Report - amourhelper.com/tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=26667209341&clickid=czddy6622460d00087f0a&subid2=209

Report Overview

Submitted URL
amourhelper.com/tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=26667209341&clickid=czddy6622460d00087f0a&subid2=209
IP
143.204.55.109
ASN
#16509 AMAZON-02
Submitted
2024-04-19 10:23:58
Access
public
Website Title
amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Final URL
amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
retarget2core.com	86164	2021-10-12	2021-10-14	2024-04-03	609 B	886 B	143.204.55.23
amourhelper.com	unknown	2024-01-05	2022-08-15	2024-03-02	22 kB	1.1 MB	143.204.55.80
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-19	430 B	76 kB	142.250.74.168
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	1.6 kB	50 kB	216.58.207.227
bts.insigit.com	unknown	2011-11-11	2022-10-04	2024-04-17	396 B	9.2 kB	3.121.28.163
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-19	451 B	1.3 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed
2024-04-19	medium	amourhelper.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209	0 B	2023-03-07	2024-05-02
Pretty URL amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209 IP 143.204.55.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-02 11:18:15 Times Seen37270912 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209	0 B	2023-03-07	2024-05-02
Pretty URL amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209 IP 143.204.55.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-02 11:18:15 Times Seen37270912 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	amourhelper.com/ufis/main.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_oid%3D24401%26subid%3D26667209341%26tds_cid%3D4afb8dc3e37054a3b837437e0b099d6c290e1cdf%26tds_host%3Damourhelper.com%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%252FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%253D%26id%3D24401%26dci%3Dfd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383%26tds_campaign%3Db7838dem%26clickid%3Dczddy6622460d00087f0a%26tds_ao%3D1%26affid%3D43882472%26subid2%3D209&uaDataValues={}	199 B	2024-04-07	2024-04-19
Pretty URL amourhelper.com/ufis/main.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_oid%3D24401%26subid%3D26667209341%26tds_cid%3D4afb8dc3e37054a3b837437e0b099d6c290e1cdf%26tds_host%3Damourhelper.com%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%252FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%253D%26id%3D24401%26dci%3Dfd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383%26tds_campaign%3Db7838dem%26clickid%3Dczddy6622460d00087f0a%26tds_ao%3D1%26affid%3D43882472%26subid2%3D209&uaDataValues={} IP 143.204.55.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-07 17:53:02 Last Seen2024-04-19 15:56:59 Times Seen4 Hash 8ce0125624abeac3351ff2d6ab942dbb 95a173ee1fabab8304626ff74b176b6168ad5f42 cd8b8acc2a3d9b4d6cb4b4d209392cf88726751eb2cd0fca7bbf566a3f22ddaf Loading...

	amourhelper.com/web-vitals@3.3.0/dist/web-vitals.iife.js	7.1 kB	2023-03-26	2024-04-30
Pretty URL amourhelper.com/web-vitals@3.3.0/dist/web-vitals.iife.js IP 143.204.55.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 01:17:00 Last Seen2024-04-30 06:09:49 Times Seen845 Hash 377e79edeb1105b21d5e3020bb9a77a3 d8f86defae5c281efe72ea582ff03d23b0d86be0 b2ece5d28dcf047582c05c122e3bf0ed4905a965026a9940c289682620b76a2f Loading...

	amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209	0 B	2023-03-07	2024-05-02
Pretty URL amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209 IP 143.204.55.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-02 11:18:15 Times Seen37270912 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	amourhelper.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js	97 kB	2023-03-07	2024-04-30
Pretty URL amourhelper.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js IP 143.204.55.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2024-04-30 06:09:50 Times Seen281 Hash 20dff8cf5ed8c45d47eca00751d44eb9 209faa3f1a08dcb3c943fe8b6c344571005ef3b4 aaf2bc75c60776c40df9015d7f99cde0e9adb2f81e859276ed30d7c431d6a720 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer	210 kB	2024-04-19	2024-04-19
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 12:23:59 Last Seen2024-04-19 12:23:59 Times Seen2 Hash d6d1b6feeffa7a5cd9559f18604d2483 43f0ac281f2f152a6fd51339365a048f7b93ce22 f94b0bd4115d9ec9a31ebf7463980b8e529b3d966bc898d1c501c370c8a03427 Loading...

	amourhelper.com/bridge/intg.js	339 B	2023-10-24	2024-04-30
Pretty URL amourhelper.com/bridge/intg.js IP 143.204.55.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 14:35:52 Last Seen2024-04-30 06:09:50 Times Seen206 Hash 0984735e7d9ea7efeccf7f8b98fde33b 3657ab09102c809a5b568d3d19fc36bc09c6a860 36765069dc707a1f004301bbc55ee5359b317ab1f2cb66ebfff536522c82fc78 Loading...

	amourhelper.com/integration.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209	2.4 kB	2024-04-19	2024-04-19
Pretty URL amourhelper.com/integration.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209 IP 143.204.55.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 12:23:59 Last Seen2024-04-19 12:23:59 Times Seen1 Hash d68222e6caec2c67e1cd74792daeb10a 0ec2874174e1b95f8b90aa0f169ad706adec9ad4 ac700eec08155eb985a30635bcfe98aa9e2ca076fbc75769421722b30047edc2 Loading...

	amourhelper.com/bts.js	8.9 kB	2024-04-05	2024-05-02
Pretty URL amourhelper.com/bts.js IP 143.204.55.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-05 18:00:16 Last Seen2024-05-02 10:37:44 Times Seen92 Hash 975eaea70ff4996a1f47591983e510bc 51e7e6dcef3d9bbe9e1fb9e27d014e59bf9fbc10 72e69358fa344f2bd1be00400a74600766cf4af15f71abf9b968b3fc3dfc9440 Loading...

	amourhelper.com/bridge/index.js	19 kB	2024-04-07	2024-04-24
Pretty URL amourhelper.com/bridge/index.js IP 143.204.55.80 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-07 17:53:02 Last Seen2024-04-24 09:26:55 Times Seen7 Hash 7d2d6659a15d269eb1fe2780ac7403e4 61f2ab7f55df65d8863cc7e68802438e30eb3642 66afb0787cd19fd1d0444b840f728121ee9e92d9d3f64f35529cf370ad40b2c9 Loading...

		Size	First Seen	Last Seen
	#1 Eval - ca45c42226c1d974d33ba66f5fbec226	273 B	2023-03-07	2024-04-30
Pretty Observations First Seen2023-03-07 01:31:53 Last Seen2024-04-30 06:09:50 Times Seen300 Hash ca45c42226c1d974d33ba66f5fbec226 acdf858cb51509213a6b58ea26c99788ffa9ba51 8f61ee4a89b9d76a579f5ed446960dc9aba5dad5f67f5676bc5aab5f8fe726b3 Loading...

HTTP Transactions (27)

URL IP Response Size

amourhelper.com/bts.js

143.204.55.80

301 Moved Permanently

134 B

URL GET HTTP/3
amourhelper.com/bts.js
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
134 B (134 bytes)
Hash
4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bts.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
content-type: text/html
content-length: 134
age: 1225
server: awselb/2.0
date: Fri, 19 Apr 2024 10:03:07 GMT
location: https://bts.insigit.com:443/bts.js
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: NH4GTuv-MspxkXPvfdW7kiwU6_ekp31jubjA8Ts8-DR-oi4sER1P5w==

www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer

142.250.74.168

200 OK

75 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4073)
Size
75 kB (75445 bytes)
Hash
d6d1b6feeffa7a5cd9559f18604d2483
43f0ac281f2f152a6fd51339365a048f7b93ce22
f94b0bd4115d9ec9a31ebf7463980b8e529b3d966bc898d1c501c370c8a03427

HTTP Headers

GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 19 Apr 2024 10:23:33 GMT
expires: Fri, 19 Apr 2024 10:23:33 GMT
cache-control: private, max-age=900
last-modified: Fri, 19 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75445
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 13:20:56 GMT
expires: Fri, 18 Apr 2025 13:20:56 GMT
cache-control: public, max-age=31536000
age: 75757
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bts.insigit.com/bts.js

3.121.28.163

200 OK

8.9 kB

URL GET HTTP/2
bts.insigit.com/bts.js
IP
3.121.28.163:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectbts.insigit.com
FingerprintCE:F2:1B:70:1B:D1:E2:1A:82:E6:CC:0C:5A:46:F7:29:BA:F5:B6:7B
ValidityMon, 04 Sep 2023 00:00:00 GMT - Thu, 03 Oct 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8877)
Size
8.9 kB (8878 bytes)
Hash
975eaea70ff4996a1f47591983e510bc
51e7e6dcef3d9bbe9e1fb9e27d014e59bf9fbc10
72e69358fa344f2bd1be00400a74600766cf4af15f71abf9b968b3fc3dfc9440

HTTP Headers

GET /bts.js HTTP/1.1
Host: bts.insigit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amourhelper.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 10:23:33 GMT
content-type: application/javascript
content-length: 8878
server: nginx
last-modified: Mon, 01 Apr 2024 08:23:54 GMT
etag: "660a6f1a-22ae"
cache-control: public, max-age=3600
accept-ranges: bytes
X-Firefox-Spdy: h2

amourhelper.com/landings/24401/images/2.gif

143.204.55.80

200 OK

1000 kB

URL GET HTTP/3
amourhelper.com/landings/24401/images/2.gif
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
GIF image data, version 89a, 350 x 350
Size
1000 kB (999922 bytes)
Hash
b6b27f38cd115cf71f4a78cd5ef2a95f
94d2bb66eec706db9cb5660c58208a92c3464b93
60a79cc5475537d4126be3448f0bd7faacafdc09482241a7fb195fffbe03b281

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /landings/24401/images/2.gif HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/gif
content-length: 999922
age: 27790
server: nginx
date: Fri, 19 Apr 2024 02:40:23 GMT
last-modified: Tue, 03 Dec 2019 13:56:45 GMT
etag: "f41f2-598cd1107e140"
accept-ranges: bytes
cache-control: public, max-age=604800
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: AveLkwa-PcO53XCpJE54ppDhmuezn9F6gQYkXmIwPex4fgwBGW_lsg==

amourhelper.com/web-vitals@3.3.0/dist/web-vitals.iife.js

143.204.55.80

200 OK

18 kB

URL GET HTTP/3
amourhelper.com/web-vitals@3.3.0/dist/web-vitals.iife.js
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7050)
Size
18 kB (18457 bytes)
Hash
377e79edeb1105b21d5e3020bb9a77a3
d8f86defae5c281efe72ea582ff03d23b0d86be0
b2ece5d28dcf047582c05c122e3bf0ed4905a965026a9940c289682620b76a2f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-vitals@3.3.0/dist/web-vitals.iife.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
age: 13980317
date: Mon, 22 Jan 2024 16:18:12 GMT
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1b8b-2Pht765cKB7+cupYL/A9I7DYa+A"
via: 1.1 fly.io, 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
fly-request-id: 01HET9EHR7ZFC8YFE31J8MSR9J-fra
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 84991c8b2f489016-FRA
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qvtRxeNrQ7GpsQOSst6OnJW3c15fVZuJeF9vL9sdmK6RxGPJUmtswQ==

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 237355
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

amourhelper.com/b/tr

143.204.55.80

202 Accepted

0 B

URL POST HTTP/3
amourhelper.com/b/tr
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 836
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XE1HQmA7u5-7OCOCPO2oULMd8BCzxHbJhNW9fCiUuYpo4sF4hdDBPg==

amourhelper.com/b/tr

143.204.55.80

202 Accepted

0 B

URL POST HTTP/3
amourhelper.com/b/tr
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 837
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Q9Y6EuKS4BfKM_ygAFN9V3E41yxfPhe-OhZH82eHaIYib6d8rvnecQ==

amourhelper.com/b/tr

143.204.55.80

202 Accepted

0 B

URL POST HTTP/3
amourhelper.com/b/tr
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 932
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: K7Yjiti-u-xwg-sIWS-lgTWXLLunUQyMhRZmlM9mn9jUmrWgBFFd1Q==

amourhelper.com/b/tr

143.204.55.80

202 Accepted

0 B

URL POST HTTP/3
amourhelper.com/b/tr
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 836
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -G_7vaqzOzZsw0EG30RPvurPaqu4g4HmnZWlUH3sbAKD8fewZvgvmw==

fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap

142.250.74.106

200 OK

713 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text
Size
713 B (713 bytes)
Hash
a1b623b480c10860325cec82f031ff4a
9ee81458c3ef11577daa3b7bc34e693bb5d36d89
31d196afc7bf97b61be0a9881f623b3b8a7b56d4b0c08c6b78c37ce92d7827b2

HTTP Headers

GET /css?family=Roboto:400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 10:23:32 GMT
date: Fri, 19 Apr 2024 10:23:32 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

amourhelper.com/b/tr

143.204.55.80

202 Accepted

0 B

URL POST HTTP/3
amourhelper.com/b/tr
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 937
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zkLThSs40gIK_AoEpEJdUTT8ErdZ7MHRxlxznykMCxez5fEjUrXCzw==

amourhelper.com/b/tr

143.204.55.80

202 Accepted

0 B

URL POST HTTP/3
amourhelper.com/b/tr
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 833
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QRHU7m88XzK_MnQ-e3xJIaJX8M5dMP2j_6dfduJZGD9ZmzrsqJkSkA==

amourhelper.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js

143.204.55.80

200 OK

34 kB

URL GET HTTP/3
amourhelper.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65535)
Size
34 kB (33747 bytes)
Hash
20dff8cf5ed8c45d47eca00751d44eb9
209faa3f1a08dcb3c943fe8b6c344571005ef3b4
aaf2bc75c60776c40df9015d7f99cde0e9adb2f81e859276ed30d7c431d6a720

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
server: nginx
last-modified: Thu, 25 Aug 2022 15:53:12 GMT
content-encoding: gzip
date: Fri, 19 Apr 2024 10:23:32 GMT
etag: W/"17b45-5e712cb6e8a00"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: yR0hItNnYwTN34k-3z3WQlqLEtnsvPi9c2nMSzANWq9q3B-GkL08jA==

retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?j_type=open&jump=24401&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383

143.204.55.23

200 OK

35 B

URL GET HTTP/2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?j_type=open&jump=24401&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383
IP
143.204.55.23:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectretarget2core.com
FingerprintAC:15:CC:37:0E:B3:F2:08:95:E0:FC:52:46:A2:9A:06:02:11:B5:F5
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?j_type=open&jump=24401&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383 HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/gif
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=d8e2ff2319556bb904843e3e84eb3a4773f152e9; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Sat, 19 Apr 2025 10:23:32 GMT; Secure; SameSite=None
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: oOYGnChVsjnw-sKoh0sfuXjLiMX_JHW9n0Nw7Xc9x3iqAz3fRU0Yeg==
X-Firefox-Spdy: h2

amourhelper.com/b/tr

143.204.55.80

202 Accepted

0 B

URL POST HTTP/3
amourhelper.com/b/tr
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 933
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 10:23:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: siF9MylJGQ1dMttADCrghZv-MUwTWCpHIzE4pAaLvkutNc7UE6rb4A==

amourhelper.com/images/jump-favicon.ico

143.204.55.80

200 OK

9.2 kB

URL GET HTTP/3
amourhelper.com/images/jump-favicon.ico
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
9.2 kB (9206 bytes)
Hash
b9a55e8c555a6b5d67fa8c79813c7484
b85324b73b9e311bcc297cdeb7b937e244796a0c
6b3a67f6327c4e461c0e997a216a1cec4aa476380966664e21d7130209eac260

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/jump-favicon.ico HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=0967e143941e411b980a710aaa432d2a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/vnd.microsoft.icon
alt-svc: h3=":443"; ma=86400
age: 471793
server: nginx
last-modified: Fri, 05 Dec 2014 08:28:50 GMT
content-encoding: gzip
date: Sat, 13 Apr 2024 23:20:20 GMT
cache-control: public, max-age=604800
etag: W/"47e-50973ddcdee10"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Y581-PwWU5nsQnDUI2ivdvCn3DrdHISONbwKu6neBKM6v65nPHCLkg==

amourhelper.com/bridge/intg.js

143.204.55.80

200 OK

7.7 kB

URL GET HTTP/3
amourhelper.com/bridge/intg.js
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (338)
Size
7.7 kB (7693 bytes)
Hash
0984735e7d9ea7efeccf7f8b98fde33b
3657ab09102c809a5b568d3d19fc36bc09c6a860
36765069dc707a1f004301bbc55ee5359b317ab1f2cb66ebfff536522c82fc78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bridge/intg.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=3600
last-modified: Mon, 15 Apr 2024 09:30:50 GMT
etag: W/"153-18ee1184d10"
content-encoding: br
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: nDVIfpDN7KOT8YJBzc9MhabA4x5MB4L1FvIkWFczCSP0spE92OpdXg==

amourhelper.com/tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=26667209341&clickid=czddy6622460d00087f0a&subid2=209

143.204.55.80

302 Found

6.5 kB

URL User Request GET HTTP/2
amourhelper.com/tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=26667209341&clickid=czddy6622460d00087f0a&subid2=209
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type

Size
6.5 kB (6464 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=26667209341&clickid=czddy6622460d00087f0a&subid2=209 HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; Max-Age=31536000; Domain=.amourhelper.com; Path=/; Expires=Sat, 19 Apr 2025 10:23:32 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Wed, 24 Apr 2024 10:23:32 GMT
x-cache: Miss from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: wfX4tZGZ1M_48HAP2pRtt9ZS25uXFWgVknOto33gKRNFrvZuN9wX7w==
X-Firefox-Spdy: h2

amourhelper.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css

143.204.55.80

200 OK

3.0 kB

URL GET HTTP/3
amourhelper.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3050), with no line terminators
Size
3.0 kB (3038 bytes)
Hash
83c9e030cdc5aa7c5eaef3d4796a7ea6
075e0979a293c405c1bcacee3928cffd2deeb6ac
63f8c3b20ed7b2b2a2c35ca5951a95c9d74fbe343a045bb0ed862970ac3143a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css
alt-svc: h3=":443"; ma=86400
age: 27791
server: nginx
date: Fri, 19 Apr 2024 02:40:21 GMT
last-modified: Thu, 25 Aug 2022 15:53:12 GMT
etag: W/"bde-5e712cb6e8a00"
content-encoding: br
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: x_9qHsmReCGVMIG4KKcZBaEBVhnwbumCEpsZHQr8IwV92CmDeflXAw==

amourhelper.com/bridge/index.js

143.204.55.80

200 OK

19 kB

URL GET HTTP/3
amourhelper.com/bridge/index.js
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (18773)
Size
19 kB (18774 bytes)
Hash
7d2d6659a15d269eb1fe2780ac7403e4
61f2ab7f55df65d8863cc7e68802438e30eb3642
66afb0787cd19fd1d0444b840f728121ee9e92d9d3f64f35529cf370ad40b2c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bridge/index.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Mon, 15 Apr 2024 09:30:50 GMT
etag: W/"4956-18ee1184d10"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: PeB4ErCYdj8pr4xgdF_sj16SMjkqI67A_b1wjFzh7QIfMwHCyKEe5w==

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 01:54:31 GMT
expires: Wed, 16 Apr 2025 01:54:31 GMT
cache-control: public, max-age=31536000
age: 289742
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209

143.204.55.80

200 OK

6.5 kB

URL User Request GET HTTP/2
amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (6791), with no line terminators
Size
6.5 kB (6464 bytes)
Hash
5957ee3e96e7d1c3117aa87b495adb0a
b295cb11e84e67ee6353b1c29fbbb4b272a76490
5ec775a862e2497eb186ad7e6eff74e70c96817711c9d48839275e7c188c99c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209 HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: nginx
date: Fri, 19 Apr 2024 10:23:32 GMT
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 2mQyZ6B_02n-lcJ6EwC2IodPEulP6-iWZEDORg4uOXKyLJkAmNphhw==
X-Firefox-Spdy: h2

amourhelper.com/integration.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209

143.204.55.80

200 OK

2.4 kB

URL GET HTTP/3
amourhelper.com/integration.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2534), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
4e7d3264e934c3b235aec41730ab425e
14d0ccb5f50ee2ed1c45bd32ef2876470756f285
cde2fde366e45d615c9e4e9464323a181bc5830cd8f8ad8313fbfbd1056717fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /integration.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209 HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"959-DsKHQXThuV+LkKoPFprXBq3smtQ"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: MvHT4Onlu9QSSlbUVmhJhHRHmRs9XydWbLj6310FuHNb8lD5RbYj1Q==

amourhelper.com/tds/interlayer?handler=FrodiData

143.204.55.80

200 OK

0 B

URL POST HTTP/3
amourhelper.com/tds/interlayer?handler=FrodiData
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /tds/interlayer?handler=FrodiData HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 1762
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: HzCNttSirxwHRCRh7E-Sb7YXjbWnySce2dPW6EaysiiLu1EGNh_Dsg==

amourhelper.com/ufis/main.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_oid%3D24401%26subid%3D26667209341%26tds_cid%3D4afb8dc3e37054a3b837437e0b099d6c290e1cdf%26tds_host%3Damourhelper.com%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%252FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%253D%26id%3D24401%26dci%3Dfd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383%26tds_campaign%3Db7838dem%26clickid%3Dczddy6622460d00087f0a%26tds_ao%3D1%26affid%3D43882472%26subid2%3D209&uaDataValues={}

143.204.55.80

200 OK

199 B

URL GET HTTP/3
amourhelper.com/ufis/main.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_oid%3D24401%26subid%3D26667209341%26tds_cid%3D4afb8dc3e37054a3b837437e0b099d6c290e1cdf%26tds_host%3Damourhelper.com%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%252FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%253D%26id%3D24401%26dci%3Dfd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383%26tds_campaign%3Db7838dem%26clickid%3Dczddy6622460d00087f0a%26tds_ao%3D1%26affid%3D43882472%26subid2%3D209&uaDataValues={}
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Certificate
IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
199 B (199 bytes)
Hash
6103f9e24fd751b982e5475550d3f72a
b9db25f2ac365269125fa6f7d6024d762782fd1f
e836f6aea3f3116fa98a7c53ef9f30d2d4ce0b919524c23905b7142ef9ca8050

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ufis/main.js?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_oid%3D24401%26subid%3D26667209341%26tds_cid%3D4afb8dc3e37054a3b837437e0b099d6c290e1cdf%26tds_host%3Damourhelper.com%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%252FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%253D%26id%3D24401%26dci%3Dfd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383%26tds_campaign%3Db7838dem%26clickid%3Dczddy6622460d00087f0a%26tds_ao%3D1%26affid%3D43882472%26subid2%3D209&uaDataValues={} HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_oid=24401&subid=26667209341&tds_cid=4afb8dc3e37054a3b837437e0b099d6c290e1cdf&tds_host=amourhelper.com&tds_id=b7838dem_jump_a_1598613018653&tds_ac_id=s8304dem&utm_source=int&s1=ps&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvMzBmODAxZTI1MzQ2NjgzNWVmYWU3NmFiMjlhNTE0MTc%2FX190PTE3MTM1MjIyMTIxODkmX19sPTM2MDAmX19jPTRhZmI4ZGMzZTM3MDU0YTNiODM3NDM3ZTBiMDk5ZDZjMjkwZTFjZGY%3D&id=24401&dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383&tds_campaign=b7838dem&clickid=czddy6622460d00087f0a&tds_ao=1&affid=43882472&subid2=209
Cookie: dci=fd24943e5f4bdeaf1a6a95ba2a6dba0e1ab4f383; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 10:23:32 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"c7-laFz7h+rq4MEYm/3SxdrYWitX0I"
content-encoding: br
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-id: AHy76lSpUNwhK0BA8mxxr1CoB0JMk6ORfcseaXzk-QmqgRQoFpvi7Q==

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML