amourhelper.com/bts.js
143.204.55.80301 Moved Permanently 134 B IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bts.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
content-type: text/html
content-length: 134
age: 1225
server: awselb/2.0
date: Fri, 19 Apr 2024 10:03:07 GMT
location: https://bts.insigit.com:443/bts.js
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: NH4GTuv-MspxkXPvfdW7kiwU6_ekp31jubjA8Ts8-DR-oi4sER1P5w==
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
142.250.74.168200 OK 75 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP 142.250.74.168:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File type JavaScript source, ASCII text, with very long lines (4073)
Hash d6d1b6feeffa7a5cd9559f18604d2483
43f0ac281f2f152a6fd51339365a048f7b93ce22
f94b0bd4115d9ec9a31ebf7463980b8e529b3d966bc898d1c501c370c8a03427
GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 19 Apr 2024 10:23:33 GMT
expires: Fri, 19 Apr 2024 10:23:33 GMT
cache-control: private, max-age=900
last-modified: Fri, 19 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75445
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 13:20:56 GMT
expires: Fri, 18 Apr 2025 13:20:56 GMT
cache-control: public, max-age=31536000
age: 75757
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bts.insigit.com/bts.js
3.121.28.163200 OK 8.9 kB IP 3.121.28.163:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectbts.insigit.com
FingerprintCE:F2:1B:70:1B:D1:E2:1A:82:E6:CC:0C:5A:46:F7:29:BA:F5:B6:7B
ValidityMon, 04 Sep 2023 00:00:00 GMT - Thu, 03 Oct 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (8877)
Hash 975eaea70ff4996a1f47591983e510bc
51e7e6dcef3d9bbe9e1fb9e27d014e59bf9fbc10
72e69358fa344f2bd1be00400a74600766cf4af15f71abf9b968b3fc3dfc9440
GET /bts.js HTTP/1.1
Host: bts.insigit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amourhelper.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 10:23:33 GMT
content-type: application/javascript
content-length: 8878
server: nginx
last-modified: Mon, 01 Apr 2024 08:23:54 GMT
etag: "660a6f1a-22ae"
cache-control: public, max-age=3600
accept-ranges: bytes
X-Firefox-Spdy: h2
amourhelper.com/landings/24401/images/2.gif
143.204.55.80200 OK 1000 kB URL GET HTTP/3 amourhelper.com/landings/24401/images/2.gif
IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type GIF image data, version 89a, 350 x 350
Size 1000 kB (999922 bytes)
Hash b6b27f38cd115cf71f4a78cd5ef2a95f
94d2bb66eec706db9cb5660c58208a92c3464b93
60a79cc5475537d4126be3448f0bd7faacafdc09482241a7fb195fffbe03b281
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /landings/24401/images/2.gif HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: image/gif
content-length: 999922
age: 27790
server: nginx
date: Fri, 19 Apr 2024 02:40:23 GMT
last-modified: Tue, 03 Dec 2019 13:56:45 GMT
etag: "f41f2-598cd1107e140"
accept-ranges: bytes
cache-control: public, max-age=604800
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: AveLkwa-PcO53XCpJE54ppDhmuezn9F6gQYkXmIwPex4fgwBGW_lsg==
amourhelper.com/web-vitals@3.3.0/dist/web-vitals.iife.js
143.204.55.80200 OK 18 kB URL GET HTTP/3 amourhelper.com/web-vitals@3.3.0/dist/web-vitals.iife.js
IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (7050)
Hash 377e79edeb1105b21d5e3020bb9a77a3
d8f86defae5c281efe72ea582ff03d23b0d86be0
b2ece5d28dcf047582c05c122e3bf0ed4905a965026a9940c289682620b76a2f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /web-vitals@3.3.0/dist/web-vitals.iife.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
age: 13980317
date: Mon, 22 Jan 2024 16:18:12 GMT
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1b8b-2Pht765cKB7+cupYL/A9I7DYa+A"
via: 1.1 fly.io, 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
fly-request-id: 01HET9EHR7ZFC8YFE31J8MSR9J-fra
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 84991c8b2f489016-FRA
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qvtRxeNrQ7GpsQOSst6OnJW3c15fVZuJeF9vL9sdmK6RxGPJUmtswQ==
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 237355
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
amourhelper.com/b/tr
143.204.55.80202 Accepted 0 B IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 836
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XE1HQmA7u5-7OCOCPO2oULMd8BCzxHbJhNW9fCiUuYpo4sF4hdDBPg==
amourhelper.com/b/tr
143.204.55.80202 Accepted 0 B IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 837
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Q9Y6EuKS4BfKM_ygAFN9V3E41yxfPhe-OhZH82eHaIYib6d8rvnecQ==
amourhelper.com/b/tr
143.204.55.80202 Accepted 0 B IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 932
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: K7Yjiti-u-xwg-sIWS-lgTWXLLunUQyMhRZmlM9mn9jUmrWgBFFd1Q==
amourhelper.com/b/tr
143.204.55.80202 Accepted 0 B IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 836
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -G_7vaqzOzZsw0EG30RPvurPaqu4g4HmnZWlUH3sbAKD8fewZvgvmw==
fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap
142.250.74.106200 OK 713 B URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap
IP 142.250.74.106:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
Hash a1b623b480c10860325cec82f031ff4a
9ee81458c3ef11577daa3b7bc34e693bb5d36d89
31d196afc7bf97b61be0a9881f623b3b8a7b56d4b0c08c6b78c37ce92d7827b2
GET /css?family=Roboto:400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 10:23:32 GMT
date: Fri, 19 Apr 2024 10:23:32 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
amourhelper.com/b/tr
143.204.55.80202 Accepted 0 B IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 937
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zkLThSs40gIK_AoEpEJdUTT8ErdZ7MHRxlxznykMCxez5fEjUrXCzw==
amourhelper.com/b/tr
143.204.55.80202 Accepted 0 B IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 833
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QRHU7m88XzK_MnQ-e3xJIaJX8M5dMP2j_6dfduJZGD9ZmzrsqJkSkA==
amourhelper.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js
143.204.55.80200 OK 34 kB URL GET HTTP/3 amourhelper.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js
IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65535)
Hash 20dff8cf5ed8c45d47eca00751d44eb9
209faa3f1a08dcb3c943fe8b6c344571005ef3b4
aaf2bc75c60776c40df9015d7f99cde0e9adb2f81e859276ed30d7c431d6a720
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
server: nginx
last-modified: Thu, 25 Aug 2022 15:53:12 GMT
content-encoding: gzip
date: Fri, 19 Apr 2024 10:23:32 GMT
etag: W/"17b45-5e712cb6e8a00"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: yR0hItNnYwTN34k-3z3WQlqLEtnsvPi9c2nMSzANWq9q3B-GkL08jA==
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?j_type=open&jump=24401&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383
143.204.55.23200 OK 35 B URL GET HTTP/2 retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?j_type=open&jump=24401&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383
IP 143.204.55.23:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectretarget2core.com
FingerprintAC:15:CC:37:0E:B3:F2:08:95:E0:FC:52:46:A2:9A:06:02:11:B5:F5
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?j_type=open&jump=24401&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383 HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=d8e2ff2319556bb904843e3e84eb3a4773f152e9; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Sat, 19 Apr 2025 10:23:32 GMT; Secure; SameSite=None
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: oOYGnChVsjnw-sKoh0sfuXjLiMX_JHW9n0Nw7Xc9x3iqAz3fRU0Yeg==
X-Firefox-Spdy: h2
amourhelper.com/b/tr
143.204.55.80202 Accepted 0 B IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 933
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: siF9MylJGQ1dMttADCrghZv-MUwTWCpHIzE4pAaLvkutNc7UE6rb4A==
amourhelper.com/images/jump-favicon.ico
143.204.55.80200 OK 9.2 kB URL GET HTTP/3 amourhelper.com/images/jump-favicon.ico
IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type gzip compressed data, from Unix
Hash b9a55e8c555a6b5d67fa8c79813c7484
b85324b73b9e311bcc297cdeb7b937e244796a0c
6b3a67f6327c4e461c0e997a216a1cec4aa476380966664e21d7130209eac260
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/jump-favicon.ico HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: image/vnd.microsoft.icon
alt-svc: h3=":443"; ma=86400
age: 471793
server: nginx
last-modified: Fri, 05 Dec 2014 08:28:50 GMT
content-encoding: gzip
date: Sat, 13 Apr 2024 23:20:20 GMT
cache-control: public, max-age=604800
etag: W/"47e-50973ddcdee10"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Y581-PwWU5nsQnDUI2ivdvCn3DrdHISONbwKu6neBKM6v65nPHCLkg==
amourhelper.com/bridge/intg.js
143.204.55.80200 OK 7.7 kB URL GET HTTP/3 amourhelper.com/bridge/intg.js
IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (338)
Hash 0984735e7d9ea7efeccf7f8b98fde33b
3657ab09102c809a5b568d3d19fc36bc09c6a860
36765069dc707a1f004301bbc55ee5359b317ab1f2cb66ebfff536522c82fc78
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bridge/intg.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=3600
last-modified: Mon, 15 Apr 2024 09:30:50 GMT
etag: W/"153-18ee1184d10"
content-encoding: br
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: nDVIfpDN7KOT8YJBzc9MhabA4x5MB4L1FvIkWFczCSP0spE92OpdXg==
amourhelper.com/tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=26667209341&clickid=czddy6622460d00087f0a&subid2=209
143.204.55.80302 Found 6.5 kB URL User Request GET HTTP/2 amourhelper.com/tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=26667209341&clickid=czddy6622460d00087f0a&subid2=209
IP 143.204.55.80:443
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=26667209341&clickid=czddy6622460d00087f0a&subid2=209 HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; Max-Age=31536000; Domain=.amourhelper.com; Path=/; Expires=Sat, 19 Apr 2025 10:23:32 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Wed, 24 Apr 2024 10:23:32 GMT
x-cache: Miss from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: wfX4tZGZ1M_48HAP2pRtt9ZS25uXFWgVknOto33gKRNFrvZuN9wX7w==
X-Firefox-Spdy: h2
amourhelper.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
143.204.55.80200 OK 3.0 kB URL GET HTTP/3 amourhelper.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type ASCII text, with very long lines (3050), with no line terminators
Hash 83c9e030cdc5aa7c5eaef3d4796a7ea6
075e0979a293c405c1bcacee3928cffd2deeb6ac
63f8c3b20ed7b2b2a2c35ca5951a95c9d74fbe343a045bb0ed862970ac3143a7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css
alt-svc: h3=":443"; ma=86400
age: 27791
server: nginx
date: Fri, 19 Apr 2024 02:40:21 GMT
last-modified: Thu, 25 Aug 2022 15:53:12 GMT
etag: W/"bde-5e712cb6e8a00"
content-encoding: br
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: x_9qHsmReCGVMIG4KKcZBaEBVhnwbumCEpsZHQr8IwV92CmDeflXAw==
amourhelper.com/bridge/index.js
143.204.55.80200 OK 19 kB URL GET HTTP/3 amourhelper.com/bridge/index.js
IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (18773)
Hash 7d2d6659a15d269eb1fe2780ac7403e4
61f2ab7f55df65d8863cc7e68802438e30eb3642
66afb0787cd19fd1d0444b840f728121ee9e92d9d3f64f35529cf370ad40b2c9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bridge/index.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Mon, 15 Apr 2024 09:30:50 GMT
etag: W/"4956-18ee1184d10"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: PeB4ErCYdj8pr4xgdF_sj16SMjkqI67A_b1wjFzh7QIfMwHCyKEe5w==
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 01:54:31 GMT
expires: Wed, 16 Apr 2025 01:54:31 GMT
cache-control: public, max-age=31536000
age: 289742
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
143.204.55.80200 OK 6.5 kB URL User Request GET HTTP/2 amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
IP 143.204.55.80:443
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (6791), with no line terminators
Hash 5957ee3e96e7d1c3117aa87b495adb0a
b295cb11e84e67ee6353b1c29fbbb4b272a76490
5ec775a862e2497eb186ad7e6eff74e70c96817711c9d48839275e7c188c99c0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209 HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: nginx
date: Fri, 19 Apr 2024 10:23:32 GMT
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 2mQyZ6B_02n-lcJ6EwC2IodPEulP6-iWZEDORg4uOXKyLJkAmNphhw==
X-Firefox-Spdy: h2
amourhelper.com/integration.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
143.204.55.80200 OK 2.4 kB URL GET HTTP/3 amourhelper.com/integration.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (2534), with no line terminators
Hash 4e7d3264e934c3b235aec41730ab425e
14d0ccb5f50ee2ed1c45bd32ef2876470756f285
cde2fde366e45d615c9e4e9464323a181bc5830cd8f8ad8313fbfbd1056717fc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /integration.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209 HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"959-DsKHQXThuV+LkKoPFprXBq3smtQ"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: MvHT4Onlu9QSSlbUVmhJhHRHmRs9XydWbLj6310FuHNb8lD5RbYj1Q==
amourhelper.com/tds/interlayer?handler=FrodiData
143.204.55.80200 OK 0 B URL POST HTTP/3 amourhelper.com/tds/interlayer?handler=FrodiData
IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /tds/interlayer?handler=FrodiData HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 1762
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: HzCNttSirxwHRCRh7E-Sb7YXjbWnySce2dPW6EaysiiLu1EGNh_Dsg==
amourhelper.com/ufis/main.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_oid%3D24401%26subid%3D26667209341%26tds_cid%3D4afb8dc3e37054a3b837437e0b099d6c290e1cdf%26tds_host%3Damourhelper.com%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%252FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%253D%26id%3D24401%26dci%3Dfd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383%26tds_campaign%3Db7838dem%26clickid%3Dczddy6622460d00087f0a%26tds_ao%3D1%26affid%3D43882472%26subid2%3D209&uaDataValues={}
143.204.55.80200 OK 199 B URL GET HTTP/3 amourhelper.com/ufis/main.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_oid%3D24401%26subid%3D26667209341%26tds_cid%3D4afb8dc3e37054a3b837437e0b099d6c290e1cdf%26tds_host%3Damourhelper.com%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%252FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%253D%26id%3D24401%26dci%3Dfd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383%26tds_campaign%3Db7838dem%26clickid%3Dczddy6622460d00087f0a%26tds_ao%3D1%26affid%3D43882472%26subid2%3D209&uaDataValues={}
IP 143.204.55.80:443
Requested by https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 6103f9e24fd751b982e5475550d3f72a
b9db25f2ac365269125fa6f7d6024d762782fd1f
e836f6aea3f3116fa98a7c53ef9f30d2d4ce0b919524c23905b7142ef9ca8050
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ufis/main.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_oid%3D24401%26subid%3D26667209341%26tds_cid%3D4afb8dc3e37054a3b837437e0b099d6c290e1cdf%26tds_host%3Damourhelper.com%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%252FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%253D%26id%3D24401%26dci%3Dfd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383%26tds_campaign%3Db7838dem%26clickid%3Dczddy6622460d00087f0a%26tds_ao%3D1%26affid%3D43882472%26subid2%3D209&uaDataValues={} HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"c7-laFz7h+rq4MEYm/3SxdrYWitX0I"
content-encoding: br
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: AHy76lSpUNwhK0BA8mxxr1CoB0JMk6ORfcseaXzk-QmqgRQoFpvi7Q==