppn2NoDgMa4ct0i7maUJ_-ebFpmQKMXaCKqgU5OreDBwr8Dq3wT0xATFMouDb0caJ2w6eMZ9Mj1nRBQ7KfRUpxqCI3g1wHFHzp8RZb8vUErGp4y8fP96hE4Z7wzGA8q4nChf_WMRvR65COLSscq1sRYddIs2PYEIlnvSbn-jp3ZqVlIbF2zOWWVtLCXO0_URCY3Z1l7ni3CTmFGKBdA_rJjyuMXTZQNZbjB84KXVGoIlqXYsTjA7zZ9VgWuX9egaPV7JR6j88NYmcX5XvLhpxt7Au_2X08PYcs08_jqn2HtE3rvUQhcSQMAMhOe8Jxq0uyN15oi8fBcyPJSUMOm4DDpbKd97Joj5-DUfm1nWLR-djyS22R-JkY21S9jvSSB5a04SCr2f_ibI05xB8PpldkJnEpmPOogAolQeLySzRle3qJgbmBheJ-QGb8OIIyY1RnUzNSnkJeINQZjD1ticT0MjKeRSKb0frbdQfIKWoLpJ1UQbRZgPhf8UaaNZKmlvhsIIuVQZ4Pr0Tidvo_S8xYqhpMakLy9gz_W3bfT-7lZCsObJET26skRjWAt5Gxdr3wKt0by4bgVJWj22aRAc3dWgMQDeNvn7QPq5cL-VNDocSmF1d2rcSMpPW9YjFHC89eIWJGzxkmrWqEvgH93CSWx5h408BJp9FZB_yZAZ4J4sGqF4RH_w7Y8VB0plpdCPA8D6vx6ow20H1Mo_EBclyW1NgRvYxueE-gBS-I6Fg6tlFsM7tVFsVucsR8KH8V8dS-PnrgWfaBO0s-P4rXpdcEQhbDs_gOsyU6IsYgjArRSry0sNE8o_ZlglBARYo_7-5PP5JIH-8ohIu_2X300dd6abRG3ZG9QdXsyweHIeYTfPnjsOj_mOmP4OfiBGOzk5veUL6-vOz5N8tbAtwqoa02MdUFL1O6dipjScxYW0_0cN4mzZLJ4iv0r0GjrFwt8kUiz2ARyeU4c5EKE6LZ5lC8TA68Il7GjWQd3tGlAVMcwoz22-r-DPnul2l-gnaGbn6dlp6_M7A019WL-r3mcaUaR1r4H0z2aJVu0b&icons=Ebfounnd8-qq3Ac7rSgrIqBQxokX3S2Z5KcEyidTtzf1cB7jB7OocopsTA6JurUzGwAGfx-44SfFdaVwKnPHN2fg01tyLIvB5zULH53-0WN7lVMpLhxMPqGHdHNBN0TisWd2pgIUSuSA9SAlUZjaWWfE_XyD1V9M55Uj015OMzdc6k-8rA&ext_cid=0&px_id=121755214&min_cpm=0.0005678832365128371&out_id=1&campaign_type=lq-pop&aid=3301&cid=12270&uniq=&mid=8729532530169158489&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.8378740789772436e-05&cpm=0&verify_hash=972aa2c3af7592e1f67c5daea406cbeb&is_native=2&real_bid=2.6631999015807996e-06&original_bid_usd=0.000004&original_bid=4e-06&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,83,89,20,27,108&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1716591420&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-mainstream&price=0.000004&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000000039999999999999994&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.07&cpa=22a805cf-ad54-47f5-aa9d-d8561176172b&prev_step_diff=910 HTTP/1.1
Host: 9117453fd2.7272fa42e2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 9117453fd2.7272fa42e2.com/in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1635306071&sid=3639579455&tcid=0&ver=8.162.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=13355722562280583589&score=58.615133351335835&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DmDD5gmWI7OHVmBo2nm00IiyRYJ032CUQGVPt0plQLUMlAaPPcyzK7BnpfDRVPUk05mur_HjEYKmR2hGsHFTO-FVIvSgBZL61inAKCm3QD4W4noMHW9pYAJsiXuUUMcEEuJRtDH_Mi4jaKQCz3YHkU4yVcrMESAgCuVCk3x5DoKdcrgQZeQYzRXyfuc64lYW5sNWFimPtDxsVDNSaFtJ4cEg89sM4egFadPubhuB-y3OOCzCzmchb7IYOv2CENHal7CqBdLRjDJsyLiFhwNlHCx2d9qbC9aoiBLqjj-ekVRjThC4gr4cTIbzcSlCDpE5tBhx2FPVYBs6zpNsOXeuZgTFgdYlXkpw2snw83Ys3Bx4YBKYEfWa9MvzYpxuol9e0YOgUsXoNal0QJL2g6RoeARy5jVxQe2_FmzPfKxjUnbp4oOgYaE17xyFwR4Np3GZj2utHmziJ5NMFhK2HC4pCrxHZ9b9B4-9Q3-Fczv-sTnoa54ZSN7fcJ6q4PG4IA0s-XW5Z4xx5rm7-uI1q52nmysdCtul4wRwYcjzXt-1irdpCeh2dNmAGp0Y1LmXeIPKVkya-x04%3D&icons=fhP0kcW6scEDDkWyRqv3gbBhFNP5kERhVhqnUBvuL3-efhXqa3c4U9me2Fskl1x5Ii9Cw0MRiiLhHxvzYwqgrpiqGyHPFFMN6MMzTpGwUHB-ejzfx3e4KrlFGBBycnoHNzyOHMa4o7c7PGUhEbb9sFzNlRXYBuTW802qEv2lzMu8bBHSoj5l-0yLKqegGVievM1JLdMc7Ec1jkhOAskjevyfzFsop5rUA6gmcHYmVoZS6PtnIjUqA_kT360SpFrYNgzyZ6zUs373NaWS4peHZft9dXRi5onINlbMzTmYi2B4OJhWCapJrvOTyCfQOw9NsiYnCL-xeWE51_h4VoAqkiMAJUhTUqTNQ24n_A-aAD1UJLTaqsRrE4gm7W9CmyKT136NC6WXgGcZ5z3CFa7j3kY6yMkJrbQjFAFiRXfHdld45sMlpPaY79m7fD2ssGeouTIi5-5mxTyuEZ8xx4dN0tNmvSbp1AxPHGkZYDnLBBmhU8lMi5TQ3w2kjisM1pFo6RyozkCp7HCJgqPPyRE99ETKtpriIKZjOo0Zwp-U99EcFfRP98kHk325t1KTsyvdN25y2kKbHTY2kzgwMcG37eBGDTQDOBnNe-6n88DHVRXlJjFnGsyN6BET12E43WcB0Y_jkI9SnOFQa1YsG4-83PSQsV8jzlQssVxBH-qWg7NKiHCdE3X9WzCYILDATMSRfGs&ext_cid=107563&px_id=73594068&min_cpm=0.00010329917378007029&out_id=0&campaign_type=hq&aid=291&cid=15241&uniq=&mid=8729532530169158489&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.003933973614482358&cpm=0&verify_hash=3a9694f74524402a5def6505dd2f3870&is_native=1&real_bid=0.0031338749080896374&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,83,11,93&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1716562620&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-mainstream&price=0.00375&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000375&ext_campaign_id_str=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.07&cpa=5739debc-b5ea-4069-8ede-65619d17d383&prev_step_diff=910 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/29117453fd2.7272fa42e2.com/in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1635306071&sid=3639579455&tcid=0&ver=8.162.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=13355722562280583589&score=58.615133351335835&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DmDD5gmWI7OHVmBo2nm00IiyRYJ032CUQGVPt0plQLUMlAaPPcyzK7BnpfDRVPUk05mur_HjEYKmR2hGsHFTO-FVIvSgBZL61inAKCm3QD4W4noMHW9pYAJsiXuUUMcEEuJRtDH_Mi4jaKQCz3YHkU4yVcrMESAgCuVCk3x5DoKdcrgQZeQYzRXyfuc64lYW5sNWFimPtDxsVDNSaFtJ4cEg89sM4egFadPubhuB-y3OOCzCzmchb7IYOv2CENHal7CqBdLRjDJsyLiFhwNlHCx2d9qbC9aoiBLqjj-ekVRjThC4gr4cTIbzcSlCDpE5tBhx2FPVYBs6zpNsOXeuZgTFgdYlXkpw2snw83Ys3Bx4YBKYEfWa9MvzYpxuol9e0YOgUsXoNal0QJL2g6RoeARy5jVxQe2_FmzPfKxjUnbp4oOgYaE17xyFwR4Np3GZj2utHmziJ5NMFhK2HC4pCrxHZ9b9B4-9Q3-Fczv-sTnoa54ZSN7fcJ6q4PG4IA0s-XW5Z4xx5rm7-uI1q52nmysdCtul4wRwYcjzXt-1irdpCeh2dNmAGp0Y1LmXeIPKVkya-x04%3D&icons=fhP0kcW6scEDDkWyRqv3gbBhFNP5kERhVhqnUBvuL3-efhXqa3c4U9me2Fskl1x5Ii9Cw0MRiiLhHxvzYwqgrpiqGyHPFFMN6MMzTpGwUHB-ejzfx3e4KrlFGBBycnoHNzyOHMa4o7c7PGUhEbb9sFzNlRXYBuTW802qEv2lzMu8bBHSoj5l-0yLKqegGVievM1JLdMc7Ec1jkhOAskjevyfzFsop5rUA6gmcHYmVoZS6PtnIjUqA_kT360SpFrYNgzyZ6zUs373NaWS4peHZft9dXRi5onINlbMzTmYi2B4OJhWCapJrvOTyCfQOw9NsiYnCL-xeWE51_h4VoAqkiMAJUhTUqTNQ24n_A-aAD1UJLTaqsRrE4gm7W9CmyKT136NC6WXgGcZ5z3CFa7j3kY6yMkJrbQjFAFiRXfHdld45sMlpPaY79m7fD2ssGeouTIi5-5mxTyuEZ8xx4dN0tNmvSbp1AxPHGkZYDnLBBmhU8lMi5TQ3w2kjisM1pFo6RyozkCp7HCJgqPPyRE99ETKtpriIKZjOo0Zwp-U99EcFfRP98kHk325t1KTsyvdN25y2kKbHTY2kzgwMcG37eBGDTQDOBnNe-6n88DHVRXlJjFnGsyN6BET12E43WcB0Y_jkI9SnOFQa1YsG4-83PSQsV8jzlQssVxBH-qWg7NKiHCdE3X9WzCYILDATMSRfGs&ext_cid=107563&px_id=73594068&min_cpm=0.00010329917378007029&out_id=0&campaign_type=hq&aid=291&cid=15241&uniq=&mid=8729532530169158489&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.003933973614482358&cpm=0&verify_hash=3a9694f74524402a5def6505dd2f3870&is_native=1&real_bid=0.0031338749080896374&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,83,11,93&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1716562620&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-mainstream&price=0.00375&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000375&ext_campaign_id_str=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.07&cpa=5739debc-b5ea-4069-8ede-65619d17d383&prev_step_diff=910 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subject7272fa42e2.com Fingerprint85:2B:24:9B:D8:4E:85:25:4D:97:72:5F:13:A7:8A:7D:2A:41:3A:37 ValiditySun, 19 May 2024 14:02:27 GMT - Sat, 17 Aug 2024 14:02:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /in/show/?tag_ab=c&site_id=31594068&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&refdom=www.amdahost.com&auction_time=1716505020&subid=1635306071&sid=3639579455&tcid=0&ver=8.162.0&ver_c=&spot_id=594068&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-23&iabcat=IAB25-3&keywords=adult&user_fp=13355722562280583589&score=58.615133351335835&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1635306071%26spot_id%3D594068%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De6ab017f08%26idzone%3D0%26sid%3D1885&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DmDD5gmWI7OHVmBo2nm00IiyRYJ032CUQGVPt0plQLUMlAaPPcyzK7BnpfDRVPUk05mur_HjEYKmR2hGsHFTO-FVIvSgBZL61inAKCm3QD4W4noMHW9pYAJsiXuUUMcEEuJRtDH_Mi4jaKQCz3YHkU4yVcrMESAgCuVCk3x5DoKdcrgQZeQYzRXyfuc64lYW5sNWFimPtDxsVDNSaFtJ4cEg89sM4egFadPubhuB-y3OOCzCzmchb7IYOv2CENHal7CqBdLRjDJsyLiFhwNlHCx2d9qbC9aoiBLqjj-ekVRjThC4gr4cTIbzcSlCDpE5tBhx2FPVYBs6zpNsOXeuZgTFgdYlXkpw2snw83Ys3Bx4YBKYEfWa9MvzYpxuol9e0YOgUsXoNal0QJL2g6RoeARy5jVxQe2_FmzPfKxjUnbp4oOgYaE17xyFwR4Np3GZj2utHmziJ5NMFhK2HC4pCrxHZ9b9B4-9Q3-Fczv-sTnoa54ZSN7fcJ6q4PG4IA0s-XW5Z4xx5rm7-uI1q52nmysdCtul4wRwYcjzXt-1irdpCeh2dNmAGp0Y1LmXeIPKVkya-x04%3D&icons=fhP0kcW6scEDDkWyRqv3gbBhFNP5kERhVhqnUBvuL3-efhXqa3c4U9me2Fskl1x5Ii9Cw0MRiiLhHxvzYwqgrpiqGyHPFFMN6MMzTpGwUHB-ejzfx3e4KrlFGBBycnoHNzyOHMa4o7c7PGUhEbb9sFzNlRXYBuTW802qEv2lzMu8bBHSoj5l-0yLKqegGVievM1JLdMc7Ec1jkhOAskjevyfzFsop5rUA6gmcHYmVoZS6PtnIjUqA_kT360SpFrYNgzyZ6zUs373NaWS4peHZft9dXRi5onINlbMzTmYi2B4OJhWCapJrvOTyCfQOw9NsiYnCL-xeWE51_h4VoAqkiMAJUhTUqTNQ24n_A-aAD1UJLTaqsRrE4gm7W9CmyKT136NC6WXgGcZ5z3CFa7j3kY6yMkJrbQjFAFiRXfHdld45sMlpPaY79m7fD2ssGeouTIi5-5mxTyuEZ8xx4dN0tNmvSbp1AxPHGkZYDnLBBmhU8lMi5TQ3w2kjisM1pFo6RyozkCp7HCJgqPPyRE99ETKtpriIKZjOo0Zwp-U99EcFfRP98kHk325t1KTsyvdN25y2kKbHTY2kzgwMcG37eBGDTQDOBnNe-6n88DHVRXlJjFnGsyN6BET12E43WcB0Y_jkI9SnOFQa1YsG4-83PSQsV8jzlQssVxBH-qWg7NKiHCdE3X9WzCYILDATMSRfGs&ext_cid=107563&px_id=73594068&min_cpm=0.00010329917378007029&out_id=0&campaign_type=hq&aid=291&cid=15241&uniq=&mid=8729532530169158489&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.003933973614482358&cpm=0&verify_hash=3a9694f74524402a5def6505dd2f3870&is_native=1&real_bid=0.0031338749080896374&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,83,11,93&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1716562620&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-mainstream&price=0.00375&hostname=auc-inpage-hz-12-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000375&ext_campaign_id_str=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.07&cpa=5739debc-b5ea-4069-8ede-65619d17d383&prev_step_diff=910 HTTP/1.1
Host: 9117453fd2.7272fa42e2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hash24bfb483f4a564eae7cd41d8c0abfb13 e9b85e69fd4515a05b64b166f78fad54e44b38f4 29abb0d002e9a79793cee25d9f1776c9cc893c4ca075c50756d6b24e1afe59fe
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 May 2024 22:57:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 64.233.165.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP64.233.165.84:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services Subjectaccounts.google.com FingerprintAE:DC:B1:05:0D:F9:B8:76:4B:01:23:CC:23:87:C4:9E:52:BA:56:94 ValidityMon, 06 May 2024 14:45:05 GMT - Mon, 29 Jul 2024 14:45:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:F5feW2j-51cJSUHdpkWg7S-0JKNeRg:tM1EJyuJQ4qceWkc; Expires=Sat, 23-May-2026 22:57:01 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 May 2024 22:57:01 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz1NbIxXZxzNB7dsbl65TgEhD-Zpx7rYzOHCxoZ54iBJdeYGT-ATeP1ehez-VY-AOA58p-9NQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-8uD84JwFAqq1U2KmO0l1tg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| externalde.com/out/xyhkxckud/?ctrl_id=664fc9bca97f3084500141&ctrl_ab=burp&ctrl_ts=1716505020.6943&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wuqidao1vltm5mg13gqk61cc | 172.67.188.225 | 302 Found | 421 B |
URL GET HTTP/2externalde.com/out/xyhkxckud/?ctrl_id=664fc9bca97f3084500141&ctrl_ab=burp&ctrl_ts=1716505020.6943&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wuqidao1vltm5mg13gqk61cc IP172.67.188.225:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectexternalde.com Fingerprint0D:2A:5D:DC:29:15:BD:05:1C:8E:F1:C5:82:D4:C0:5C:D6:A5:AB:58 ValiditySat, 27 Apr 2024 14:00:09 GMT - Fri, 26 Jul 2024 14:00:08 GMT
File typegzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT) Hashb7f04b439aec8bacf9bf5cf7adff9f93 629ea23af8fac40478a9754199b13358a675bf49 0f46aaca39f33ac7dc0a4ed8a85542d238bcf1f483fc7a0fa45a19155e197302
GET /out/xyhkxckud/?ctrl_id=664fc9bca97f3084500141&ctrl_ab=burp&ctrl_ts=1716505020.6943&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wuqidao1vltm5mg13gqk61cc HTTP/1.1
Host: externalde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 23 May 2024 22:57:01 GMT
content-type: text/html; charset=UTF-8
location: https://lkbx.me/4KqY7?uid=wuqidao1vltm5mg13gqk61cc
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oCKI5nv98fgIVRjP5U%2FZElDvf9aQCwBx0tz7Qxb9eYVmOdYZchFZtOhHAJPBspyg0TDWtM9S6GsEbDJhJOHLQ1%2B%2Ba7vmyUAxL%2FvZ07MLImRqtoB7waczOE1gTqTyWuuX5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a47d4b0356ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hash1fba3d1ac214ac86c686ca991f70993e 63a368de3d27587b93c91506ad8d5613376e1b6c b412fe6863942af0895d59cd1204ce5422e7cb819959e8563985532b7f3ae0b8
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 May 2024 22:57:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxkCAZyH2Qw_g7sl_ll8Rj6ha8s9kBfbRTgy5A2MWGH140ci1YYGCt-H03qCcLK_1BOkFGOZA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-720764645%3A1716505021508434&ddm=0 | 64.233.165.84 | | 1.3 kB |
URL accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxkCAZyH2Qw_g7sl_ll8Rj6ha8s9kBfbRTgy5A2MWGH140ci1YYGCt-H03qCcLK_1BOkFGOZA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-720764645%3A1716505021508434&ddm=0 IP64.233.165.84:0
CertificateIssuerGoogle Trust Services Subjectaccounts.google.com FingerprintAE:DC:B1:05:0D:F9:B8:76:4B:01:23:CC:23:87:C4:9E:52:BA:56:94 ValidityMon, 06 May 2024 14:45:05 GMT - Mon, 29 Jul 2024 14:45:04 GMT
File typegzip compressed data, max compression Hash4c583df401821d3d3ff3e9708a43580f bfd1a4087ace66ce251dabfb818246761d1c498d 2b2280506cfb2803400259f937280ffa0c78d09d4d323132e991a9e18e4b22ea
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxkCAZyH2Qw_g7sl_ll8Rj6ha8s9kBfbRTgy5A2MWGH140ci1YYGCt-H03qCcLK_1BOkFGOZA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-720764645%3A1716505021508434&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 May 2024 22:57:01 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-y0yUk5FuRPCHO7bV5uIbjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| imgsdn.com/ie?v=4&c=sB9_uWy5j12wi_oxXDgEOkslSIaOPhslcEN8XKkqa_flGX680wYVOseehdx8foTcquT4-ESjLiB7Y77ZjPDWQoigxY_qMjxwC2inEE86BUtVqzxReXcnJ_F6Qkn0MRxL3raWJSAPqdZdmgvyj21ShrbCUxdpuJi8Sjlafmrp1AAdpEGNgzfovFoM9BgBhLvlhgj5H3PfYa22hSLgc8rzVN46PDrOnK-WhftE_Rw1J9XqRq2-FzW0w0QgMOWFNjCm2AZ895JuCtBAhkCxfIxQPXBTEcBOtz-m_xh_bdUu7Ghun8ATElrseOHghsukP2BzTdNvvIooWNwO1LXK_nlW1SY-md9vp-oLYAMgYn_c-3dtm8-lmVbSUtltH_sRVg2a1sIGzyBiVokU3obxRrTgE6u6jGfyvtUTvtZq-jL3vz_S4fyDkVY4FHg9XnV_&v1=5057&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.07&cpa=6a94ca3d-242b-4541-bdb0-8f716c2db4c5&prev_step_diff=910 | 162.55.246.161 | 301 Moved Permanently | 0 B |
URL GET HTTP/1.1imgsdn.com/ie?v=4&c=sB9_uWy5j12wi_oxXDgEOkslSIaOPhslcEN8XKkqa_flGX680wYVOseehdx8foTcquT4-ESjLiB7Y77ZjPDWQoigxY_qMjxwC2inEE86BUtVqzxReXcnJ_F6Qkn0MRxL3raWJSAPqdZdmgvyj21ShrbCUxdpuJi8Sjlafmrp1AAdpEGNgzfovFoM9BgBhLvlhgj5H3PfYa22hSLgc8rzVN46PDrOnK-WhftE_Rw1J9XqRq2-FzW0w0QgMOWFNjCm2AZ895JuCtBAhkCxfIxQPXBTEcBOtz-m_xh_bdUu7Ghun8ATElrseOHghsukP2BzTdNvvIooWNwO1LXK_nlW1SY-md9vp-oLYAMgYn_c-3dtm8-lmVbSUtltH_sRVg2a1sIGzyBiVokU3obxRrTgE6u6jGfyvtUTvtZq-jL3vz_S4fyDkVY4FHg9XnV_&v1=5057&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.07&cpa=6a94ca3d-242b-4541-bdb0-8f716c2db4c5&prev_step_diff=910 IP162.55.246.161:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnimrute.com Fingerprint62:14:81:C5:22:FF:BC:AE:08:65:E3:D0:0B:CF:4A:19:B3:2A:20:52 ValidityMon, 06 May 2024 11:20:27 GMT - Sun, 04 Aug 2024 11:20:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=sB9_uWy5j12wi_oxXDgEOkslSIaOPhslcEN8XKkqa_flGX680wYVOseehdx8foTcquT4-ESjLiB7Y77ZjPDWQoigxY_qMjxwC2inEE86BUtVqzxReXcnJ_F6Qkn0MRxL3raWJSAPqdZdmgvyj21ShrbCUxdpuJi8Sjlafmrp1AAdpEGNgzfovFoM9BgBhLvlhgj5H3PfYa22hSLgc8rzVN46PDrOnK-WhftE_Rw1J9XqRq2-FzW0w0QgMOWFNjCm2AZ895JuCtBAhkCxfIxQPXBTEcBOtz-m_xh_bdUu7Ghun8ATElrseOHghsukP2BzTdNvvIooWNwO1LXK_nlW1SY-md9vp-oLYAMgYn_c-3dtm8-lmVbSUtltH_sRVg2a1sIGzyBiVokU3obxRrTgE6u6jGfyvtUTvtZq-jL3vz_S4fyDkVY4FHg9XnV_&v1=5057&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.07&cpa=6a94ca3d-242b-4541-bdb0-8f716c2db4c5&prev_step_diff=910 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Thu, 23 May 2024 22:57:01 GMT
content-length: 0
location: https://img.vmmcdn.com/get/19802132/551816_icon.png
x-app-id: 11
|
|
| nereserv.com/in/dip?event_id=6b1af66a-8750-41c8-bdd8-786f3825a18d&subid=1615035347&spot_id=594070&created_at=2024-05-23&timezone=0&ver=1.142.0 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?event_id=6b1af66a-8750-41c8-bdd8-786f3825a18d&subid=1615035347&spot_id=594070&created_at=2024-05-23&timezone=0&ver=1.142.0 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?event_id=6b1af66a-8750-41c8-bdd8-786f3825a18d&subid=1615035347&spot_id=594070&created_at=2024-05-23&timezone=0&ver=1.142.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| nereserv.com/in/dip?event_id=3297f52d-d30e-4b90-8cdb-6beb4ce29ff6&subid=14364679&spot_id=560192&created_at=2024-05-23&timezone=0&ver=1.142.0 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?event_id=3297f52d-d30e-4b90-8cdb-6beb4ce29ff6&subid=14364679&spot_id=560192&created_at=2024-05-23&timezone=0&ver=1.142.0 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?event_id=3297f52d-d30e-4b90-8cdb-6beb4ce29ff6&subid=14364679&spot_id=560192&created_at=2024-05-23&timezone=0&ver=1.142.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 May 2024 22:57:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| img.vmmcdn.com/get/36870469/551816_image.jpg | 46.4.121.113 | 200 OK | 12 kB |
URL GET HTTP/2img.vmmcdn.com/get/36870469/551816_image.jpg IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3 Hashee921bcd225785444d8ab128ca1d0941 e92f5588c738df6912e3658d883aeb66b486560b 4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c
GET /get/36870469/551816_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.1
date: Thu, 23 May 2024 22:57:01 GMT
content-type: image/jpeg
content-length: 12075
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-2f2b"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| img.vmmcdn.com/get/19802132/551816_icon.png | 46.4.121.113 | 200 OK | 23 kB |
URL GET HTTP/2img.vmmcdn.com/get/19802132/551816_icon.png IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash4d5759f010e127f070785e4925447047 22919607ad63be452b8a5aa4324a7d1c2855b074 6d1b78db1808b279554f122373ff2fd4e448313c41d199d92a929e31d2825931
GET /get/19802132/551816_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Thu, 23 May 2024 22:57:01 GMT
content-type: image/png
content-length: 23172
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-5a84"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| mcpuwpsh.com/get/ | 94.130.197.240 | 200 OK | 6.5 kB |
IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92 ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hashd289618758f6426f9de141934b964f3c ddabc406cfed61864605aae0558805811670e74d b158f81a0ae8d62402181360444c7b8d216b26f7c604c3ab90e126ada260e0a0
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1475
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Thu, 23 May 2024 22:57:02 GMT
content-type: application/json
content-length: 6504
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| bid.onclckpop.com/get/ | 94.130.197.240 | 200 OK | 6.8 kB |
IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92 ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hashfecd94f6ea70f2399b5f09ed5ebf0e65 2b8b000c0e843ea536b2be2f59b33410bd7a5fe3 676e099d8b006edff8005b49f6b1d060a1658da64854c30e9086fe87edcffb4f
POST /get/ HTTP/1.1
Host: bid.onclckpop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1598
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Thu, 23 May 2024 22:57:02 GMT
content-type: application/json
content-length: 6808
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| js.wpushsdk.com/skins/nmain.m.js | 45.133.44.52 | 200 OK | 111 kB |
URL GET HTTP/2js.wpushsdk.com/skins/nmain.m.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectjs.wpushsdk.com FingerprintC1:1E:49:F0:88:2B:8F:F1:59:51:D6:4A:97:D8:63:79:DA:EE:E0:BC ValiditySat, 11 May 2024 05:01:00 GMT - Fri, 09 Aug 2024 05:00:59 GMT
File typegzip compressed data, from Unix Size111 kB (111212 bytes) Hash4beaf445139266fb8027e73689b86a7f 0cd323608f38bcb423f0f1718191e260186dd6e7 72709c53356cebd36b44ac389d8e37040180c87ba0764a599bc542a707682f1b
GET /skins/nmain.m.js HTTP/1.1
Host: js.wpushsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 17 May 2024 15:33:10 GMT
etag: W/"664778b6-73e3c"
content-encoding: gzip
expires: Thu, 23 May 2024 23:02:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| gishejuy.com/impression/8wcKVYCTI0lDuxxdpdsROzl9WcN_ZDyFy8bN80lq_uUgC1WC5SXN_MEY_rO7wMiELyOFTdCY0qHrjHekgBI49b3FRtiqPM2egIotiEOgsIleq9gxaZjF8EgaPHC7B-xHkUOaR_7nzHWFi8pICHHn3afrCnxwnUqVskf_SuzSYaSNqmNjqUMgGEymG6-7dU2_CYr5lk3msuBuIxBKQtKIcZiaONCypZR7H1VfIe3PyjXx08dr3808VAoNj88fw5TetFzsneA-jV-YEH3erGBvLRxdhrM2BXxNLM1r_Uik6liTFlc1eHceuYH-tCzRickleqB_j-xeFnEu7VvIgM6lO8ZoCuSgPsfeZOPC79c4oyWSemlW60xu2Yaz9U18jNbOFfh6-iJ-cepkOSakHO_fkvM7CO5mUrdngnTfbqI9VWA1wxa8hSguiAn_GRdCbhBCIVXSxFotupCgS6JOdHXXqrmLrmUtdF9Dh-Mc0a40DPfXdJqGNc0nklDK9PulmvEY509iy1UCFt-XaXqKa8-qcx4WTXHNQHxA6_geNtIaDOty8cYunk10CXskEXoElEhnBJNlBotvTLLXeqqKyVPVl2npXsQZOcOgdijFC4yeCpRkWimQt5D0jCMqhT5UnxJh5detdKFKPiwdXTspEvw5BCUOSMDPDEYDHDONbDIuYiZI5Ce2DRGcG_dFpaSDmSXBTPX1iPF9wjisNQEzk11UD-yvQ6SWeLpbLV5JA0BOxgIvldbGw08XQmy9hEiwm4oxBTnG0hTW0svXmvg0njKQEvs2QUd2XQqNt5Iw5Mv5TS5q8cmyZ0IdsBqm61xSMapW?_z=7443533&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=8&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 | 139.45.197.242 | 200 OK | 43 B |
URL GET HTTP/2gishejuy.com/impression/8wcKVYCTI0lDuxxdpdsROzl9WcN_ZDyFy8bN80lq_uUgC1WC5SXN_MEY_rO7wMiELyOFTdCY0qHrjHekgBI49b3FRtiqPM2egIotiEOgsIleq9gxaZjF8EgaPHC7B-xHkUOaR_7nzHWFi8pICHHn3afrCnxwnUqVskf_SuzSYaSNqmNjqUMgGEymG6-7dU2_CYr5lk3msuBuIxBKQtKIcZiaONCypZR7H1VfIe3PyjXx08dr3808VAoNj88fw5TetFzsneA-jV-YEH3erGBvLRxdhrM2BXxNLM1r_Uik6liTFlc1eHceuYH-tCzRickleqB_j-xeFnEu7VvIgM6lO8ZoCuSgPsfeZOPC79c4oyWSemlW60xu2Yaz9U18jNbOFfh6-iJ-cepkOSakHO_fkvM7CO5mUrdngnTfbqI9VWA1wxa8hSguiAn_GRdCbhBCIVXSxFotupCgS6JOdHXXqrmLrmUtdF9Dh-Mc0a40DPfXdJqGNc0nklDK9PulmvEY509iy1UCFt-XaXqKa8-qcx4WTXHNQHxA6_geNtIaDOty8cYunk10CXskEXoElEhnBJNlBotvTLLXeqqKyVPVl2npXsQZOcOgdijFC4yeCpRkWimQt5D0jCMqhT5UnxJh5detdKFKPiwdXTspEvw5BCUOSMDPDEYDHDONbDIuYiZI5Ce2DRGcG_dFpaSDmSXBTPX1iPF9wjisNQEzk11UD-yvQ6SWeLpbLV5JA0BOxgIvldbGw08XQmy9hEiwm4oxBTnG0hTW0svXmvg0njKQEvs2QUd2XQqNt5Iw5Mv5TS5q8cmyZ0IdsBqm61xSMapW?_z=7443533&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=8&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impression/8wcKVYCTI0lDuxxdpdsROzl9WcN_ZDyFy8bN80lq_uUgC1WC5SXN_MEY_rO7wMiELyOFTdCY0qHrjHekgBI49b3FRtiqPM2egIotiEOgsIleq9gxaZjF8EgaPHC7B-xHkUOaR_7nzHWFi8pICHHn3afrCnxwnUqVskf_SuzSYaSNqmNjqUMgGEymG6-7dU2_CYr5lk3msuBuIxBKQtKIcZiaONCypZR7H1VfIe3PyjXx08dr3808VAoNj88fw5TetFzsneA-jV-YEH3erGBvLRxdhrM2BXxNLM1r_Uik6liTFlc1eHceuYH-tCzRickleqB_j-xeFnEu7VvIgM6lO8ZoCuSgPsfeZOPC79c4oyWSemlW60xu2Yaz9U18jNbOFfh6-iJ-cepkOSakHO_fkvM7CO5mUrdngnTfbqI9VWA1wxa8hSguiAn_GRdCbhBCIVXSxFotupCgS6JOdHXXqrmLrmUtdF9Dh-Mc0a40DPfXdJqGNc0nklDK9PulmvEY509iy1UCFt-XaXqKa8-qcx4WTXHNQHxA6_geNtIaDOty8cYunk10CXskEXoElEhnBJNlBotvTLLXeqqKyVPVl2npXsQZOcOgdijFC4yeCpRkWimQt5D0jCMqhT5UnxJh5detdKFKPiwdXTspEvw5BCUOSMDPDEYDHDONbDIuYiZI5Ce2DRGcG_dFpaSDmSXBTPX1iPF9wjisNQEzk11UD-yvQ6SWeLpbLV5JA0BOxgIvldbGw08XQmy9hEiwm4oxBTnG0hTW0svXmvg0njKQEvs2QUd2XQqNt5Iw5Mv5TS5q8cmyZ0IdsBqm61xSMapW?_z=7443533&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=8&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Cookie: OAID=008065c2aa784798faf76b4f089f8b05
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:03 GMT
content-type: image/gif
content-length: 43
x-trace-id: 0ecdfb2f21135d2c98be9c20b5e07932
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| aistekso.net/impression/rZxU0UKWd2RiEm-VOK60JxnLl9IOWmI_Qf-IfJLqd9SRzYIvu8alfxWJXoj7ZIongChMWknEDLv3_5SdrRzVX4PzBrWipAS_jFAy93pDOWQYxQhOjxn3W2C9L2MTphJgJeLe3GudbJffb00gdM9DbYaDksnhEUHE2lawb-Dhr0XFJ3D5ih2bq5CT1KYp6_62YpvozgqXFCSjuRvL-hA0YIdwquhMIkiBnecrpFoy30ARvSBlIT2t9XFbVj3x0f3sgIBhEyq2mGmt4Y5TyJR2S2AJ_dze1G1lchpXEl6czJVHJrXoA2uzazAIZfzbo4sxcB8FJ4QGVh1puPsTXdUNoGFMltb1Ns6Hpaz_CmVUG-33Jw7N2Ud5a33GpBAMSILpKr36uwCe1NGBJjtpOks-6ixxHiqMBxu0ZwrRT1vEfCCNB79BVimXa4_W8IFhlggS2Ksms9ZX3OkJ1WFhI_GdX1OJG2TBKij-t8S4Zo_X0eWZAPKp9EX7XevqTnI6hhjC1yS-jqC68qCfa7rpxLzDyQ97rt4gIiBTScAsStlU_7MOy5CxMMeRUPMwO3sxZU0M5k8rxazRzRfH4OEphHsPklC79ZBsNOkQuNcQnbq5EgzJEMH258TUBqQBG25cp-rvbHIWhfaS2ZVcAS3ToC-yWjE1O_qy3jU512UZ6gpFgcHjSuolo5Eolf2sm6E1vgHdzQDBjhVc6ExwinkD8q0mrYuEsEnR7vhXi_z9kTwxJR-78vecjWN7p0woOFw-pirgHqNGClUIRGP2nwYv-p3dZX5jl58IvGs7Mx9r59J02jU3JwU5K_dXcscyB3wOHhpx?_z=7443535&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=9&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 | 139.45.197.244 | 200 OK | 43 B |
URL GET HTTP/2aistekso.net/impression/rZxU0UKWd2RiEm-VOK60JxnLl9IOWmI_Qf-IfJLqd9SRzYIvu8alfxWJXoj7ZIongChMWknEDLv3_5SdrRzVX4PzBrWipAS_jFAy93pDOWQYxQhOjxn3W2C9L2MTphJgJeLe3GudbJffb00gdM9DbYaDksnhEUHE2lawb-Dhr0XFJ3D5ih2bq5CT1KYp6_62YpvozgqXFCSjuRvL-hA0YIdwquhMIkiBnecrpFoy30ARvSBlIT2t9XFbVj3x0f3sgIBhEyq2mGmt4Y5TyJR2S2AJ_dze1G1lchpXEl6czJVHJrXoA2uzazAIZfzbo4sxcB8FJ4QGVh1puPsTXdUNoGFMltb1Ns6Hpaz_CmVUG-33Jw7N2Ud5a33GpBAMSILpKr36uwCe1NGBJjtpOks-6ixxHiqMBxu0ZwrRT1vEfCCNB79BVimXa4_W8IFhlggS2Ksms9ZX3OkJ1WFhI_GdX1OJG2TBKij-t8S4Zo_X0eWZAPKp9EX7XevqTnI6hhjC1yS-jqC68qCfa7rpxLzDyQ97rt4gIiBTScAsStlU_7MOy5CxMMeRUPMwO3sxZU0M5k8rxazRzRfH4OEphHsPklC79ZBsNOkQuNcQnbq5EgzJEMH258TUBqQBG25cp-rvbHIWhfaS2ZVcAS3ToC-yWjE1O_qy3jU512UZ6gpFgcHjSuolo5Eolf2sm6E1vgHdzQDBjhVc6ExwinkD8q0mrYuEsEnR7vhXi_z9kTwxJR-78vecjWN7p0woOFw-pirgHqNGClUIRGP2nwYv-p3dZX5jl58IvGs7Mx9r59J02jU3JwU5K_dXcscyB3wOHhpx?_z=7443535&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=9&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 IP139.45.197.244:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectaistekso.net Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impression/rZxU0UKWd2RiEm-VOK60JxnLl9IOWmI_Qf-IfJLqd9SRzYIvu8alfxWJXoj7ZIongChMWknEDLv3_5SdrRzVX4PzBrWipAS_jFAy93pDOWQYxQhOjxn3W2C9L2MTphJgJeLe3GudbJffb00gdM9DbYaDksnhEUHE2lawb-Dhr0XFJ3D5ih2bq5CT1KYp6_62YpvozgqXFCSjuRvL-hA0YIdwquhMIkiBnecrpFoy30ARvSBlIT2t9XFbVj3x0f3sgIBhEyq2mGmt4Y5TyJR2S2AJ_dze1G1lchpXEl6czJVHJrXoA2uzazAIZfzbo4sxcB8FJ4QGVh1puPsTXdUNoGFMltb1Ns6Hpaz_CmVUG-33Jw7N2Ud5a33GpBAMSILpKr36uwCe1NGBJjtpOks-6ixxHiqMBxu0ZwrRT1vEfCCNB79BVimXa4_W8IFhlggS2Ksms9ZX3OkJ1WFhI_GdX1OJG2TBKij-t8S4Zo_X0eWZAPKp9EX7XevqTnI6hhjC1yS-jqC68qCfa7rpxLzDyQ97rt4gIiBTScAsStlU_7MOy5CxMMeRUPMwO3sxZU0M5k8rxazRzRfH4OEphHsPklC79ZBsNOkQuNcQnbq5EgzJEMH258TUBqQBG25cp-rvbHIWhfaS2ZVcAS3ToC-yWjE1O_qy3jU512UZ6gpFgcHjSuolo5Eolf2sm6E1vgHdzQDBjhVc6ExwinkD8q0mrYuEsEnR7vhXi_z9kTwxJR-78vecjWN7p0woOFw-pirgHqNGClUIRGP2nwYv-p3dZX5jl58IvGs7Mx9r59J02jU3JwU5K_dXcscyB3wOHhpx?_z=7443535&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=9&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Cookie: OAID=008065c2aa784798faf76b4f089f8b05
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:04 GMT
content-type: image/gif
content-length: 43
x-trace-id: a5dea63061223ad48a10dfcadd0a04fa
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg | 172.67.22.216 | 200 OK | 17 kB |
URL GET HTTP/2offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg IP172.67.22.216:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash9c6355bcf96815c755fbba83f9fd8f64 ce698b45fb51ef1494f80f432b7aff0985247724 2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:04 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Fri, 24 May 2024 20:45:28 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 7896
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a4910e72569d-OSL
X-Firefox-Spdy: h2
|
|
| gishejuy.com/500/7443533?excludes=19845928&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=10&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2gishejuy.com/500/7443533?excludes=19845928&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=10&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /500/7443533?excludes=19845928&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=10&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:04 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/c8ab7c608555b511dfa28f585183edc9.jpg | 172.67.22.216 | | 17 kB |
URL offerimage.com/www/images/c8ab7c608555b511dfa28f585183edc9.jpg IP172.67.22.216:0
CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hashc8ab7c608555b511dfa28f585183edc9 07b4fe6aa263e63dc15ca76e57280cf4a1da347a 1086d90e75d50f3d72b9782ab379b7fd12e41b0088aa6ca631b800236fe5d5e7
GET /www/images/c8ab7c608555b511dfa28f585183edc9.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:04 GMT
content-type: image/jpeg
content-length: 16731
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674405-415b"
expires: Fri, 24 May 2024 20:42:13 GMT
last-modified: Wed, 29 Nov 2023 14:00:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 8091
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a4917eb9569d-OSL
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg | 172.67.22.216 | 200 OK | 17 kB |
URL GET HTTP/2offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg IP172.67.22.216:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash9c6355bcf96815c755fbba83f9fd8f64 ce698b45fb51ef1494f80f432b7aff0985247724 2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:04 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Fri, 24 May 2024 20:45:28 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 7896
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a491cee7569d-OSL
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/3fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 May 2024 08:28:37 GMT
expires: Fri, 23 May 2025 08:28:37 GMT
cache-control: public, max-age=31536000
age: 52107
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/3fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 18 May 2024 09:28:37 GMT
expires: Sun, 18 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
age: 480507
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| gishejuy.com/impression/h4aA9J8YKiEv9ThqMjOLc_hoTE19gi4fIiWeK8-9P8re6CYI7IDxgJMMw1-9eQdDT2QBJXPPjEc83DghxWUO8S-s0Df6yLT4AdM29D3eMVJkQkHd01obfw1EHEqyG95BEAfLlGfbCfmQBceUbKsJ1CoRJ-8Ga1BKtphpgvTrAHkX1hk22QV-ETvhCHlsUmBe2IINQ5Ql2hONuzBPlw7dGoBoEIvFw3RnSf1JRMaPmu_EdaOeRJgJv3QiWs4p45_RthudSewrz7rpRMlGx9WVxc0sEFttwtzq4YcV9rZEVIoh-vjMXcXo2b8_JnM0d4S51QYkkomFNBD9eWkoswdipybrOEIkQrcmGTmLzD9Seh1y6mdQ7PmC_1IuPbGKXlusnxFQlsObI1sitygF1z9zUbjYcqQuEu4PiOT7C105zppFDcbEFvvD1h8uRIyzrVm1tG3BRe2-MQfRpbLd_XMPJYzfKgqm77i27ti9tT7Blq9bXhFlL-L392r9VW7ejtW4DoaCeOS8fJyYrQQ0JET5ni6KyDtxmiixGVbyR3cpWb8WDYaKvL5U9fYXybphvCROh5DjvTd_ljLBJSPLM2yk5nyWJKaUz7bGGOHblMYH-LVEGp4dh63rc9EMEfWdMkVz7Gj7_vScVTwQ_3JNjZBBlDqZsWm0JexKXjbUPdox8xKtKVJv_YOx5cg1rSP5xkFH5B4MQE0f99AeKftsUBzLqoDhXd6QM9vIzrz8h_lVa10LJHcRosFhvbomML8VnwuO0DERwo1gcmyq_FfOYECyGBXmYhhD2_GwktPioms6oO0Sg_S6MRjBJj1Xrd79ztl3?_z=7443533&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=9&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 | 139.45.197.242 | 200 OK | 43 B |
URL GET HTTP/2gishejuy.com/impression/h4aA9J8YKiEv9ThqMjOLc_hoTE19gi4fIiWeK8-9P8re6CYI7IDxgJMMw1-9eQdDT2QBJXPPjEc83DghxWUO8S-s0Df6yLT4AdM29D3eMVJkQkHd01obfw1EHEqyG95BEAfLlGfbCfmQBceUbKsJ1CoRJ-8Ga1BKtphpgvTrAHkX1hk22QV-ETvhCHlsUmBe2IINQ5Ql2hONuzBPlw7dGoBoEIvFw3RnSf1JRMaPmu_EdaOeRJgJv3QiWs4p45_RthudSewrz7rpRMlGx9WVxc0sEFttwtzq4YcV9rZEVIoh-vjMXcXo2b8_JnM0d4S51QYkkomFNBD9eWkoswdipybrOEIkQrcmGTmLzD9Seh1y6mdQ7PmC_1IuPbGKXlusnxFQlsObI1sitygF1z9zUbjYcqQuEu4PiOT7C105zppFDcbEFvvD1h8uRIyzrVm1tG3BRe2-MQfRpbLd_XMPJYzfKgqm77i27ti9tT7Blq9bXhFlL-L392r9VW7ejtW4DoaCeOS8fJyYrQQ0JET5ni6KyDtxmiixGVbyR3cpWb8WDYaKvL5U9fYXybphvCROh5DjvTd_ljLBJSPLM2yk5nyWJKaUz7bGGOHblMYH-LVEGp4dh63rc9EMEfWdMkVz7Gj7_vScVTwQ_3JNjZBBlDqZsWm0JexKXjbUPdox8xKtKVJv_YOx5cg1rSP5xkFH5B4MQE0f99AeKftsUBzLqoDhXd6QM9vIzrz8h_lVa10LJHcRosFhvbomML8VnwuO0DERwo1gcmyq_FfOYECyGBXmYhhD2_GwktPioms6oO0Sg_S6MRjBJj1Xrd79ztl3?_z=7443533&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=9&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impression/h4aA9J8YKiEv9ThqMjOLc_hoTE19gi4fIiWeK8-9P8re6CYI7IDxgJMMw1-9eQdDT2QBJXPPjEc83DghxWUO8S-s0Df6yLT4AdM29D3eMVJkQkHd01obfw1EHEqyG95BEAfLlGfbCfmQBceUbKsJ1CoRJ-8Ga1BKtphpgvTrAHkX1hk22QV-ETvhCHlsUmBe2IINQ5Ql2hONuzBPlw7dGoBoEIvFw3RnSf1JRMaPmu_EdaOeRJgJv3QiWs4p45_RthudSewrz7rpRMlGx9WVxc0sEFttwtzq4YcV9rZEVIoh-vjMXcXo2b8_JnM0d4S51QYkkomFNBD9eWkoswdipybrOEIkQrcmGTmLzD9Seh1y6mdQ7PmC_1IuPbGKXlusnxFQlsObI1sitygF1z9zUbjYcqQuEu4PiOT7C105zppFDcbEFvvD1h8uRIyzrVm1tG3BRe2-MQfRpbLd_XMPJYzfKgqm77i27ti9tT7Blq9bXhFlL-L392r9VW7ejtW4DoaCeOS8fJyYrQQ0JET5ni6KyDtxmiixGVbyR3cpWb8WDYaKvL5U9fYXybphvCROh5DjvTd_ljLBJSPLM2yk5nyWJKaUz7bGGOHblMYH-LVEGp4dh63rc9EMEfWdMkVz7Gj7_vScVTwQ_3JNjZBBlDqZsWm0JexKXjbUPdox8xKtKVJv_YOx5cg1rSP5xkFH5B4MQE0f99AeKftsUBzLqoDhXd6QM9vIzrz8h_lVa10LJHcRosFhvbomML8VnwuO0DERwo1gcmyq_FfOYECyGBXmYhhD2_GwktPioms6oO0Sg_S6MRjBJj1Xrd79ztl3?_z=7443533&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=9&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Cookie: OAID=008065c2aa784798faf76b4f089f8b05
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:06 GMT
content-type: image/gif
content-length: 43
x-trace-id: 41cbfbaca9ef659377134b707ea9a666
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| eedsaung.net/11?rnd=413891673&z=7443534&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=EyRxMZU9BtS0WacY3iHCYv13c7P7yCT28oUTjftaA7-C7wD6zg04yyP4gnUUtGAIrXKKt0yqIdVlyFLnRlR4Z75P2kga0MZUWa7kEf6ck1IZKES9Rng5t8EGBoF_643MLcGno9j8kMO7ua2YeCztux-roe7mBqwJZuywM_NzbeM84-ypbYLijHadIRzQXPQMJ4XyknDBtNloi7vUkOvw5xX7CCKep9AQb6P_Mgk4ACKL5OyIi0oxMSk9QfG0vyv8HSBjqw55Jd8WZhMVXJZpHWJHO5dE40pkbrGl_owKMZbPSwQ34Yomsm0jmKPJvk8i4EO-xMB1_Raa7085CwLSjhc_4FCFslMc9XCWe3q4CYdObwwMUSAl9rdSpxNCkGm2A9Pz99c-vnw2O858IUk_XZ5ZiNbcLgM7t0OBlZ-ux8K8tDQNGsCf6eaG1UKLHCqzZuEokfT6PtrQH-UlM5KbRdvjWxyv6WdHOtSNpdfvW-GrCHimLHYyoIpJ9m00dUDl63qbR0R5ZXa6C6xffx0tI5hIzQFT7g4e_UQj3ygPcM85S776AOz0AZEXAw88R_YO_GHlbgRe2ZnC_Tm40ihoRF1el-KB1oQOSj8WLcMXFDYXUixuk-C-6Mafe2gvFSrg&ruid=3a7ab970-801f-42a8-b1cc-0c525f8e2764&subid=817643919866081280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=2&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 | 139.45.197.242 | | 0 B |
URL eedsaung.net/11?rnd=413891673&z=7443534&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=EyRxMZU9BtS0WacY3iHCYv13c7P7yCT28oUTjftaA7-C7wD6zg04yyP4gnUUtGAIrXKKt0yqIdVlyFLnRlR4Z75P2kga0MZUWa7kEf6ck1IZKES9Rng5t8EGBoF_643MLcGno9j8kMO7ua2YeCztux-roe7mBqwJZuywM_NzbeM84-ypbYLijHadIRzQXPQMJ4XyknDBtNloi7vUkOvw5xX7CCKep9AQb6P_Mgk4ACKL5OyIi0oxMSk9QfG0vyv8HSBjqw55Jd8WZhMVXJZpHWJHO5dE40pkbrGl_owKMZbPSwQ34Yomsm0jmKPJvk8i4EO-xMB1_Raa7085CwLSjhc_4FCFslMc9XCWe3q4CYdObwwMUSAl9rdSpxNCkGm2A9Pz99c-vnw2O858IUk_XZ5ZiNbcLgM7t0OBlZ-ux8K8tDQNGsCf6eaG1UKLHCqzZuEokfT6PtrQH-UlM5KbRdvjWxyv6WdHOtSNpdfvW-GrCHimLHYyoIpJ9m00dUDl63qbR0R5ZXa6C6xffx0tI5hIzQFT7g4e_UQj3ygPcM85S776AOz0AZEXAw88R_YO_GHlbgRe2ZnC_Tm40ihoRF1el-KB1oQOSj8WLcMXFDYXUixuk-C-6Mafe2gvFSrg&ruid=3a7ab970-801f-42a8-b1cc-0c525f8e2764&subid=817643919866081280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=2&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 IP139.45.197.242:0
CertificateIssuerLet's Encrypt Subjecteedsaung.net FingerprintB9:EB:EA:22:9B:30:C2:90:3A:52:EB:AB:26:22:69:B2:8F:BD:3D:D4 ValiditySat, 23 Mar 2024 20:31:40 GMT - Fri, 21 Jun 2024 20:31:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=413891673&z=7443534&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=EyRxMZU9BtS0WacY3iHCYv13c7P7yCT28oUTjftaA7-C7wD6zg04yyP4gnUUtGAIrXKKt0yqIdVlyFLnRlR4Z75P2kga0MZUWa7kEf6ck1IZKES9Rng5t8EGBoF_643MLcGno9j8kMO7ua2YeCztux-roe7mBqwJZuywM_NzbeM84-ypbYLijHadIRzQXPQMJ4XyknDBtNloi7vUkOvw5xX7CCKep9AQb6P_Mgk4ACKL5OyIi0oxMSk9QfG0vyv8HSBjqw55Jd8WZhMVXJZpHWJHO5dE40pkbrGl_owKMZbPSwQ34Yomsm0jmKPJvk8i4EO-xMB1_Raa7085CwLSjhc_4FCFslMc9XCWe3q4CYdObwwMUSAl9rdSpxNCkGm2A9Pz99c-vnw2O858IUk_XZ5ZiNbcLgM7t0OBlZ-ux8K8tDQNGsCf6eaG1UKLHCqzZuEokfT6PtrQH-UlM5KbRdvjWxyv6WdHOtSNpdfvW-GrCHimLHYyoIpJ9m00dUDl63qbR0R5ZXa6C6xffx0tI5hIzQFT7g4e_UQj3ygPcM85S776AOz0AZEXAw88R_YO_GHlbgRe2ZnC_Tm40ihoRF1el-KB1oQOSj8WLcMXFDYXUixuk-C-6Mafe2gvFSrg&ruid=3a7ab970-801f-42a8-b1cc-0c525f8e2764&subid=817643919866081280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=2&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Cookie: scm=1; OAID=k6hr235639ds432425084l6s1ticf304; oaidts=1716505018
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:19 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 7e744ba34d968ab59db2fa147ea3322a
access-control-expose-headers: X-Sc
set-cookie: OAID=k6hr235639ds432425084l6s1ticf304; expires=Fri, 23 May 2025 22:57:19 GMT; secure; SameSite=None
oaidts=1716505018; expires=Fri, 23 May 2025 22:57:19 GMT; secure; SameSite=None
oaidvc=1; expires=Fri, 23 May 2025 22:57:19 GMT; secure; SameSite=None
CNT=1_v1_rtk9AQEAAACaTQAA; expires=Thu, 23 May 2024 23:57:19 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/cdn-cgi/rum? | 172.67.183.69 | 204 No Content | 0 B |
URL POST HTTP/3www.amdahost.com/cdn-cgi/rum? IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 564
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 204 No Content
date: Thu, 23 May 2024 22:57:23 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8888a50a0bb50afa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| js.onclckmn.com/static/onclicka.m.js | 45.133.44.53 | 200 OK | 115 kB |
URL GET HTTP/2js.onclckmn.com/static/onclicka.m.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectjs.onclckmn.com Fingerprint71:21:70:F5:FD:7C:41:28:07:3B:F6:EC:B5:FC:43:A9:49:6F:D3:65 ValidityThu, 25 Apr 2024 03:01:09 GMT - Wed, 24 Jul 2024 03:01:08 GMT
Size115 kB (114731 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/onclicka.m.js HTTP/1.1
Host: js.onclckmn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:57 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 14 May 2024 13:04:56 GMT
etag: W/"66436178-1c02b"
content-encoding: gzip
expires: Thu, 23 May 2024 23:01:57 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Archivo+Black&display=swap | 142.250.74.106 | 200 OK | 819 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Archivo+Black&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77 ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT
File typeASCII text, with very long lines (837), with no line terminators Hashfa0b91b21b81c25b4d2bb89c6d9d84fb 1788d71d75cf429352999edca5573800814aba3f 5385a711b1675e90eb76b002d80f1c53e71449889caf26b5ee6ec34f3df23fa7
GET /css2?family=Archivo+Black&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 May 2024 22:56:55 GMT
date: Thu, 23 May 2024 22:56:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| js.onclckinpg.com/npc/sdk/wpu/npush.m.js | 45.133.44.52 | 200 OK | 178 kB |
URL GET HTTP/2js.onclckinpg.com/npc/sdk/wpu/npush.m.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectjs.onclckinpg.com Fingerprint8E:C2:D4:6B:E7:14:3A:3D:25:99:DE:85:47:21:6C:93:38:A2:CE:10 ValidityFri, 12 Apr 2024 03:01:31 GMT - Thu, 11 Jul 2024 03:01:30 GMT
Size178 kB (178178 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.onclckinpg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 23 May 2024 12:07:50 GMT
etag: W/"664f3196-2b802"
content-encoding: gzip
expires: Thu, 23 May 2024 23:01:59 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| js.mbidpp.com/popunder-admanager/build.m.js | 45.133.44.53 | 200 OK | 101 kB |
URL GET HTTP/2js.mbidpp.com/popunder-admanager/build.m.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectjs.mbidpp.com Fingerprint5B:B3:95:84:D0:2B:0C:9A:68:98:53:B0:A4:A5:68:88:B2:A5:5F:82 ValidityThu, 18 Apr 2024 03:01:11 GMT - Wed, 17 Jul 2024 03:01:10 GMT
Size101 kB (100875 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder-admanager/build.m.js HTTP/1.1
Host: js.mbidpp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 15 May 2024 14:49:12 GMT
etag: W/"6644cb68-18a0b"
content-encoding: gzip
expires: Thu, 23 May 2024 23:01:59 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Bebas+Neue&display=swap | 142.250.74.106 | 200 OK | 799 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Bebas+Neue&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77 ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT
File typeASCII text, with very long lines (817), with no line terminators Hashc493231efba2219e3348f16e938d7380 95b2c3d6221a58cbd7e96f2c05c40d03f53fb16c ff65de3252fffb1650fca0c23a1a87351bf5b2385dc11e35e19b94c3495e4cf0
GET /css2?family=Bebas+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 May 2024 22:56:55 GMT
date: Thu, 23 May 2024 22:56:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/tag.min.js?z=7443536 | 139.45.197.250 | 200 OK | 15 kB |
URL GET HTTP/2moonoafy.net/pfe/current/tag.min.js?z=7443536 IP139.45.197.250:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typeJavaScript source, ASCII text, with very long lines (14770), with no line terminators Hash38cd5af94e91840f4770d3d3000aca04 e81d42a6a8b1d21aa22c22ed7a850be802968e3a c23c8a2a602e4a2423594101623f8336407fc4e69c43cd40c60db44dac32bf98
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/tag.min.js?z=7443536 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:58 GMT
content-type: application/javascript
last-modified: Wed, 22 May 2024 13:57:03 GMT
etag: W/"664df9af-39b2"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| lkbx.me/4KqY7?uid=wuqidao1vltm5mg13gqk61cc | 47.89.248.255 | 200 OK | 1.1 kB |
URL GET HTTP/2lkbx.me/4KqY7?uid=wuqidao1vltm5mg13gqk61cc IP47.89.248.255:443 ASN#45102 Alibaba US Technology Co., Ltd.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerDigiCert Inc Subjectlkbx.me Fingerprint85:1C:F3:96:31:0D:EC:E9:85:9D:6E:27:5F:AE:1D:6C:F2:9B:F5:BD ValidityMon, 27 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (1129), with no line terminators Hashee8e0ed531fa39328b64d273542417eb 1d3ea88bd09c3f6af82a743fe93c72f025f52714 224a305e25a23ca2b8e16ef8448e3389cc3a1b40349932519d9968f6c9334ab5
GET /4KqY7?uid=wuqidao1vltm5mg13gqk61cc HTTP/1.1
Host: lkbx.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:57:02 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: discuz_2132_saltkey=FfygzDIM; expires=Sat, 22-Jun-2024 22:57:02 GMT; Max-Age=2592000; path=/; secure; httponly
discuz_2132_lang=en; path=/; secure
discuz_2132_lang=en; path=/; secure
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700 | 142.250.74.106 | 200 OK | 11 kB |
URL GET HTTP/3fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700 IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77 ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT
Hash155f53ee6339ba8215c3513f7e89a646 1785d802da7b560dc8af49e5c17627ecc88285a0 859bbc3840ddbfac2cbabd04217077fcab6f31a0e24a9f7ff1a2ee6246ba5319
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 May 2024 22:57:04 GMT
date: Thu, 23 May 2024 22:57:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap | 142.250.74.106 | 200 OK | 789 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77 ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT
File typeASCII text, with very long lines (807), with no line terminators Hash6f717af0e726a10479b7e8bed93e5142 a115121febff939512aba08376c87856e8eb7d81 3f2d568b6fb6321a2e59f992275a60a22c904f5e8d84b7c6e43b1bb702ae86db
GET /css2?family=Poppins:wght@600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 May 2024 22:56:55 GMT
date: Thu, 23 May 2024 22:56:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| c.adsco.re/ | 104.17.166.186 | 200 OK | 77 kB |
IP104.17.166.186:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73 ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (881) Hash0d683bdf35d89f985a1029aba278a5d9 97bc8ba038325c26b258e59baebb62d55498b1b3 3f549d3829f1c3139f3b9803aee55f74ee3a9a38c53a816b5344bc20c3168208
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Sun, 23 Jun 2024 22:56:59 GMT
etag: W/"DWg73zXYn5haECmronil2Q=="
content-encoding: gzip
cf-cache-status: HIT
age: 2476
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a4744f761bfa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css2?family=Material+Symbols+Rounded:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200 | 142.250.74.106 | 200 OK | 622 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Material+Symbols+Rounded:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200 IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77 ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT
File typeASCII text, with very long lines (645), with no line terminators Hashfc985575eb6fdb0c99036d88eee2fa5e 5279d4f6164444ce3dc64518f62501e9602bc6ea 6f867db510369feefbb3dc8264424368a321b2a756b6cc5fb6472ccc8b786f1d
GET /css2?family=Material+Symbols+Rounded:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 May 2024 22:56:55 GMT
date: Thu, 23 May 2024 22:56:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/icon?family=Material+Icons | 142.250.74.106 | 200 OK | 565 B |
URL GET HTTP/2fonts.googleapis.com/icon?family=Material+Icons IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77 ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT
File typeASCII text, with very long lines (588), with no line terminators Hash959a533a3dc02649e0cc3f8f67d942af 34db49ff64aed8b51beaba5b9928ad504a4df335 24864ed3ee6fab66640980d4c24640e579e5583764a8ee8c4f09decf27977247
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 May 2024 22:56:55 GMT
date: Thu, 23 May 2024 22:56:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| gishejuy.com/400/7443533 | 139.45.197.242 | 200 OK | 84 kB |
IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash31d52a619f3762b4f190f2360ad8f4a6 f73c8022ce270b74dec782178bf96d1b0e8c6682 b1740525bcfe9ca19c033991f8110da2010a647f814b18f8e7793fc7e83bb3a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /400/7443533 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:58 GMT
content-type: application/javascript
x-trace-id: ea9147574ed0c92e50d9b262e89630b8
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0300656cdaa44466e5c9264c862c17b3; expires=Fri, 23 May 2025 22:56:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/css/root.css | 172.67.183.69 | 200 OK | 3.2 kB |
URL GET HTTP/3www.amdahost.com/css/root.css IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typeASCII text, with very long lines (3175), with no line terminators Hashb29e82a0b6fab49b186f1878409b49cf 632d7a94b851c7c879e29825bee06920d7b5cb99 5b7746d8aa2c0a8a908f6a5df646167afb319fc1d2a6ec08d275e195a275afdf
GET /css/root.css HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=6128
last-modified: Tue, 27 Feb 2024 08:09:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3063
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BOc1pmr0eyJkCzdAVG%2Fg2IYmvwnPFmZtPDX%2FRYF4uzLzh1r7iXFqOTx7r%2FGmgZYTsTNJgIg%2FX9Rlies2Dm%2BCGx9dB%2FFJ7rClndnWpVwHl0Cdc16Pr92win5PT8Z5sdbyoM6p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a45adf480afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aistekso.net/500/7443535?excludes=&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=6&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 | 139.45.197.244 | 200 OK | 0 B |
URL OPTIONS HTTP/2aistekso.net/500/7443535?excludes=&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=6&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 IP139.45.197.244:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectaistekso.net Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /500/7443535?excludes=&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=6&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/videoPlayer/video_player.css | 172.67.183.69 | 200 OK | 4.9 kB |
URL GET HTTP/3www.amdahost.com/videoPlayer/video_player.css IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typeASCII text, with very long lines (4948), with no line terminators Hashce2a8336b3d1276261638ba8018c9327 3325a6fcd8d9ef1f6792e8aec6581b85a266eb46 2fbb894a56c35db3ebe82fea62c42e7125539150c8a359808e5ddc9509de5c69
GET /videoPlayer/video_player.css HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7449
last-modified: Mon, 20 May 2024 14:34:20 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3063
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k6uY9zdoWog3L1seZPIlJJXtLTP5GBeDV2ebPEDjeWwkiKKQCluMgAMoOdwK8CZvT8zqjcLGqb44a3%2FznHmWrZG1PdnWFCaS7wYzQBaL%2Bi7GOrcNnQUaKriDDxUlWmEBXNci"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a45aff5a0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.amdahost.com/videoPlayer/video_player.js | 172.67.183.69 | 200 OK | 6.4 kB |
URL GET HTTP/3www.amdahost.com/videoPlayer/video_player.js IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typeASCII text, with very long lines (6557), with no line terminators Hashb4bdbbb6b4221021a4bdcb627dd24cbb 7b628bf5efb863d2983077f61c9a26bb058e3ece 0156cffc750a863f088fafd63e4b32736cb7146e1ab8ace12994d97911c3d30d
GET /videoPlayer/video_player.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=7654
last-modified: Mon, 20 May 2024 14:34:20 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3862
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TEWEzhQeNGDTGudEsgaib0Ks7z8LORNTBP14CG02Ki5mkQnJOCsI2suk0PcDx56igQ4QHbF5EwYauSfG003G4RGGWH9WOpWogkwA7B4VCXeuHOqBycLATJE3jbvT9dru3C1x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a45aff5b0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.amdahost.com/media/apple-touch-icon.png | 172.67.183.69 | 200 OK | 40 kB |
URL GET HTTP/3www.amdahost.com/media/apple-touch-icon.png IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typePNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced Hash3a0b8d799ca52ea360286be206ff8fb3 2dc98f04f62990a7ab58494b8cc4c9d34f88d82b a18a7554000483027f4297e642dd6ffa175ee4028844be6e7888cd31c165972d
GET /media/apple-touch-icon.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599; _ga_473NMXMZ7V=GS1.1.1716505016.1.0.1716505017.0.0.0; _ga=GA1.1.336599650.1716505016; cf_clearance=Gd5gxZLiheoQ6bqesQ7hrATZcDv9XRpT8lzTWIYNqlQ-1716505017-1.0.1.1-j2U3PCiKzKZgLKLef7uHKNTVD32IFd8dFUYu5NhxTEDDqcKxJ9H4TxzJQAJd7eEdhlpvbFkVkKGqF6g85v2i5Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:58 GMT
content-type: image/png
content-length: 40332
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1386
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=liuKG%2BUyy6kP%2B6kwLcqnHKaqDv6OiW4zqdKKE8Zk7LbKZoXft9SZje8CK9oOblg4cr7SovY%2B5RN5WWyhIesB0ezcBFEu53mdVPno78%2BKcS02bmUK273%2F8QWPtIVVGsvNMJGn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a46ceec50afa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.tailwindcss.com/ | 172.67.41.16 | 302 Found | 366 kB |
IP172.67.41.16:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerCloudflare, Inc. Subjecttailwindcss.com Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49 ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT
Size366 kB (365681 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 23 May 2024 22:56:55 GMT
cache-control: max-age=14400
location: /3.4.3
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::59p4w-1716503813219-23c7c555227f
cf-cache-status: HIT
age: 368
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a45b1d575688-OSL
X-Firefox-Spdy: h2
|
|
| bid.onclcktg.com/tags/179977?version_name=c | 45.133.44.25 | 200 OK | 2.2 kB |
URL GET HTTP/2bid.onclcktg.com/tags/179977?version_name=c IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectbid.onclcktg.com Fingerprint72:BD:E7:FE:B4:B7:86:81:94:C3:A7:21:65:2E:1E:86:32:16:C6:1A ValidityThu, 11 Apr 2024 03:00:17 GMT - Wed, 10 Jul 2024 03:00:16 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2528), with no line terminators Hash50a93291c9e07dc841ae4b0626646ffa 1f45f62e16e88cdfa561a30eb3af44787c6074fd ea65c9fb768017ad788b39fad93133aaa6f8e0a3ac14f6715fa5d4d39f44d30f
GET /tags/179977?version_name=c HTTP/1.1
Host: bid.onclcktg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:58 GMT
content-type: application/json
server: nginx/1.24.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?userId=008065c2aa784798faf76b4f089f8b05 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=008065c2aa784798faf76b4f089f8b05 IP139.45.195.8:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectrtmark.net Fingerprint90:47:5A:A5:5F:5F:FA:E6:7C:6F:AB:D2:06:D1:D9:BD:F3:54:9E:6E ValiditySat, 11 May 2024 20:51:41 GMT - Fri, 09 Aug 2024 20:51:40 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash06c216ccdcfe8f002696e68fbba7a675 02af5e6f5a2527bc148684d4a34b66d19dfc31aa de41c3ed60ee2a4b2fdfb34f207ebc27d376d904e8fb7d7024a10ebaa5850563
GET /gid.js?userId=008065c2aa784798faf76b4f089f8b05 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008065c2aa784798faf76b4f089f8b05; expires=Fri, 23 May 2025 22:56:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| js.onclckmn.com/static/onclicka.m.js | 45.133.44.53 | 200 OK | 115 kB |
URL GET HTTP/2js.onclckmn.com/static/onclicka.m.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectjs.onclckmn.com Fingerprint71:21:70:F5:FD:7C:41:28:07:3B:F6:EC:B5:FC:43:A9:49:6F:D3:65 ValidityThu, 25 Apr 2024 03:01:09 GMT - Wed, 24 Jul 2024 03:01:08 GMT
Size115 kB (114731 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/onclicka.m.js HTTP/1.1
Host: js.onclckmn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:57 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 14 May 2024 13:04:56 GMT
etag: W/"66436178-1c02b"
content-encoding: gzip
expires: Thu, 23 May 2024 23:01:57 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| www.amdahost.com/media/redLogo.png | 172.67.183.69 | 200 OK | 45 kB |
URL GET HTTP/3www.amdahost.com/media/redLogo.png IP172.67.183.69:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectamdahost.com FingerprintDF:50:77:BE:0F:44:1F:7E:6F:DB:21:DF:91:B2:B1:A5:58:A8:F7:0B ValiditySun, 19 May 2024 11:17:36 GMT - Sat, 17 Aug 2024 11:17:35 GMT
File typePNG image data, 1024 x 289, 8-bit/color RGBA, non-interlaced Hasha9a51ae2f744ab0cfc779f02a6ec4181 1986904de2630ee54553ea349484fdd4c63f4502 76864dc01b6de618949b20a4ae5e183f0065ba4733165975873545df9c0e1913
GET /media/redLogo.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e6ab017f08
Cookie: PHPSESSID=b0a36fa130fbf3ec558bf78fb8c98599
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: image/png
content-length: 45215
last-modified: Mon, 20 May 2024 03:54:10 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 161
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2FuAuvEbQ%2FO4u%2BdHPDnTaS6On10UEovikw7PTKqp43iDuOQDH%2BCVHlP6G4ndIWHiqFcNJdFTzlVye4VCcPHztV%2FtSO9JR2AzpTcCrDL27pNc989KtDO1W%2FtEhxnUAPw0GiVT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a45adf4b0afa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aistekso.net/401/7443535 | 139.45.197.244 | 200 OK | 91 kB |
IP139.45.197.244:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectaistekso.net Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashd9a3bf7fcdbaa21f2c1e5997bb16b725 0e0f030ebde1454e85f5200e5c84fb369f7774c2 2eb2dd07266c296eec2452aa768f4dd07a564cbe005ea26af37760fa611fc70d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /401/7443535 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:58 GMT
content-type: application/javascript
x-trace-id: 6ec16f54918ba5c206a07554b6f9a41c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0300652a2daf4dbaeda160eaf535ee5a; expires=Fri, 23 May 2025 22:56:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| eedsaung.net/1?z=7443534 | 139.45.197.242 | 200 OK | 43 kB |
IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjecteedsaung.net FingerprintB9:EB:EA:22:9B:30:C2:90:3A:52:EB:AB:26:22:69:B2:8F:BD:3D:D4 ValiditySat, 23 Mar 2024 20:31:40 GMT - Fri, 21 Jun 2024 20:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (42427) Hash01105409fe62c1cb1dab8e2ff0526599 efc5a97683808ce85efa7870801c7c55d0b67d22 e845df2c11636f8106fc119143d51918c5fcd5ba0a9b905601a7986325d5ac87
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1?z=7443534 HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:58 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: ec4a4cc6567c997a2d8ed1b974859ffa
access-control-expose-headers: X-Sc
x-sc: mP428ahyRdh8MnoDAFjgthWfwpHgoc6r6MvQmIUidVxk8gbXUriPGHXde8eKgoKJPxDuB4jBIEDiBUt1wS2V1RyMelY=
set-cookie: scm=1; expires=Fri, 23 May 2025 22:56:58 GMT; secure; SameSite=None
OAID=040065c4aaf34551e2fff6cf8236a3af; expires=Fri, 23 May 2025 22:56:58 GMT; secure; SameSite=None
oaidts=1716505018; expires=Fri, 23 May 2025 22:56:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| js.mbidinp.com/npc/sdk/wpu/npush.m.js | 45.133.44.52 | 200 OK | 178 kB |
URL GET HTTP/2js.mbidinp.com/npc/sdk/wpu/npush.m.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectjs.mbidinp.com FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT
Size178 kB (178178 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 23 May 2024 12:07:50 GMT
etag: W/"664f3196-2b802"
content-encoding: gzip
expires: Thu, 23 May 2024 23:01:59 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| 32879.2481april2024.com/iSdGCo0xPArnZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmKWlu7uKdQcfT7hOvUxVYEvu7YL2z4s_dBK-uw?kws=video%2Csexyindianwife%2Cnew%2Cdare&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20May%2023%202024%2022%3A56%3A57%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 | 88.208.22.4 | 200 OK | 1.5 kB |
URL GET HTTP/232879.2481april2024.com/iSdGCo0xPArnZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmKWlu7uKdQcfT7hOvUxVYEvu7YL2z4s_dBK-uw?kws=video%2Csexyindianwife%2Cnew%2Cdare&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20May%2023%202024%2022%3A56%3A57%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 IP88.208.22.4:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subject*.2481april2024.com FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49 ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT
File typeASCII text, with very long lines (1523), with no line terminators Hashe24e45833e1e531611c5fe3d7c692544 0994f9c62ed2e6f8f4ebf0e84895ae3f6e10eb95 b513d8c441317cf837ecf684c303390c9bd47dca39c0fbb7efe11ed2a01f26fb
GET /iSdGCo0xPArnZtczvVjGLSdOmtkRvoHRdq9VOcLNSZwVNZyS9dhXp5mMB9M2edSSl9sFIKV2jvq5euuzHOKnYRGKmKWlu7uKdQcfT7hOvUxVYEvu7YL2z4s_dBK-uw?kws=video%2Csexyindianwife%2Cnew%2Cdare&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20May%2023%202024%2022%3A56%3A57%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Thu, 23 May 2024 22:57:00 UTC
expires: Thu, 23 May 2024 22:57:00 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7443534&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=817643919866081280 | 172.67.175.232 | 302 Found | 1.1 kB |
URL GET HTTP/2securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7443534&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=817643919866081280 IP172.67.175.232:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectsecuredpeacomm.com FingerprintE2:58:9B:FC:54:26:CA:CC:89:05:0D:28:D6:2E:28:9E:39:7E:5F:D6 ValidityMon, 15 Apr 2024 19:27:34 GMT - Sun, 14 Jul 2024 19:27:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7443534&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=817643919866081280 HTTP/1.1
Host: securedpeacomm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 23 May 2024 22:57:00 GMT
content-type: text/html; charset=UTF-8
location: https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=7443534&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=817643919866081280&ctrl_fetch_dest=iframe_v2_no_model&ctrl_id=664fc9bca97f3084500141&ctrl_ts=1716505020.6943&ctrl_ab=burp
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XtonL1Jn6YoE%2FdYpdL6ZNBLpTuBa5EayV6QrBUwKpKI4QJlB2IZZvE014wEY74TRkcis3r8THldjZa0poSs7BXgz8I%2Fy68c47mbUQljJ0WDQbs%2BF9NUPhxzhgTzctLJvAtvU9Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a479cc9056af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| eedsaung.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a | 139.45.197.242 | 200 OK | 413 kB |
URL GET HTTP/2eedsaung.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP139.45.197.242:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjecteedsaung.net FingerprintB9:EB:EA:22:9B:30:C2:90:3A:52:EB:AB:26:22:69:B2:8F:BD:3D:D4 ValiditySat, 23 Mar 2024 20:31:40 GMT - Fri, 21 Jun 2024 20:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (65523) Size413 kB (413423 bytes) Hash297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: eedsaung.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Cookie: scm=1; OAID=040065c4aaf34551e2fff6cf8236a3af; oaidts=1716505018
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 7e94347105e8171f2693f2f993fe19d9
cache-control: max-age:290304000, public
last-modified: Thu, 16 May 2024 06:01:31 GMT
expires: Thu, 15 Jun 2084 06:01:31 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587 | 104.16.80.73 | 200 OK | 19 kB |
URL GET HTTP/2static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587 IP104.16.80.73:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectcloudflareinsights.com FingerprintCE:62:08:77:7A:C9:4F:2B:EB:19:EA:54:43:3D:9F:10:06:33:69:E8 ValidityWed, 08 May 2024 03:07:03 GMT - Tue, 06 Aug 2024 03:07:02 GMT
File typeJavaScript source, ASCII text, with very long lines (19306), with no line terminators Hash4068f6ab9e6ae017e04b8684692d202a 7414db6531d4c56dba6d8654520fcb0f09d53770 f9eb189676a78d42d7a8487eef683702ada6c5c866399eefbc0df319d5f7c6d7
GET /beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:55 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.5.0"
last-modified: Mon, 06 May 2024 19:01:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a45b6fb456a5-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| aistekso.net/500/7443535?excludes=&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=6&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 | 139.45.197.244 | 200 OK | 1.7 kB |
URL GET HTTP/2aistekso.net/500/7443535?excludes=&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=6&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 IP139.45.197.244:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subjectaistekso.net Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1763), with no line terminators Hash36a5a2da6af28375c2d558bbb1453f16 3df7e0ee2acba8a6785b044f79959490a8fabdfc 380d52315cad19abb4e6e14e182a3af1a76d3c107a004298557785e94358ee3c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /500/7443535?excludes=&oaid=008065c2aa784798faf76b4f089f8b05&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=981&wfc=6&pl=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De6ab017f08&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.344.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Cookie: OAID=0300652a2daf4dbaeda160eaf535ee5a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 23 May 2024 22:57:00 GMT
content-type: application/javascript
x-trace-id: e62e6a74c5f5be6986379b4a2bea2996
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://www.amdahost.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=008065c2aa784798faf76b4f089f8b05; expires=Fri, 23 May 2025 22:57:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 172.217.21.162 | 200 OK | 0 B |
URL HEAD HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP172.217.21.162:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net Fingerprint3F:B6:D0:DC:31:C7:E3:01:10:CA:7A:20:C4:16:9A:F6:2A:0E:E6:07 ValidityMon, 06 May 2024 13:42:06 GMT - Mon, 29 Jul 2024 13:42:05 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Thu, 23 May 2024 22:56:58 GMT
expires: Thu, 23 May 2024 22:56:58 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 1633677743483803101
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51243
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Karla&display=swap | 142.250.74.106 | 200 OK | 802 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Karla&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77 ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT
File typeASCII text, with very long lines (820), with no line terminators Hash19b781ab6f09786f5d9e86ac26de083d 11ca72183489143542fafe4efb122b11f9b4c1d9 e17e04ca3c38fa955e6789b4818c7c24ffd3a99eae0830a01ca51ed8e968db8a
GET /css2?family=Karla&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 May 2024 22:56:55 GMT
date: Thu, 23 May 2024 22:56:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Comic+Neue&display=swap | 142.250.74.106 | 200 OK | 420 B |
URL GET HTTP/2fonts.googleapis.com/css2?family=Comic+Neue&display=swap IP142.250.74.106:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77 ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT
File typeASCII text, with very long lines (429), with no line terminators Hash75f97bdeb174d8b64c2078ceff6726a3 beb63d63eb0398c4e6f15b6f2ad83c9fd7ef272d 0dd00245b771e2aada55e76fe50ee64c186e9413f70b1fc54da284a2cab024c6
GET /css2?family=Comic+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 May 2024 22:56:55 GMT
date: Thu, 23 May 2024 22:56:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.xadsmart.com/gangular-gridster.min.css | 185.76.9.15 | 200 OK | 37 kB |
URL GET HTTP/2www.xadsmart.com/gangular-gridster.min.css IP185.76.9.15:443 ASN#60068 Datacamp Limited
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerLet's Encrypt Subject1376341044.rsc.cdn77.org Fingerprint68:8B:ED:E2:67:C5:82:02:7F:17:31:6A:4A:5F:F4:34:D3:AB:57:CF ValidityTue, 30 Apr 2024 06:35:29 GMT - Mon, 29 Jul 2024 06:35:28 GMT
File typeJavaScript source, ASCII text, with very long lines (1568) Hashf66f374ea8f4d91dafa878ff91bbc8cd 96bd69b71ad9756c15b10f56c559baf5b3f69492 8e8166476e0ea28740e20986bf6f9d6315960f1eabc1165f710027ca6ccb80f6
GET /gangular-gridster.min.css HTTP/1.1
Host: www.xadsmart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:56 GMT
content-type: application/x-javascript
popads-node: wb10
expires: Mon, 27 May 2024 16:19:08 GMT
access-control-allow-origin: https://www.amdahost.com
link: <https://xadsmart.com/>;rel=preconnect
cache-control: public, max-age=604800
x-77-nzt: EwwBuUwJDQH3YmUCAAwBuUwKAQH3OQoAAAwBJRPCLgH3IeIBAA
x-77-nzt-ray: c0a4cc2893fc8d10b8c94f66fb2acb37
x-accel-expires: @1716826748
x-accel-date: 1716347990
x-77-cache: HIT
x-77-age: 157026
vary: Accept-Encoding, Origin
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 157026
x-77-pop: stockholmSE
X-Firefox-Spdy: h2
|
|
| accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz1NbIxXZxzNB7dsbl65TgEhD-Zpx7rYzOHCxoZ54iBJdeYGT-ATeP1ehez-VY-AOA58p-9NQ | 64.233.165.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz1NbIxXZxzNB7dsbl65TgEhD-Zpx7rYzOHCxoZ54iBJdeYGT-ATeP1ehez-VY-AOA58p-9NQ IP64.233.165.84:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services Subjectaccounts.google.com FingerprintAE:DC:B1:05:0D:F9:B8:76:4B:01:23:CC:23:87:C4:9E:52:BA:56:94 ValidityMon, 06 May 2024 14:45:05 GMT - Mon, 29 Jul 2024 14:45:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz1NbIxXZxzNB7dsbl65TgEhD-Zpx7rYzOHCxoZ54iBJdeYGT-ATeP1ehez-VY-AOA58p-9NQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:7ohNflUpaF2F8Zq_Z1eBweWVw6GmSA:6mSl8A-xRI4lMv4z;Path=/;Expires=Sat, 23-May-2026 22:57:01 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 May 2024 22:57:01 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxkCAZyH2Qw_g7sl_ll8Rj6ha8s9kBfbRTgy5A2MWGH140ci1YYGCt-H03qCcLK_1BOkFGOZA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-720764645%3A1716505021508434&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-c9NhViD4F_hTqoUXKRfifw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 421
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| tzegilo.com/stattag.js | 172.67.193.52 | 200 OK | 19 kB |
IP172.67.193.52:443
Requested byhttps://www.amdahost.com/watch_direct.php?id=e6ab017f08 CertificateIssuerGoogle Trust Services LLC Subjecttzegilo.com Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1 ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT
File typeJavaScript source, ASCII text, with very long lines (18486) Hash70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:56:59 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4700
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9OD%2Fiq6M2nMgX5txTyyFpfIj%2FFr8YZyFnTZ0QmEPwmFv74u3JDaUc5%2F7%2FoJ9sRNZo%2FY%2BoE%2FUPEktHARYiQRCESpDZ7TmCuYP5BDnLbHK8ll3OvG4nGOIo7iZycwRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a473dc4256b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|