amourhelper.com/bts.js
301 Moved Permanently 134 B IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bts.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
content-type: text/html
content-length: 134
age: 3548
server: awselb/2.0
date: Fri, 19 Apr 2024 12:57:24 GMT
location: https://bts.insigit.com:443/bts.js
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: BVVt4XO_7gOGY1f5pG5511nqFU761_ZFrzYrvoajlCoIL4XD-F3uSg==
fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap
200 OK 1.2 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File type gzip compressed data, max compression
Hash fbd03f6d6fb97f3eff26704d972f16b0
12a083fdf7f5c52cd2c53803be69ef50da52986a
da8c7c7b83538072e93fe0e652ac48adde4c84bf74269959dc824aff34de54c9
GET /css?family=Roboto:400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 13:56:32 GMT
date: Fri, 19 Apr 2024 13:56:32 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
amourhelper.com/landings/24401/images/2.gif
200 OK 1000 kB URL GET HTTP/3 amourhelper.com/landings/24401/images/2.gif
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type GIF image data, version 89a, 350 x 350
Size 1000 kB (999922 bytes)
Hash b6b27f38cd115cf71f4a78cd5ef2a95f
94d2bb66eec706db9cb5660c58208a92c3464b93
60a79cc5475537d4126be3448f0bd7faacafdc09482241a7fb195fffbe03b281
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /landings/24401/images/2.gif HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: image/gif
content-length: 999922
age: 40569
server: nginx
date: Fri, 19 Apr 2024 02:40:23 GMT
last-modified: Tue, 03 Dec 2019 13:56:45 GMT
etag: "f41f2-598cd1107e140"
accept-ranges: bytes
cache-control: public, max-age=604800
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Nl1Zgz_FBkvMLgAgjhNt7cprOR9iIeJiDgn3xDcIiYcPiiOXsbQvrw==
amourhelper.com/web-vitals@3.3.0/dist/web-vitals.iife.js
200 OK 18 kB URL GET HTTP/3 amourhelper.com/web-vitals@3.3.0/dist/web-vitals.iife.js
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (7050)
Hash 377e79edeb1105b21d5e3020bb9a77a3
d8f86defae5c281efe72ea582ff03d23b0d86be0
b2ece5d28dcf047582c05c122e3bf0ed4905a965026a9940c289682620b76a2f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /web-vitals@3.3.0/dist/web-vitals.iife.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
age: 13993097
date: Mon, 22 Jan 2024 16:18:12 GMT
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1b8b-2Pht765cKB7+cupYL/A9I7DYa+A"
via: 1.1 fly.io, 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
fly-request-id: 01HET9EHR7ZFC8YFE31J8MSR9J-fra
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 84991c8b2f489016-FRA
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cvfDwz0cV03fDZQHpWMelwVvQrfj9WP0LHxIVOPh1GUTZmvNUAP5jQ==
amourhelper.com/bridge/index.js
200 OK 23 kB URL GET HTTP/3 amourhelper.com/bridge/index.js
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type gzip compressed data, from Unix
Hash 8f3a432e54e8013faa24565d0826b3ba
c19a8e891b555d8babb68b39519d81a877e3b021
a9cf5b7187b6b855f60b349027eb149815a5dbd44be61b94c989edf16892d46a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bridge/index.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 13:56:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Mon, 15 Apr 2024 09:30:50 GMT
etag: W/"4956-18ee1184d10"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-id: cc7Im378KapsK4obPdRCeiaEyqSOoQ0uePWb5uGzVt7-RrlO3bFxmQ==
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
200 OK 75 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File type JavaScript source, ASCII text, with very long lines (4073)
Hash 4bb2e38bedf3cd43915deaf872cf8021
405a08a78a5755f7210b04bfda5937702a495468
607ac56eb9d6667c6ade68f5d8d7306a72e33caf9176209e9bebd3ffc37a25c9
GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 19 Apr 2024 13:56:32 GMT
expires: Fri, 19 Apr 2024 13:56:32 GMT
cache-control: private, max-age=900
last-modified: Fri, 19 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75413
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 250135
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bts.insigit.com/bts.js
200 OK 8.9 kB IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectbts.insigit.com
FingerprintCE:F2:1B:70:1B:D1:E2:1A:82:E6:CC:0C:5A:46:F7:29:BA:F5:B6:7B
ValidityMon, 04 Sep 2023 00:00:00 GMT - Thu, 03 Oct 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (8877)
Hash 975eaea70ff4996a1f47591983e510bc
51e7e6dcef3d9bbe9e1fb9e27d014e59bf9fbc10
72e69358fa344f2bd1be00400a74600766cf4af15f71abf9b968b3fc3dfc9440
GET /bts.js HTTP/1.1
Host: bts.insigit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amourhelper.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 13:56:33 GMT
content-type: application/javascript
content-length: 8878
server: nginx
last-modified: Mon, 01 Apr 2024 08:23:54 GMT
etag: "660a6f1a-22ae"
cache-control: public, max-age=3600
accept-ranges: bytes
X-Firefox-Spdy: h2
amourhelper.com/b/tr
202 Accepted 0 B IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 919
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=e68b3312ad3f45898477ef73dce2a6d2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 13:56:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0KmKRndqGv9nm0J89Bd_kMgS-j1jVNpuR9fMU3iPSu9vyP06IbQx5A==
amourhelper.com/b/tr
202 Accepted 0 B IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 816
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=e68b3312ad3f45898477ef73dce2a6d2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 13:56:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NaOo0FhzJKHEIeLeVDOeNw6QPG7seQ0JvMpAA8_g0cHdG-R1n-5Rwg==
amourhelper.com/b/tr
202 Accepted 0 B IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 822
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=e68b3312ad3f45898477ef73dce2a6d2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 13:56:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0yiip8y3DXJ5sbUrExNi7oZQfGh65v1kthPns4IrpD92Y9CGow4cFw==
amourhelper.com/b/tr
202 Accepted 0 B IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 819
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=e68b3312ad3f45898477ef73dce2a6d2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 13:56:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ldFC4mZP0ELFy5iKH03A1lmGymRCoo0i_XV7lJiCRKfj9AxbJcBLfw==
amourhelper.com/b/tr
202 Accepted 0 B IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 822
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=e68b3312ad3f45898477ef73dce2a6d2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 13:56:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PWwvReheMRhElddQkNLb2QARb0DA0grze-_v-MWWk0-aUQgqMWJCCA==
amourhelper.com/b/tr
202 Accepted 0 B IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 823
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=e68b3312ad3f45898477ef73dce2a6d2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 13:56:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DZh7I6AGHebg10hNJ3AYV2PxEAmoMOKUzgXD6eWmDTLG-QJtApahxw==
amourhelper.com/images/jump-favicon.ico
200 OK 140 B URL GET HTTP/3 amourhelper.com/images/jump-favicon.ico
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Hash 0952b9dfa1e4ebf0058592eee3302a73
097850b34d43b1d9557d1c67e144f86679a84be6
dedda483c1ee58da9fb3d6f9f9ba972db18d893554a53673a32221bb3d93a701
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/jump-favicon.ico HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=e68b3312ad3f45898477ef73dce2a6d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: image/vnd.microsoft.icon
alt-svc: h3=":443"; ma=86400
age: 484573
server: nginx
last-modified: Fri, 05 Dec 2014 08:28:50 GMT
content-encoding: gzip
date: Sat, 13 Apr 2024 23:20:20 GMT
cache-control: public, max-age=604800
etag: W/"47e-50973ddcdee10"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dRhloSrEloZUAsLLlXITGAO_oEHab-7yu_32Y7096pOD_jw618hhcw==
amourhelper.com/b/tr
202 Accepted 0 B IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 821
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=e68b3312ad3f45898477ef73dce2a6d2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 13:56:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EPqKqYvB-OsxuID2ZJZO-K8R9zRv679w3TbcIcFXh5ozTh7WuGI5lA==
amourhelper.com/b/tr
202 Accepted 0 B IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /b/tr HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 812
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42; __bts_cid=e68b3312ad3f45898477ef73dce2a6d2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 202 Accepted
content-type: application/octet-stream
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 19 Apr 2024 13:56:33 GMT
server: nginx
cache-control: no-store
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1KgD9xjmguer0G_gxfSKam_692j17IY3uhXnQEbBlMSOw85B-rA4Ag==
amourhelper.com/ufis/main.js?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_cid%3D3efa8cca3c60bfe4420605827c77f74db90a91fe%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_oid%3D24401%26dci%3De4e43af861f9accfc8a8036ea3331f46b4e7e5d8%26tds_campaign%3Db7838dem%26clickid%3Dbmvjs662277fc00009977%26id%3D24401%26tds_host%3Damourhelper.com%26subid2%3D%26subid%3D%26tds_ao%3D1%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%252FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%253D%26affid%3D43882472&uaDataValues={}
200 OK 117 B URL GET HTTP/3 amourhelper.com/ufis/main.js?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_cid%3D3efa8cca3c60bfe4420605827c77f74db90a91fe%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_oid%3D24401%26dci%3De4e43af861f9accfc8a8036ea3331f46b4e7e5d8%26tds_campaign%3Db7838dem%26clickid%3Dbmvjs662277fc00009977%26id%3D24401%26tds_host%3Damourhelper.com%26subid2%3D%26subid%3D%26tds_ao%3D1%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%252FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%253D%26affid%3D43882472&uaDataValues={}
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash 8ce0125624abeac3351ff2d6ab942dbb
95a173ee1fabab8304626ff74b176b6168ad5f42
cd8b8acc2a3d9b4d6cb4b4d209392cf88726751eb2cd0fca7bbf566a3f22ddaf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ufis/main.js?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472&ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Famourhelper.com%2Fjump%3Ftds_cid%3D3efa8cca3c60bfe4420605827c77f74db90a91fe%26tds_ac_id%3Ds8304dem%26utm_source%3Dint%26s1%3Dps%26tds_id%3Db7838dem_jump_a_1598613018653%26tds_oid%3D24401%26dci%3De4e43af861f9accfc8a8036ea3331f46b4e7e5d8%26tds_campaign%3Db7838dem%26clickid%3Dbmvjs662277fc00009977%26id%3D24401%26tds_host%3Damourhelper.com%26subid2%3D%26subid%3D%26tds_ao%3D1%26_tgUrl%3DaHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%252FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%253D%26affid%3D43882472&uaDataValues={} HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 13:56:32 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"c7-laFz7h+rq4MEYm/3SxdrYWitX0I"
content-encoding: br
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-id: 5S2KvMjmCJUPxrHXOx0uqEU1cTo0SC3hkKVczmeBHbZnsEQpVozsiw==
amourhelper.com/integration.js?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
200 OK 2.4 kB URL GET HTTP/3 amourhelper.com/integration.js?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (2520), with no line terminators
Hash 3484ba7032e252110179da1a86b98ce6
870e3060faed2cbaf8d9f0c5b6e65681a1e9186b
4c181c1c33f5a4d49c097162a77b1fbe5dd6a20dc3eb8a468aaa7fd95446b8d3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /integration.js?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472 HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 13:56:32 GMT
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"94b-gYvpswgpwSDHGLlDCAzVwvp0YWw"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-id: HlyhGMRXXn01ewGAMGaLq1HBMUrpZMdnvzpZvMxv_QMNz1HPaU2jng==
amourhelper.com/tds/interlayer?handler=FrodiData
200 OK 0 B URL POST HTTP/3 amourhelper.com/tds/interlayer?handler=FrodiData
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /tds/interlayer?handler=FrodiData HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 1748
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 13:56:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-id: B49dAhwrSQLvDr5t5YXVka6bcLaD2H1oUVphDMmcdXmo3GGs1RPvKA==
amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
200 OK 6.5 kB URL User Request GET HTTP/2 amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
IP
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (6791), with no line terminators
Hash 6cb121bb12e60df6ca728e90d3d47254
6e436bd053a1cbdc33ecb65f6d94d6347c9f19c4
54580434059be2c2e9fa8e8b8b537d9ed5aba77c2f82da12da08110196af2434
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472 HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: nginx
date: Fri, 19 Apr 2024 13:56:32 GMT
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: v7uCuxOOlflFVmvthPIPVlyeVFG0TAC2evSH4Rg49b2LajMRMej0uQ==
X-Firefox-Spdy: h2
amourhelper.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
200 OK 3.0 kB URL GET HTTP/3 amourhelper.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type ASCII text, with very long lines (3050), with no line terminators
Hash 83c9e030cdc5aa7c5eaef3d4796a7ea6
075e0979a293c405c1bcacee3928cffd2deeb6ac
63f8c3b20ed7b2b2a2c35ca5951a95c9d74fbe343a045bb0ed862970ac3143a7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css
alt-svc: h3=":443"; ma=86400
age: 40571
server: nginx
date: Fri, 19 Apr 2024 02:40:21 GMT
last-modified: Thu, 25 Aug 2022 15:53:12 GMT
etag: W/"bde-5e712cb6e8a00"
content-encoding: br
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _isN6vfSJUt9jSAxCLdDvgKm_AojlhXYJdAryC4O9kbrKkUjaOZfDA==
amourhelper.com/bridge/intg.js
200 OK 339 B URL GET HTTP/3 amourhelper.com/bridge/intg.js
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type ASCII text, with very long lines (358), with no line terminators
Hash cf8ca42f5e46260e52a5a7c50c44fb7e
0b1c2552e321d8265717e1449a0c7c369fc723c8
a97d4e2dcf3e56b1b88e3425284784cffa51fe0e0bebe76fbbb3581cf5826b3d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bridge/intg.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 19 Apr 2024 13:56:32 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=3600
last-modified: Mon, 15 Apr 2024 09:30:50 GMT
etag: W/"153-18ee1184d10"
content-encoding: br
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-id: DWjOjE97P8B2kgABp_-64rUkPUXBpS7WCHfC25Y8UdRROsfKZHKeOQ==
amourhelper.com/tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=&clickid=bmvjs662277fc00009977&subid2=
302 Found 6.5 kB URL User Request GET HTTP/2 amourhelper.com/tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=&clickid=bmvjs662277fc00009977&subid2=
IP
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tds/ae?tdsId=s8304dem_r&tds_campaign=s8304dem&utm_sub=opnfnl&s1=ps&utm_source=int&affid=43882472&subid=&clickid=bmvjs662277fc00009977&subid2= HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
date: Fri, 19 Apr 2024 13:56:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; Max-Age=31536000; Domain=.amourhelper.com; Path=/; Expires=Sat, 19 Apr 2025 13:56:32 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Wed, 24 Apr 2024 13:56:32 GMT
x-cache: Miss from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: x-k1gEYiQc5lhc3JiJiIhb_KIfHs0uaxuEs1QNlvyO4bs3nftO27FQ==
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 01:54:31 GMT
expires: Wed, 16 Apr 2025 01:54:31 GMT
cache-control: public, max-age=31536000
age: 302521
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
amourhelper.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js
200 OK 97 kB URL GET HTTP/3 amourhelper.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectamourhelper.com
FingerprintC1:FF:3A:92:83:C5:DC:38:ED:23:C1:05:F6:3F:42:37:4C:02:D9:8C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65535)
Hash 20dff8cf5ed8c45d47eca00751d44eb9
209faa3f1a08dcb3c943fe8b6c344571005ef3b4
aaf2bc75c60776c40df9015d7f99cde0e9adb2f81e859276ed30d7c431d6a720
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js HTTP/1.1
Host: amourhelper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Cookie: dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
age: 12780
server: nginx
last-modified: Thu, 25 Aug 2022 15:53:12 GMT
content-encoding: gzip
date: Fri, 19 Apr 2024 10:23:32 GMT
etag: W/"17b45-5e712cb6e8a00"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Smeu-vBCLgLwAQ5RA6Qyo8BHL8texBBTEP8Kp3oZg6PUzVR07mn2jg==
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amourhelper.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 13:20:56 GMT
expires: Fri, 18 Apr 2025 13:20:56 GMT
cache-control: public, max-age=31536000
age: 88536
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?j_type=open&jump=24401&tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8
200 OK 35 B URL GET HTTP/2 retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?j_type=open&jump=24401&tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8
IP
Requested by https://amourhelper.com/jump?tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&tds_ac_id=s8304dem&utm_source=int&s1=ps&tds_id=b7838dem_jump_a_1598613018653&tds_oid=24401&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8&tds_campaign=b7838dem&clickid=bmvjs662277fc00009977&id=24401&tds_host=amourhelper.com&subid2=&subid=&tds_ao=1&_tgUrl=aHR0cHM6Ly9hbW91cmhlbHBlci5jb20vdGRzL2FlL3RnL3MvNjc0MDI3YWIwYTBkYzYzZGJmZWNkZGRjMzc5MGU2MzU%2FX190PTE3MTM1MzQ5OTIwODkmX19sPTM2MDAmX19jPTNlZmE4Y2NhM2M2MGJmZTQ0MjA2MDU4MjdjNzdmNzRkYjkwYTkxZmU%3D&affid=43882472
Certificate IssuerAmazon
Subjectretarget2core.com
FingerprintAC:15:CC:37:0E:B3:F2:08:95:E0:FC:52:46:A2:9A:06:02:11:B5:F5
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?j_type=open&jump=24401&tds_cid=3efa8cca3c60bfe4420605827c77f74db90a91fe&dci=e4e43af861f9accfc8a8036ea3331f46b4e7e5d8 HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amourhelper.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/gif
date: Fri, 19 Apr 2024 13:56:32 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=6ab33b42b9abe8a9ef2a2e1c25051e47965f410a; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Sat, 19 Apr 2025 13:56:32 GMT; Secure; SameSite=None
x-cache: Miss from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: i34WlfZCg_BBYJtXcM8QRVHiAqpJoaQLUixN6Zu6bp9rARTMwsWFsA==
X-Firefox-Spdy: h2
143.204.55.54
18.156.13.180