Report - www.amdahost.com/watch_direct.php?id=e1e12c25d6

Report Overview

Visited public
2024-05-03 04:09:56
Tags
URL
www.amdahost.com/watch_direct.php?id=e1e12c25d6
Finishing URL
www.amdahost.com/watch_direct.php?id=e1e12c25d6
IP / ASN
172.67.183.69
#13335 CLOUDFLARENET
Title
Video [e1e12c25d6]

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vjs.zencdn.net	4968	2011-12-27	2012-05-21 10:26:59	2024-05-01 21:00:49	423 B	13 kB	151.101.2.217
32879.2481april2024.com	unknown	unknown	No data	No data	1.7 kB	9.4 kB	88.208.22.4
img.cdn.house	7653	2019-08-13	2020-01-05 04:30:57	2024-03-25 18:25:21	614 B	3.8 kB	95.216.14.117
2b6b88fc7b.a1bbcd100e.com	unknown	unknown	No data	No data	833 B	320 B	45.133.44.53
storage.multstorage.com	unknown	2023-09-22	2023-09-22 14:56:00	2024-05-02 16:24:58	526 B	118 kB	172.67.174.51
cdn.fluidplayer.com	33284	2016-09-22	2017-08-29 01:05:16	2024-04-30 18:26:59	879 B	252 kB	185.76.9.21
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2024-05-02 12:37:24	431 B	31 kB	142.250.74.138
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-05-02 18:12:05	445 B	18 kB	151.101.1.229
bid.mbidtg.com	unknown	2023-03-09	2023-03-09 16:21:27	2024-03-26 20:22:51	448 B	3.0 kB	45.133.44.25
js.capndr.com	316718	2021-08-30	2021-08-30 14:51:01	2024-04-30 19:07:57	403 B	374 B	45.133.44.53
p.a64x.com	unknown	2023-07-27	2023-07-27 15:12:45	2024-03-29 07:01:00	1.5 kB	705 B	172.67.185.171
mcpuwpsh.com	unknown	2022-08-12	2022-08-12 18:58:44	2024-05-02 10:41:14	970 B	11 kB	94.130.197.240
nereserv.com	40015	2020-12-21	2020-12-21 12:07:56	2024-04-30 21:24:51	610 B	320 B	157.90.84.246
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20 16:52:05	2024-05-02 19:02:42	429 B	788 B	172.217.21.162
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2024-05-01 20:06:54	1.7 kB	5.3 kB	74.125.131.84
cdn.pncloudfl.com	13313	2021-04-20	2021-06-07 16:28:03	2024-05-01 17:18:54	946 B	214 kB	104.22.59.221
12ezo5v60.com	unknown	2023-06-19	2023-06-19 17:22:59	2024-05-02 12:08:17	3.7 kB	167 kB	212.117.190.202
0afc4c07a9.9fbdc30642.com	unknown	unknown	No data	No data	1.8 kB	258 kB	45.133.44.52
js.mbidinp.com	unknown	2023-02-20	2023-04-25 14:26:08	2024-03-26 20:22:53	822 B	639 kB	45.133.44.52
cdn.tailwindcss.com	422202	2017-07-20	2018-07-09 07:46:13	2024-05-01 22:07:12	799 B	732 kB	104.22.20.144
show.revopush.com	11949	2019-06-25	2019-09-09 17:44:08	2024-04-15 07:40:10	530 B	1.1 kB	116.202.233.120
www.amdahost.com	unknown	unknown	No data	No data	7.4 kB	5.7 MB	104.21.40.89
ku42hjr2e.com	unknown	2023-11-15	2023-11-15 12:42:05	2024-05-02 09:35:23	1.9 kB	112 kB	212.117.190.201
imdn.pics	unknown	2023-09-14	2023-09-14 16:55:44	2024-05-02 19:11:19	850 B	25 kB	45.133.44.25
mbdippex.com	unknown	2023-04-26	2023-06-06 03:40:19	2024-03-26 20:22:53	9.8 kB	52 kB	157.90.84.246
news-galuzo.cc	unknown	2024-04-15	2024-04-15 11:12:58	2024-04-15 23:56:22	448 B	45 kB	23.158.56.123
storage.mbidstorage.com	unknown	2024-02-27	2024-03-05 18:34:43	2024-04-27 13:54:29	2.7 kB	6.0 kB	104.21.65.172
static.bookmsg.com	47495	2020-09-15	2020-11-24 15:56:32	2024-04-29 10:15:01	2.2 kB	56 kB	45.133.44.24
mbddip.com	unknown	2023-04-26	2023-07-14 13:01:42	2024-05-02 10:41:14	593 B	320 B	157.90.84.246
imgsdn.com	unknown	2024-02-12	2024-02-12 16:14:01	2024-04-29 23:15:09	997 B	183 B	138.201.194.90
img.vmmcdn.com	36292	2019-11-26	2019-11-26 11:59:17	2024-05-02 22:27:28	807 B	42 kB	138.201.51.142
js.mbidpsh.com	unknown	2023-02-20	2023-02-21 19:08:27	2024-04-23 15:44:29	413 B	34 kB	45.133.44.52
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-05-02 02:43:45	3.1 kB	37 kB	142.250.74.106
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22 13:20:32	2024-05-02 10:59:27	1.5 kB	1.3 kB	157.90.84.242
metricswpsh.com	unknown	2021-10-29	2021-11-02 18:43:55	2024-05-02 10:58:20	823 B	320 B	138.201.237.88
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-05-02 02:43:48	1.1 kB	29 kB	216.58.207.227
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24 16:34:56	2024-05-02 19:14:12	498 B	20 kB	104.16.79.73
js.mbidpp.com	unknown	2023-02-20	2023-04-22 02:02:45	2024-02-23 11:14:11	420 B	97 kB	45.133.44.53
43b71e837e.d8388cd984.com	unknown	unknown	No data	No data	7.7 kB	5.6 kB	168.119.25.102
js.mbidadm.com	unknown	2023-02-20	2023-02-21 19:08:24	2024-05-01 15:37:28	820 B	112 kB	45.133.44.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-03	medium	a1bbcd100e.com	Sinkholed
2024-05-03	medium	d8388cd984.com	Sinkholed
2024-05-03	medium	d8388cd984.com	Sinkholed
2024-05-03	medium	d8388cd984.com	Sinkholed
2024-05-03	medium	d8388cd984.com	Sinkholed
2024-05-02	medium	news-galuzo.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (27)

	URL	From	Size	First Seen	Last Seen
	ku42hjr2e.com/get/2020088?zoneid=2020088&jp=_clkmifxtz9qrke2h8z6vpp&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275149517799424&eclog=0&im=1&uf=0	ScriptElement	2.8 kB	2024-08-20	2024-08-20
Pretty URL ku42hjr2e.com/get/2020088?zoneid=2020088&jp=_clkmifxtz9qrke2h8z6vpp&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275149517799424&eclog=0&im=1&uf=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 01:04 Last Seen2024-08-20 01:04 Times Seen1 Hash e2cee2a72f0b9952cf1f4a16bfa55219 1489e1b0e40f700e2faf80b9850cad94b69b58cd 77efa7f0acf057ce97ba4118ce109542454edfb65495f9216c85d917733b19e3 Loading...

	js.mbidinp.com/skins/nmain.m.js	ScriptElement	470 kB	2024-04-16	2024-08-20
Pretty URL js.mbidinp.com/skins/nmain.m.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:37 Last Seen2024-08-20 04:17 Times Seen1241 Hash 2902e331e5e735ad63e7510dfc434c5b 8f276d26159f74561fb370144b8cafba8bcc8bd3 26106440376cfc59241a9ef152d26483d436f1c155744bda92a41d3906e60ba2 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js	ScriptElement	88 kB	2023-08-31	2025-06-13
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 16:03 Last Seen2025-06-13 19:21 Times Seen38987 Hash 2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Loading...

	news-galuzo.cc/process.js?id=1222898310&p1=sub1&p2=sub2&p3=sub3&p4=sub4	ScriptElement	45 kB	2024-08-20	2024-08-20
Pretty URL news-galuzo.cc/process.js?id=1222898310&p1=sub1&p2=sub2&p3=sub3&p4=sub4 IP 23.158.56.123 ASN #63023 AS-GLOBALTELEHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 01:04 Last Seen2024-08-20 01:04 Times Seen1 Hash b9600e0dcc10556c53732d94b7b7aa75 571a1664a93a336de5ec6d71c2e246f22969bee2 2e930b159e402240d097552e0cd2efd0b34cc6471e30b6bb66f48139a0b0b4d7 Loading...

	12ezo5v60.com/bultykh/ipp24/7/bazinga/2020090	ScriptElement	158 kB	2024-04-25	2024-08-20
Pretty URL 12ezo5v60.com/bultykh/ipp24/7/bazinga/2020090 IP 212.117.190.202 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 19:44 Last Seen2024-08-20 02:45 Times Seen12 Hash 3dfaf38c2289e292cc712a7019b2d145 4ef2d477f159e89f5ce4954eb2a8fdb0a727b323 e40fa397a311e3027f5bf108f54ec3ac18a94ea259c061e49840843010d84994 Loading...

	js.mbidpp.com/popunder-admanager/build.m.js	ScriptElement	97 kB	2024-04-18	2024-08-20
Pretty URL js.mbidpp.com/popunder-admanager/build.m.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:57 Last Seen2024-08-20 04:02 Times Seen477 Hash 78b4de711a43c2a7b7e06da3d25cc4ab a5fdc5739214b95d24fffd2600ee204eb75db415 97a18ee59823abe90c1e22b83e292d5ac33da2cdb3555372abd7a7f9989c1ea2 Loading...

	www.amdahost.com/watch_direct.php?id=e1e12c25d6	ScriptElement	1.2 kB	2024-05-02	2024-08-20
Pretty URL www.amdahost.com/watch_direct.php?id=e1e12c25d6 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 19:10 Last Seen2024-08-20 01:11 Times Seen6 Hash 6b1f9db582b462f1c46a47a17749c9f8 50f74b2933c18c37f75ec5a680bb14474f486f08 105946d8202176d44d6bd0f7df695485767a8d4eac64d4e5c489a0f7ac698a08 Loading...

	www.amdahost.com/watch_direct.php?id=e1e12c25d6	ScriptElement	700 B	2024-08-20	2024-08-20
Pretty URL www.amdahost.com/watch_direct.php?id=e1e12c25d6 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 01:04 Last Seen2024-08-20 01:04 Times Seen1 Hash 5d0ae1ba185397e5ff62b5b5a7a6b8ba abbb5357bc0374d4f83d846eb6d82f6196c9fe85 52b4e541813004ea5d4da3372f88f05de2caabc4da46b05f3b52b6aa12623ad1 Loading...

	www.amdahost.com/watch_direct.php?id=e1e12c25d6	ScriptElement	10 kB	2024-04-21	2024-08-20
Pretty URL www.amdahost.com/watch_direct.php?id=e1e12c25d6 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-21 00:00 Last Seen2024-08-20 03:37 Times Seen16 Hash 34d50e8986141b224ebf4fd7cb142c36 4e53f81132ba85aa83b63fc9c5bf5b7dfa756180 4337d2f82561c98e996d6e8baa34f405a6e5a5fb22f331deb7308fc98f88d1f8 Loading...

	cdn.fluidplayer.com/v3/current/fluidplayer.min.js	ScriptElement	233 kB	2024-04-06	2024-08-20
Pretty URL cdn.fluidplayer.com/v3/current/fluidplayer.min.js IP 185.76.9.21 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-06 22:07 Last Seen2024-08-20 05:40 Times Seen173 Hash 9829e8e730a9125e695789512d85177a e20a0d55ab1722ef3ad13741a2b8975413d43909 7c38ede4727de973827091514a83d24a039bda1d0d4cac219eb20571a2cc3698 Loading...

	www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.8 kB	2024-08-20	2024-08-20
Pretty URL www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 01:03 Last Seen2024-08-20 01:04 Times Seen3 Hash 94bbf7ddab27c694ed000e8920c8bb6e 5ddfcc86cc84f83241ebb8e0f6ce1994234e5580 edeaf95dc48e862a9dbdef0a226b889712b7e57fae1b86210697eff4b96f8148 Loading...

	0afc4c07a9.9fbdc30642.com/345572815f3b6726ddc5ccee20a9f4a8.js	ScriptElement	109 kB	2024-04-24	2024-08-20
Pretty URL 0afc4c07a9.9fbdc30642.com/345572815f3b6726ddc5ccee20a9f4a8.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:00 Last Seen2024-08-20 03:07 Times Seen613 Hash 41230c1446cb19310867b6c3e10f8bec f600745dccd0143bbd1d83d44bd776c74f69866b 713bc0015ac5ef37f48ad9f49aa4521912b705cf01bf19409f98235b28d41dfe Loading...

	storage.multstorage.com/log/count.html	ScriptElement	718 B	2023-09-18	2025-03-01
Pretty URL storage.multstorage.com/log/count.html IP 172.67.174.51 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19 Last Seen2025-03-01 23:33 Times Seen12563 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	12ezo5v60.com/get/2020090?zoneid=2020090&jp=_cl8vivna5sag18ga58jn0k&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6586299657504256&eclog=0&im=1&freq=0&uf=0	ScriptElement	6.3 kB	2024-08-20	2024-08-20
Pretty URL 12ezo5v60.com/get/2020090?zoneid=2020090&jp=_cl8vivna5sag18ga58jn0k&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6586299657504256&eclog=0&im=1&freq=0&uf=0 IP 212.117.190.202 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 01:04 Last Seen2024-08-20 01:04 Times Seen1 Hash dc2942d228b386c9288575615449f02a ad08b21890a22f7a1f98d4b3ac3d6bd7fd9dafa6 2a4003dfa29877ef02aea4e46a07ada9c247a8964518631e66f4ab34ca722fea Loading...

	js.mbidinp.com/npc/sdk/wpu/npush.m.js	ScriptElement	169 kB	2024-04-25	2024-08-20
Pretty URL js.mbidinp.com/npc/sdk/wpu/npush.m.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:48 Last Seen2024-08-20 02:47 Times Seen995 Hash e164f0fc509991890121aa763019689d 16f901a89a57f87c90d6cea80cff9f8bd32756dc fdd439b2c8d28676c5e03847afc19252a3d6d88a670ba48db4ac020866c6b6ec Loading...

	www.amdahost.com/watch_direct.php?id=e1e12c25d6	ScriptElement	6.4 kB	2024-04-21	2024-08-20
Pretty URL www.amdahost.com/watch_direct.php?id=e1e12c25d6 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-21 00:00 Last Seen2024-08-20 03:37 Times Seen38 Hash 729b602ae59da0a8a578c627f0c8e252 55588035e45b31ca4c5066d0155bd092a6fabcda b5ce04d261257f877cfa642ea13d645c29e8c474ef571d0f300c81900d226302 Loading...

	js.mbidadm.com/static/scripts.js	ScriptElement	1.7 kB	2024-04-12	2025-06-13
Pretty URL js.mbidadm.com/static/scripts.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 00:52 Last Seen2025-06-13 13:51 Times Seen368 Hash 7e14d1597d1dd442175d8ee15cb07f07 de55b2463f332f2096d788047f8a7b07a776e437 cf31e107e8cb091c9477fe99de3a57a65486fe87becf0e8f469846949beff9f3 Loading...

	cdn.tailwindcss.com/	ScriptElement	366 kB	2024-03-28	2025-03-31
Pretty URL cdn.tailwindcss.com/ IP 104.22.20.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 05:53 Last Seen2025-03-31 21:43 Times Seen382 Hash 4bdcdace639cc6c0f08a15c295482172 6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31 d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c Loading...

	static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387	ScriptElement	19 kB	2024-04-24	2025-06-10
Pretty URL static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:56 Last Seen2025-06-10 12:43 Times Seen1789 Hash 4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192 Loading...

	32879.2481april2024.com/4/js/233169	ScriptElement	17 kB	2024-08-20	2024-08-20
Pretty URL 32879.2481april2024.com/4/js/233169 IP 88.208.22.4 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 01:04 Last Seen2024-08-20 01:04 Times Seen1 Hash c9a47f1a816f10c0c67317927a304348 aea39183ac7989055a48f2fa94a4e3a5ba06e6aa 71415344d00fbd7dd12f4ccc08a8042460e0d6cc1b9bf379abdcd65f06dfb308 Loading...

	js.mbidpsh.com/npc/sdk/push.m.js?v=1	ScriptElement	34 kB	2024-04-27	2024-08-20
Pretty URL js.mbidpsh.com/npc/sdk/push.m.js?v=1 IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:51 Last Seen2024-08-20 02:22 Times Seen1687 Hash a069fdae233705c69db53cdddf953015 2dcfb71c08faa8c09be0196751a3b7f08afbb2e0 8358b4d2ef244f2c763073105b21a552b4589aafcf9b46e128820b35a34f7d9a Loading...

	ku42hjr2e.com/aas/r45d/vki/2020088/3f23ef09.js	ScriptElement	106 kB	2024-04-25	2024-08-20
Pretty URL ku42hjr2e.com/aas/r45d/vki/2020088/3f23ef09.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 19:44 Last Seen2024-08-20 02:45 Times Seen12 Hash 282e4211c6aa475b438a8af84a2d5f2a 236912a2a74165b3864a118f55461948e6a25e13 51a486924bfae60d6f89619eda1ea7ee9313d1d74039b03f98dc03536b0469fb Loading...

	js.mbidadm.com/static/scripts.m.js	ScriptElement	109 kB	2024-04-24	2024-08-20
Pretty URL js.mbidadm.com/static/scripts.m.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 10:24 Last Seen2024-08-20 03:04 Times Seen33 Hash 640e0639269ac2bc53e0323682c29ba0 feae00cfe026f6cb4efa18111dbc0706b3e48f50 6399de682fa9e5b67df365dded9639b7cc64ddb24be38e25e5705b08849d2142 Loading...

	js.capndr.com/advertising.js	ScriptElement	0 B	0001-01-01	2025-06-13
Pretty URL js.capndr.com/advertising.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-13 19:31 Times Seen4948045 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.amdahost.com/watch_direct.php?id=e1e12c25d6	ScriptElement	1.1 kB	2024-08-20	2024-08-20
Pretty URL www.amdahost.com/watch_direct.php?id=e1e12c25d6 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 01:04 Last Seen2024-08-20 01:04 Times Seen1 Hash 36066421de89cfbde6bd316f967038a3 f312aefd9389d6758071ca1a249649fdf8448248 1b79adbe6cb1a07c82503f1f68b6d753e7ca271a78d2e1246bd38d56eddf11ba Loading...

	www.amdahost.com/watch_direct.php?id=e1e12c25d6	ScriptElement	109 B	2024-01-26	2025-05-10
Pretty URL www.amdahost.com/watch_direct.php?id=e1e12c25d6 IP 104.21.40.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-26 19:51 Last Seen2025-05-10 17:03 Times Seen85 Hash abd3eda1d5f4b0fe7f9c99f43eb150b1 284cfcd4d397568f57e7119072af359d0e9690a0 fa9aeea174a0931635c6509c1484d92671e2adbd83146b79ddce59040cc32760 Loading...

	unknown	ScriptElement	247 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 01:04 Last Seen2024-08-20 01:04 Times Seen1 Hash 593b6e7dbbe20edfd40c01d27df97cf3 2241a00bfe412ee3e8db50a25cf4fca1f6364692 dadde89ea9218b99f5f6af04461235310cd35ec80408c1e96cfa9484fdcd1c5c Loading...

HTTP Transactions (92)

URL IP Response Size

www.amdahost.com/media/logo.png

104.21.40.89

200 OK

26 kB

URL GET HTTP/3
www.amdahost.com/media/logo.png
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 382 x 70, 8-bit/color RGBA, non-interlaced
Size
26 kB (25625 bytes)
Hash
9c5c0fe1ed466c1a4801524b31777955
eb7bfae0af480eae554a937a9f64e96a0a4f734a
62b08c1489fff9fb4cf4d33857fb46d4f8298c3f74fc57f92279bdad95472640

HTTP Headers

GET /media/logo.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 04:09:26 GMT
content-type: image/png
content-length: 25625
last-modified: Fri, 15 Mar 2024 19:45:30 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4811
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0w8EWJI171sAsQt0F%2F2GFhMtPJXjTDdVTBiXwxJgjn4Zr9%2BaBNIXunnlIr5i6AiipvgE7aecDcgfeLvh8XTdFcukSvVaPcTbyOanwIlKj7HHi3U%2BJF1mpDg0SQDNIyttQrlc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dd65471b4a56c0-OSL
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js

142.250.74.138

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
30 kB (30462 bytes)
Hash
2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

HTTP Headers

GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30462
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:53:27 GMT
expires: Fri, 02 May 2025 01:53:27 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 94559
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css

151.101.1.229

200 OK

17 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/remixicon@4.0.0/fonts/remixicon.css
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
17 kB (16743 bytes)
Hash
373c68d52e3daa5cd7e1ae058fb6bd70
30a01afb8338555278162655e4a8e7ac57774f35
f53b0f6c14c09b5c263713876dfe7185531a3a424a91d192dfee3c5fa03493dd

HTTP Headers

GET /npm/remixicon@4.0.0/fonts/remixicon.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.0.0
x-jsd-version-type: version
etag: W/"200b1-MKAa+4M4VVJ4FiZV5KjnrFd3TzU"
content-encoding: br
accept-ranges: bytes
date: Fri, 03 May 2024 04:09:26 GMT
age: 4841657
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16743
X-Firefox-Spdy: h2

vjs.zencdn.net/8.10.0/video-js.css

151.101.2.217

200 OK

13 kB

URL GET HTTP/2
vjs.zencdn.net/8.10.0/video-js.css
IP
151.101.2.217:443
ASN
#54113 FASTLY

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGlobalSign nv-sa
Subjectvjs.zencdn.net
Fingerprint6B:3F:11:07:D7:05:FD:AF:4D:46:B4:BA:1C:8A:60:70:95:37:35:17
ValidityWed, 06 Mar 2024 21:50:11 GMT - Mon, 07 Apr 2025 21:50:10 GMT

File type
ASCII text, with very long lines (7288)
Size
13 kB (12695 bytes)
Hash
27818e70d5704691d9264fe0083c5b08
b4dffd90528e8f63d54ad3a859b749344e6e00ad
92e11fbc7753b5be23fd489ba4e09c0d62d0b8c64e466845b4534934c46c85d6

HTTP Headers

GET /8.10.0/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 17 Jan 2024 12:53:07 GMT
etag: "27818e70d5704691d9264fe0083c5b08"
x-amz-server-side-encryption: AES256
content-type: text/css
content-encoding: gzip
date: Fri, 03 May 2024 04:09:27 GMT
x-served-by: cache-hel1410031-HEL
x-cache: HIT
x-cache-hits: 9
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 12695
X-Firefox-Spdy: h2

32879.2481april2024.com/4/js/233169

88.208.22.4

200 OK

6.6 kB

URL GET HTTP/2
32879.2481april2024.com/4/js/233169
IP
88.208.22.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subject*.2481april2024.com
FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49
ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT

File type
JavaScript source, ASCII text, with very long lines (16644), with no line terminators
Size
6.6 kB (6570 bytes)
Hash
c9a47f1a816f10c0c67317927a304348
aea39183ac7989055a48f2fa94a4e3a5ba06e6aa
71415344d00fbd7dd12f4ccc08a8042460e0d6cc1b9bf379abdcd65f06dfb308

HTTP Headers

GET /4/js/233169 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:27 GMT
content-type: application/javascript; charset=UTF-8
content-length: 6570
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2

www.amdahost.com/thumbnails/1714568449_08f2f92ba146fd33.jpg

104.21.40.89

200 OK

23 kB

URL GET HTTP/3
www.amdahost.com/thumbnails/1714568449_08f2f92ba146fd33.jpg
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 960x540, components 3
Size
23 kB (23329 bytes)
Hash
d846cbb95b2d29ec817a77c2feecf609
4ad04cbc819036b29b133c47bce3afe556c192fd
b4401b214698ad72180cf21dfaa64de0ad1bab163033bb13a580c900c1bc6c48

HTTP Headers

GET /thumbnails/1714568449_08f2f92ba146fd33.jpg HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 04:09:27 GMT
content-type: image/jpeg
content-length: 23329
last-modified: Wed, 01 May 2024 13:00:49 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xFkPkeeI%2FPfbc6Uj0%2Fx0wqAdw99iUTJfA6L6%2BYINbwFnVar74m5TuGh4x%2FrHMQYPMZooERaGEZfBemP0GxFQnB3VN%2BorR7Zt%2BdvDHjbJvjIdoy3jwUhtgVYG6BedcWjjGPwS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dd65471b4d56c0-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap

142.250.74.106

200 OK

14 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@600&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
gzip compressed data, max compression
Size
14 kB (13548 bytes)
Hash
0d8bda144c360bbf7aa6420328b7666b
cdbb55c6d8daeec27aa3ae0d649b846c70c55b1c
70bb8c5b32702577f941ee9f7b841444bc34665d69ee83f342d9515e2f46cc7f

HTTP Headers

GET /css2?family=Poppins:wght@600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 04:09:27 GMT
date: Fri, 03 May 2024 04:09:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Karla&display=swap

142.250.74.106

200 OK

14 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Karla&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
gzip compressed data, max compression
Size
14 kB (14193 bytes)
Hash
9c24379104cba91227c10e424a854823
a756e63958f80ffbc1e462ce4356f37d0c8eb137
650bddfffdea92eb1e74f95f238246aed6ffc79f8a6a4c73b4326a7e90bb9787

HTTP Headers

GET /css2?family=Karla&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 04:09:27 GMT
date: Fri, 03 May 2024 04:09:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.40.89

302 Found

0 B

URL GET HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 03 May 2024 04:09:28 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
cache-control: max-age=300, public
access-control-allow-origin: *
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FY%2BZ%2FN2QhQr8hi0go76Q0k%2FYErqG4Q5zXqqzrRY4%2FmepnAW0M%2F9Q%2FpFgHBT59YJHiD%2BXtAOXRg8QJSKNQiCNn5lgDE552ytH6C8GxmaV5G5vUzpp4V1Hx9WjtdU2JJBCEdYp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dd65503f2356c0-OSL
alt-svc: h3=":443"; ma=86400

ku42hjr2e.com/solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275149517799424&eclog=0&im=1

212.117.190.201

200 OK

43 B

URL POST HTTP/2
ku42hjr2e.com/solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275149517799424&eclog=0&im=1
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint15:EC:3A:52:11:EC:ED:35:8E:60:38:E6:CC:79:A7:3E:A3:5B:B6:62
ValidityTue, 09 Jan 2024 12:43:23 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

POST /solid.gif?z=2020088&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275149517799424&eclog=0&im=1 HTTP/1.1
Host: ku42hjr2e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:28 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: CHCK=1; Path=/; Expires=Fri, 06 Jun 2025 04:09:28 GMT; Secure; SameSite=None
UID=24050223098101e7b8317640a28724a66f7f; Path=/; Expires=Fri, 06 Jun 2025 04:09:28 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/0e2/e26/6f4/0e2e266f42dc9db06702654b475deccf94a64a2d.gif

104.22.59.221

200 OK

164 kB

URL GET HTTP/2
cdn.pncloudfl.com/pn/0e2/e26/6f4/0e2e266f42dc9db06702654b475deccf94a64a2d.gif
IP
104.22.59.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectcdn.pncloudfl.com
Fingerprint50:5F:A0:91:53:C9:C9:E3:5D:EA:53:42:E8:5B:81:FB:DE:7B:1E:2C
ValiditySun, 28 Apr 2024 04:53:51 GMT - Sat, 27 Jul 2024 04:53:50 GMT

File type
RIFF (little-endian) data, Web/P image
Size
164 kB (163760 bytes)
Hash
da7d586b60167e69106ca3db49c3b7a9
a663cd6e5b5074b45129ef81c144b7720ae091d0
8d5b28575d4d45ad2f2b2478dc7f194d4a2924707d87e81f272905c17703a647

HTTP Headers

GET /pn/0e2/e26/6f4/0e2e266f42dc9db06702654b475deccf94a64a2d.gif HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:28 GMT
content-type: image/webp
content-length: 163760
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=gif, origSize=497588
content-disposition: inline; filename="0e2e266f42dc9db06702654b475deccf94a64a2d.webp"
etag: 788712d8989fd197997cb2cccc55c1ea
expires: Fri, 03 May 2024 20:33:56 GMT
last-modified: Wed, 29 Mar 2023 10:56:38 GMT
vary: Accept
x-openstack-request-id: tx45eeb047db764411b2e52-0064246333
x-proxy-cache: HIT
x-timestamp: 1680087397.40315
x-trans-id: tx45eeb047db764411b2e52-0064246333
cf-cache-status: HIT
age: 113732
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 87dd6552bfbf712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png

104.22.59.221

200 OK

48 kB

URL GET HTTP/2
cdn.pncloudfl.com/pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png
IP
104.22.59.221:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectcdn.pncloudfl.com
Fingerprint50:5F:A0:91:53:C9:C9:E3:5D:EA:53:42:E8:5B:81:FB:DE:7B:1E:2C
ValiditySun, 28 Apr 2024 04:53:51 GMT - Sat, 27 Jul 2024 04:53:50 GMT

File type
RIFF (little-endian) data, Web/P image
Size
48 kB (47678 bytes)
Hash
faa49393df3208c063f655607da54633
3de75eda9ed337e13622611cdda3d5bf615b311f
5b8090f769afc76f83e8635a46499a1e467be6c44aee86f5f53b7ca51baa53de

HTTP Headers

GET /pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:28 GMT
content-type: image/webp
content-length: 47678
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=74321
content-disposition: inline; filename="1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.webp"
etag: e7242897f9459085037ffcbcd74c060f
expires: Fri, 03 May 2024 21:38:10 GMT
last-modified: Mon, 23 Dec 2019 09:01:22 GMT
vary: Accept
x-openstack-request-id: tx6522abc861fc4738a75fe-0061b0bcf9
x-proxy-cache: HIT
x-timestamp: 1577091681.42646
x-trans-id: tx6522abc861fc4738a75fe-0061b0bcf9
cf-cache-status: HIT
age: 109878
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 87dd6552efd0712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

js.capndr.com/advertising.js

45.133.44.53

200 OK

0 B

URL GET HTTP/2
js.capndr.com/advertising.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectjs.capndr.com
Fingerprint0D:30:A1:FB:7E:A0:EC:89:85:17:27:67:37:21:DA:E0:CB:E3:26:06
ValiditySun, 21 Apr 2024 03:00:41 GMT - Sat, 20 Jul 2024 03:00:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Fri, 03 May 2024 04:14:29 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

www.amdahost.com/media/apple-touch-icon.png

104.21.40.89

200 OK

40 kB

URL GET HTTP/3
www.amdahost.com/media/apple-touch-icon.png
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
40 kB (40332 bytes)
Hash
3a0b8d799ca52ea360286be206ff8fb3
2dc98f04f62990a7ab58494b8cc4c9d34f88d82b
a18a7554000483027f4297e642dd6ffa175ee4028844be6e7888cd31c165972d

HTTP Headers

GET /media/apple-touch-icon.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-type: image/png
content-length: 40332
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 985
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Abp1bEl7woQgB4Ujp8VSperIwCZoQZTfSmeeDVTi8FzRRD1zD8hyqZBQtz6MK%2FYS4KsA8UU6rlO3ZyjdIHmj3hevZ74HaPkXEuEz7HmruO8MwCZdDATBbBzq9KY6CrRb8lRR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dd655529ab56c0-OSL
alt-svc: h3=":443"; ma=86400

www.amdahost.com/cdn-cgi/challenge-platform/h/g/jsd/r/87dd6543cb0ab523

104.21.40.89

200 OK

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/h/g/jsd/r/87dd6543cb0ab523
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/87dd6543cb0ab523 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12201
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=INERgHwaerfPT03VMVdgJmLRbkAaZJSe5d2fHnJkK9c-1714709369-1.0.1.1-MPTO7NYuGF9j9CYpOIyKti2A1L2Ja0v2rk9kS_2q.2GAaE0BHc5TqROFUcdLmOAfip4a5yMxp7P8MjKJs3hsxg; path=/; expires=Sat, 03-May-25 04:09:29 GMT; domain=.amdahost.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uyzf%2BjreVCwd0aP83fplRhYuHp8h0z6O29XPxdYzGq%2Bc5Ps3kExP3ue3QBG8oMRefUgmIhPCqcCj%2BkPD0PbJQXnqcPu%2F9Ns6snaLV9dLzo%2FYGKCWio%2FPAhNodlpfvkzurxJU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd655529af56c0-OSL
alt-svc: h3=":443"; ma=86400

www.amdahost.com/videos/1714567940_b8fdfc7cc9b78520.mp4

104.21.40.89

206 Partial Content

5.5 MB

URL GET HTTP/3
www.amdahost.com/videos/1714567940_b8fdfc7cc9b78520.mp4
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
data
Size
5.5 MB (5516965 bytes)
Hash
3f5dc23fbb9f3e5ec048d3cf741701d1
e0afd2b02d72e36f9b05d4997c4280fcc9aa600a
a4b18a98e9dab6d8d887f077f32bc077e38867002a579c69d0c6a02450f984ea

HTTP Headers

GET /videos/1714567940_b8fdfc7cc9b78520.mp4 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=508821504-
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Fri, 03 May 2024 04:09:28 GMT
content-type: video/mp4
content-length: 5516965
last-modified: Wed, 01 May 2024 13:00:47 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
content-range: bytes 508821504-514338468/514338469
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ByGgaWdsFFb%2BSAynBrxNW9d7lnhDR7p7SQAGbLc%2F0CoMH9tXI8tX6NsrufEtTR6Rbpk1z6Wdju0qAWe%2F%2FCORPy54A%2F9OeQ%2Bp%2By4GvrXMAd7H1wHZEACY3OJyNJHiJsDi%2Bos%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dd6552e85856c0-OSL
alt-svc: h3=":443"; ma=86400

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

172.217.21.162

200 OK

0 B

URL HEAD HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
172.217.21.162:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint30:89:D4:C8:96:C6:D4:7B:F7:49:8D:DB:57:A1:D2:5A:D1:D3:D1:B4
ValidityMon, 08 Apr 2024 06:34:54 GMT - Mon, 01 Jul 2024 06:34:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Fri, 03 May 2024 04:09:29 GMT
expires: Fri, 03 May 2024 04:09:29 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 6981672965160547318
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51454
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.amdahost.com/media/favicon-16x16.png

104.21.40.89

200 OK

936 B

URL GET HTTP/3
www.amdahost.com/media/favicon-16x16.png
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
936 B (936 bytes)
Hash
ac0cd4d64276fa91e68993406abcd43d
c9af1132645f2bccfb9295a4e45cc95e8e78b7b6
bf852eabb9e0bbeb89b360a2dc4ccc1b86f2ffea3dfa78f0c2bb8747be598382

HTTP Headers

GET /media/favicon-16x16.png HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-type: image/png
content-length: 936
last-modified: Sun, 17 Mar 2024 20:29:38 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RAmU23VKHkHJge0StYequcFiy4SswGIrNnsJVOTQi%2BMhALWB1C4A62QIBk2%2BC9UblKaYKPo0%2F%2FwWxeKgwZIbvAz%2FzacRO0vMGG8yQ9bQMNgU%2FCeLhtKZqZBVt%2BbTnvQKZ1jb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dd655529ad56c0-OSL
alt-svc: h3=":443"; ma=86400

img.cdn.house/i/1/lS4Hhh91PwdxIpFCP8uh8wR6fYJFaUEUkhb196hLgWELjARpbYNUDo6nHWcfq8xMi_FUPR-Nmjxz-JOE8x5Yt6VWDsEZqxXPbCBUJbedMjIa_PB3AG5qbK9FoFlazce5-VcTSIkkYmqW2ScLpJqrKcDtamaSrWh2gfLmfX8obxUX-ck_Rk6ZTRIF0yPBr33kbgv1zLzK

95.216.14.117

200 OK

3.5 kB

URL GET HTTP/2
img.cdn.house/i/1/lS4Hhh91PwdxIpFCP8uh8wR6fYJFaUEUkhb196hLgWELjARpbYNUDo6nHWcfq8xMi_FUPR-Nmjxz-JOE8x5Yt6VWDsEZqxXPbCBUJbedMjIa_PB3AG5qbK9FoFlazce5-VcTSIkkYmqW2ScLpJqrKcDtamaSrWh2gfLmfX8obxUX-ck_Rk6ZTRIF0yPBr33kbgv1zLzK
IP
95.216.14.117:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectimg.cdn.house
Fingerprint98:AC:05:29:31:CD:6B:03:04:7D:9B:28:08:AA:B1:09:56:1A:CA:30
ValidityThu, 21 Mar 2024 10:50:12 GMT - Wed, 19 Jun 2024 10:50:11 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp
Size
3.5 kB (3494 bytes)
Hash
fdcba9a6b1b2993dc8b736fb77824f52
11fbdcd2bebe85bbda36984278256ee72a3dfb4c
7f6c4c001acd963c9b3039f716843ada4faa77f81055fd3f315166836c875358

HTTP Headers

GET /i/1/lS4Hhh91PwdxIpFCP8uh8wR6fYJFaUEUkhb196hLgWELjARpbYNUDo6nHWcfq8xMi_FUPR-Nmjxz-JOE8x5Yt6VWDsEZqxXPbCBUJbedMjIa_PB3AG5qbK9FoFlazce5-VcTSIkkYmqW2ScLpJqrKcDtamaSrWh2gfLmfX8obxUX-ck_Rk6ZTRIF0yPBr33kbgv1zLzK HTTP/1.1
Host: img.cdn.house
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:29 GMT
content-type: image/webp
content-length: 3494
last-modified: Sun, 21 Jan 2024 10:29:52 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
accept-ranges: bytes
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=179977

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=179977
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 03 May 2024 04:09:29 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.amdahost.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzg1MzE3Mjc0MTQ1ODIzNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC45OSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==

138.201.237.88

200 OK

0 B

URL GET HTTP/2
metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzg1MzE3Mjc0MTQ1ODIzNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC45OSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
IP
138.201.237.88:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzg1MzE3Mjc0MTQ1ODIzNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNzk5NzcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC45OSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.2
date: Fri, 03 May 2024 04:09:29 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=179977

157.90.84.242

200 OK

58 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=179977
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=179977 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 03 May 2024 04:09:29 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=11049126975932903714; Expires=Sat, 03 May 2025 04:09:29 GMT; Secure; SameSite=None
Vary: Origin

2b6b88fc7b.a1bbcd100e.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzg1MzE3Mjc0MTQ1ODIzNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNjE4NTUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC44OCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==

45.133.44.53

200 OK

0 B

URL GET HTTP/2
2b6b88fc7b.a1bbcd100e.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzg1MzE3Mjc0MTQ1ODIzNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNjE4NTUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC44OCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subject2b6b88fc7b.a1bbcd100e.com
Fingerprint64:1D:A5:1D:1F:41:28:42:D3:AE:BA:C2:6B:8E:03:48:D1:46:28:08
ValidityTue, 30 Apr 2024 02:50:36 GMT - Mon, 29 Jul 2024 02:50:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNzg1MzE3Mjc0MTQ1ODIzNzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxNjE4NTUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC44OCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: 2b6b88fc7b.a1bbcd100e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js

104.21.40.89

200 OK

19 kB

URL GET HTTP/3
www.amdahost.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
JavaScript source, ASCII text, with very long lines (7819), with no line terminators
Size
19 kB (18724 bytes)
Hash
94bbf7ddab27c694ed000e8920c8bb6e
5ddfcc86cc84f83241ebb8e0f6ce1994234e5580
edeaf95dc48e862a9dbdef0a226b889712b7e57fae1b86210697eff4b96f8148

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 04:09:28 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: max-age=14400, public
x-content-type-options: nosniff
vary: accept-encoding
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jHuVf%2FKzASBVvtGX6Ey%2B5w4hPfWQIXpjSazBix09bS0YxnU0qKNDcRz%2FfNPd0A3%2BNkuEliGoXNUzmrXO%2B6C2OMQdm%2BoNtzNjWdUZmM0P%2BFG5pLBwtB37RIxIpc%2BAD9uuu3Re"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd6553b8c456c0-OSL
alt-svc: h3=":443"; ma=86400

fp.metricswpsh.com/fp?tag_id=161855

157.90.84.242

200 OK

58 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=161855
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=161855 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1834
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 03 May 2024 04:09:30 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.amdahost.com
Set-Cookie: id=16226750784942150831; Expires=Sat, 03 May 2025 04:09:30 GMT; Secure; SameSite=None
Vary: Origin

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:EP0ns2mfQn08TZoDRDaQhw0drEWQvA:s1FTrWnOHdETP1jZ; Expires=Sun, 03-May-2026 04:09:30 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 04:09:30 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwBqMc7GXML0ZpcvEQzdJTiQhnV8KX_Fm6vmyRJOgLkR-ZMDF5IXVlbrJdescXlSORwl0jppA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-Z7vpcarUIDz5Gq5CgYoGQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mbddip.com/in/dip?site=native-push&wl=1&event_id=1008daff-9791-475b-bb92-226299481702&subid=1211831614&sid=718096993&spot_id=560190&created_at=2024-05-03&timezone=0&ver=8.159.0&is_native=1

157.90.84.246

200 OK

0 B

URL GET HTTP/2
mbddip.com/in/dip?site=native-push&wl=1&event_id=1008daff-9791-475b-bb92-226299481702&subid=1211831614&sid=718096993&spot_id=560190&created_at=2024-05-03&timezone=0&ver=8.159.0&is_native=1
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=1008daff-9791-475b-bb92-226299481702&subid=1211831614&sid=718096993&spot_id=560190&created_at=2024-05-03&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: mbddip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 03 May 2024 04:09:30 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

162 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 03 May 2024 04:09:29 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=43lgTNfA%2FaIfQ6VODrl4QSa2WpM3MNyFUUyHzC%2BYw1srX7EDhyffZF4%2FRYeqhh1Y55WqJm2yHcHnZjfKQEhHb8WWF8XukMP7myorO7elMvgKMtGmwtANSfSDkftAQKRxYofEeJP3LC5iWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd6557dfcfb4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

12ezo5v60.com/chicken.gif?z=2020090&pb=a8e7bd6a9e63f920f8301e059dbf5dbb1714716568&psp=4MqNf9VwCtMk7o7LZ8Ov-Db-H9d1j4Nq1vVFMPVfse-vItQyZKxhAVFdF5eD8D0ueeBfnserrpjv32PNpiU75WmsQ7YIhQBReKR9uYB8KA45GCRMG9b0w89zE89mZKwdZzEaG22xrULC7DBov2moMGnTVE6eAi8mokEmq5aVfYs6fgW3INVFt8wqujnND842higo5x3XvQis5pIBs7Rs_GgOU74TqPJVG76cowf-S6xLbQ9GFxl31RNhF2pKUZ0DMExeCc467irF_UOpIXyofnJAj8Nj6vcoTBfN7u1Y8CC7TwINfiA0n7tb62gU5O74r1Cp7-Pfwq0m7FlScT9M3ufHIkzwRVtCR1twQFfVhs1IKfkFd-2DKyW43psaNIwbJKMLOSs11S28_hrM1EuxSWVEPQUJW94xPB_U4hqf-Afa_0GyYirIJnrvc1eS4sN3Hje5GI6fRitCEc8d8cWVYlDQFi3vScXE9XUu75E8IiQdP5EpxNgYzFcMaLxDJRM32b-yE7_Os7wwxdYc1Xt8qZeG5bOrmAsrc6lYOAg5oSY_L2KzX9lngZy0XrbDO7w4-_8J0RkGq3QIM1hvuf1z2MXriOCPxt7Z4iNWYRyUudln_-e9gpBPEV-XteTlmIIToD8f_RRxoYQUUkUZrwttDrIhv0_GFittX4LQ6Dpt9IXOT7ybrAR7b-3m5AqIJKvdgVv7uzVPV8ps435jv1E_QPbk1lc8GqAEbLYqm4fZ39FedW5XqRdifxNh506ttB8XxT_LNy0dwElLIsUToQi9_MTNhzp1hZRm55oxUwxlN5pRzS5vsVZ6kumeDZUDEoure8KVuz8fS9Dp_0yrPHCm9eJBwBCR2FhgdiyUcpzUsQYavJOGsfBnP1s5UqQcGA67ppEgMUfsnDGg6X6StfspsBTzhWVtNAE_O_W2aoWGbBTxcG_sBjNu8YB2E7XZKzwn2Mk74W8t_hun-9OwjjBa8ENUZM6haIFF9BpjsMCumcA-GQI_T_S_Zzv9L4Io9-65qer4kgbW7mt0Ic-dP4Z4Apb76UmZBENeYDAR0l0p_yuM5Om5rLUQQ6rFiIvaRRp2GwrA8QkuNNlK4ojZrttsLDdtYDTF454CTxJePPcFW3TPWTIsgqIJuQkV_fdTnTRTmHkuJlrLS_8th1DSujz-xxhsGRvSzgbpDG4eYlYuSKxsLehNaRXpNADFOj3r_23le7hQPjr58qDNeBQ7QhZltflfDKG9OQOkqEHFAodWGnb5SguwfO38cD_q9MFlawVbVf_ohgU9cy3YT6c2me3SAW-nRPhDaq2smc6CbamGwywkKHX4_7dtUtTjMvJ8N7rZyRyCKkeZx-Ph_vTJ0zDq781tf9jIAt1c-WuMnqmQ7J50Ti0HT69J8FBAjK8ak1YbJvVnF2eZdcm4T_hmKufG3PKiz_iy-K0wsu00wcjdk5wte4BA55oHFwZmM0sSrgJ0nBXWwDb1c-Yf-FD7AzyQUQuvJj5WpcVgals2TcYDjhFpQta2ZSDQpjeH4B_jNN4OcEY4lZXqXyeirjpIyUHeZ1iRUANjHCANoGZLBXEokf65kHLMrWL5t6XZKMRCBEA0GLotYLnmTIzczr0D8bUQaA17G_RMafBHH3EPtOgyL4w6Vsj3gYwnYxKgi11nYuqJyztIRAIMQQaPJmqI5RVgcX0kkE2F&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6586299657504256&eclog=0&im=1

212.117.190.202

200 OK

43 B

URL GET HTTP/2
12ezo5v60.com/chicken.gif?z=2020090&pb=a8e7bd6a9e63f920f8301e059dbf5dbb1714716568&psp=4MqNf9VwCtMk7o7LZ8Ov-Db-H9d1j4Nq1vVFMPVfse-vItQyZKxhAVFdF5eD8D0ueeBfnserrpjv32PNpiU75WmsQ7YIhQBReKR9uYB8KA45GCRMG9b0w89zE89mZKwdZzEaG22xrULC7DBov2moMGnTVE6eAi8mokEmq5aVfYs6fgW3INVFt8wqujnND842higo5x3XvQis5pIBs7Rs_GgOU74TqPJVG76cowf-S6xLbQ9GFxl31RNhF2pKUZ0DMExeCc467irF_UOpIXyofnJAj8Nj6vcoTBfN7u1Y8CC7TwINfiA0n7tb62gU5O74r1Cp7-Pfwq0m7FlScT9M3ufHIkzwRVtCR1twQFfVhs1IKfkFd-2DKyW43psaNIwbJKMLOSs11S28_hrM1EuxSWVEPQUJW94xPB_U4hqf-Afa_0GyYirIJnrvc1eS4sN3Hje5GI6fRitCEc8d8cWVYlDQFi3vScXE9XUu75E8IiQdP5EpxNgYzFcMaLxDJRM32b-yE7_Os7wwxdYc1Xt8qZeG5bOrmAsrc6lYOAg5oSY_L2KzX9lngZy0XrbDO7w4-_8J0RkGq3QIM1hvuf1z2MXriOCPxt7Z4iNWYRyUudln_-e9gpBPEV-XteTlmIIToD8f_RRxoYQUUkUZrwttDrIhv0_GFittX4LQ6Dpt9IXOT7ybrAR7b-3m5AqIJKvdgVv7uzVPV8ps435jv1E_QPbk1lc8GqAEbLYqm4fZ39FedW5XqRdifxNh506ttB8XxT_LNy0dwElLIsUToQi9_MTNhzp1hZRm55oxUwxlN5pRzS5vsVZ6kumeDZUDEoure8KVuz8fS9Dp_0yrPHCm9eJBwBCR2FhgdiyUcpzUsQYavJOGsfBnP1s5UqQcGA67ppEgMUfsnDGg6X6StfspsBTzhWVtNAE_O_W2aoWGbBTxcG_sBjNu8YB2E7XZKzwn2Mk74W8t_hun-9OwjjBa8ENUZM6haIFF9BpjsMCumcA-GQI_T_S_Zzv9L4Io9-65qer4kgbW7mt0Ic-dP4Z4Apb76UmZBENeYDAR0l0p_yuM5Om5rLUQQ6rFiIvaRRp2GwrA8QkuNNlK4ojZrttsLDdtYDTF454CTxJePPcFW3TPWTIsgqIJuQkV_fdTnTRTmHkuJlrLS_8th1DSujz-xxhsGRvSzgbpDG4eYlYuSKxsLehNaRXpNADFOj3r_23le7hQPjr58qDNeBQ7QhZltflfDKG9OQOkqEHFAodWGnb5SguwfO38cD_q9MFlawVbVf_ohgU9cy3YT6c2me3SAW-nRPhDaq2smc6CbamGwywkKHX4_7dtUtTjMvJ8N7rZyRyCKkeZx-Ph_vTJ0zDq781tf9jIAt1c-WuMnqmQ7J50Ti0HT69J8FBAjK8ak1YbJvVnF2eZdcm4T_hmKufG3PKiz_iy-K0wsu00wcjdk5wte4BA55oHFwZmM0sSrgJ0nBXWwDb1c-Yf-FD7AzyQUQuvJj5WpcVgals2TcYDjhFpQta2ZSDQpjeH4B_jNN4OcEY4lZXqXyeirjpIyUHeZ1iRUANjHCANoGZLBXEokf65kHLMrWL5t6XZKMRCBEA0GLotYLnmTIzczr0D8bUQaA17G_RMafBHH3EPtOgyL4w6Vsj3gYwnYxKgi11nYuqJyztIRAIMQQaPJmqI5RVgcX0kkE2F&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6586299657504256&eclog=0&im=1
IP
212.117.190.202:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerBuypass AS-983163327
Subject
FingerprintDB:57:32:8B:71:3B:E2:BC:8C:B1:94:D1:8A:25:4E:EE:A7:BA:C5:59
ValidityTue, 09 Jan 2024 13:35:13 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

GET /chicken.gif?z=2020090&pb=a8e7bd6a9e63f920f8301e059dbf5dbb1714716568&psp=4MqNf9VwCtMk7o7LZ8Ov-Db-H9d1j4Nq1vVFMPVfse-vItQyZKxhAVFdF5eD8D0ueeBfnserrpjv32PNpiU75WmsQ7YIhQBReKR9uYB8KA45GCRMG9b0w89zE89mZKwdZzEaG22xrULC7DBov2moMGnTVE6eAi8mokEmq5aVfYs6fgW3INVFt8wqujnND842higo5x3XvQis5pIBs7Rs_GgOU74TqPJVG76cowf-S6xLbQ9GFxl31RNhF2pKUZ0DMExeCc467irF_UOpIXyofnJAj8Nj6vcoTBfN7u1Y8CC7TwINfiA0n7tb62gU5O74r1Cp7-Pfwq0m7FlScT9M3ufHIkzwRVtCR1twQFfVhs1IKfkFd-2DKyW43psaNIwbJKMLOSs11S28_hrM1EuxSWVEPQUJW94xPB_U4hqf-Afa_0GyYirIJnrvc1eS4sN3Hje5GI6fRitCEc8d8cWVYlDQFi3vScXE9XUu75E8IiQdP5EpxNgYzFcMaLxDJRM32b-yE7_Os7wwxdYc1Xt8qZeG5bOrmAsrc6lYOAg5oSY_L2KzX9lngZy0XrbDO7w4-_8J0RkGq3QIM1hvuf1z2MXriOCPxt7Z4iNWYRyUudln_-e9gpBPEV-XteTlmIIToD8f_RRxoYQUUkUZrwttDrIhv0_GFittX4LQ6Dpt9IXOT7ybrAR7b-3m5AqIJKvdgVv7uzVPV8ps435jv1E_QPbk1lc8GqAEbLYqm4fZ39FedW5XqRdifxNh506ttB8XxT_LNy0dwElLIsUToQi9_MTNhzp1hZRm55oxUwxlN5pRzS5vsVZ6kumeDZUDEoure8KVuz8fS9Dp_0yrPHCm9eJBwBCR2FhgdiyUcpzUsQYavJOGsfBnP1s5UqQcGA67ppEgMUfsnDGg6X6StfspsBTzhWVtNAE_O_W2aoWGbBTxcG_sBjNu8YB2E7XZKzwn2Mk74W8t_hun-9OwjjBa8ENUZM6haIFF9BpjsMCumcA-GQI_T_S_Zzv9L4Io9-65qer4kgbW7mt0Ic-dP4Z4Apb76UmZBENeYDAR0l0p_yuM5Om5rLUQQ6rFiIvaRRp2GwrA8QkuNNlK4ojZrttsLDdtYDTF454CTxJePPcFW3TPWTIsgqIJuQkV_fdTnTRTmHkuJlrLS_8th1DSujz-xxhsGRvSzgbpDG4eYlYuSKxsLehNaRXpNADFOj3r_23le7hQPjr58qDNeBQ7QhZltflfDKG9OQOkqEHFAodWGnb5SguwfO38cD_q9MFlawVbVf_ohgU9cy3YT6c2me3SAW-nRPhDaq2smc6CbamGwywkKHX4_7dtUtTjMvJ8N7rZyRyCKkeZx-Ph_vTJ0zDq781tf9jIAt1c-WuMnqmQ7J50Ti0HT69J8FBAjK8ak1YbJvVnF2eZdcm4T_hmKufG3PKiz_iy-K0wsu00wcjdk5wte4BA55oHFwZmM0sSrgJ0nBXWwDb1c-Yf-FD7AzyQUQuvJj5WpcVgals2TcYDjhFpQta2ZSDQpjeH4B_jNN4OcEY4lZXqXyeirjpIyUHeZ1iRUANjHCANoGZLBXEokf65kHLMrWL5t6XZKMRCBEA0GLotYLnmTIzczr0D8bUQaA17G_RMafBHH3EPtOgyL4w6Vsj3gYwnYxKgi11nYuqJyztIRAIMQQaPJmqI5RVgcX0kkE2F&freq=0&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6586299657504256&eclog=0&im=1 HTTP/1.1
Host: 12ezo5v60.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: UID=240502230995c67ac760dd47c6ab9694c5a1; CHCK=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:30 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwBqMc7GXML0ZpcvEQzdJTiQhnV8KX_Fm6vmyRJOgLkR-ZMDF5IXVlbrJdescXlSORwl0jppA

74.125.131.84

302 Found

427 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwBqMc7GXML0ZpcvEQzdJTiQhnV8KX_Fm6vmyRJOgLkR-ZMDF5IXVlbrJdescXlSORwl0jppA
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
HTML document, ASCII text, with very long lines (404)
Size
427 B (427 bytes)
Hash
eec3c58533f0b902685af6e2e3b93716
2e3594519f3029f88b1665c0dc12eb1626205380
d35b6b68e79fc7cf79758f0d63a438f075b3b29cfe8222055f46644f7b8bc058

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwBqMc7GXML0ZpcvEQzdJTiQhnV8KX_Fm6vmyRJOgLkR-ZMDF5IXVlbrJdescXlSORwl0jppA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:LqP53jXFpxU3B3zM-yORLTZZNpgWmw:F1hzNjHV_LezLwd_;Path=/;Expires=Sun, 03-May-2026 04:09:30 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 04:09:30 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxE2JGfT4c6ayJtOMHki2IWO4sNNmccGZzzmtCn9cHhgfP_U4GSlTixh6wxoS0tYG_3gDQRmw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S806124284%3A1714709370780258&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-Oo7EW-bS9LfTJZxu-skgig' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 427
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

storage.multstorage.com/log/count.html

172.67.174.51

200 OK

117 kB

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
172.67.174.51:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT

File type
HTML document, ASCII text, with very long lines (700)
Size
117 kB (117032 bytes)
Hash
b728ca9cd183d1b7c3f72116b19b22a3
c1fd73f6b02cf00b8bc60b09cc99495e8494b739
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 56ca3659f8d370c777c72d34cd3204eb
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iq0JroJukyFso1dXeHorejzLya%2F%2FoIqp1rvywTsP20WVKKpOB8zEypKXwJ4sWQl5Mou7F7i%2FOtdpBanYGWXL5EEd1wD%2FhwuAKf%2B%2FKr2OK9YnCfXTta3uakiuUh6X9Yi3i%2BGI%2BDzj%2B1VyPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd6558cce8b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

665 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type
data
Size
665 B (665 bytes)
Hash
23608f9e0bdc151b537b72da5db2e9d6
e5c5c2661ddcc0061588648f2f4e0bf2062c384d
e5b2ccb6fb4d2b00cd64e4b96dfa6cd20984aff936d732471dd2e2ded6002282

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
date: Fri, 03 May 2024 04:09:31 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N3T%2FuLUkK9Td%2Fyay%2FkHLlWPPTal1KVvyDZvgzSBpJpSTP6awoHTZdPeQtcVicbQBz2nCqwNFe%2FVTnK46nqVai0D8OyCKU3t5RsLhPARK%2BPlZT5qpMQX4cmwK7VWVCO9zn%2Ba%2F5o8IqTHXmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd6561e8c25694-OSL
alt-svc: h3=":443"; ma=86400

mcpuwpsh.com/get/

94.130.197.240

200 OK

6.4 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
6.4 kB (6416 bytes)
Hash
ee3f95d227801cffe5250594a870f43d
1a02522c3b320ba1413a04bb46cdefae27aae69b
d308c6328379e0d9521427c6da3321f10f918fc5a1b6fc0e9ec9e64299a930ab

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1409
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 03 May 2024 04:09:31 GMT
content-type: application/json
content-length: 6416
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mcpuwpsh.com/get/

94.130.197.240

200 OK

4.2 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
4.2 kB (4164 bytes)
Hash
21e665813abb5d338558d7d1eb048b50
6ce2ec8fb7cb6899e671f5e2b9c280724db0acd8
570c6cd98d45fcc4023adfe79d2c01f82447601b0ff719f04745f5b58dac9c13

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1408
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 03 May 2024 04:09:31 GMT
content-type: application/json
content-length: 4164
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

www.amdahost.com/cdn-cgi/rum?

104.21.40.89

204 No Content

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/rum?
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1082
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b; cf_clearance=INERgHwaerfPT03VMVdgJmLRbkAaZJSe5d2fHnJkK9c-1714709369-1.0.1.1-MPTO7NYuGF9j9CYpOIyKti2A1L2Ja0v2rk9kS_2q.2GAaE0BHc5TqROFUcdLmOAfip4a5yMxp7P8MjKJs3hsxg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 03 May 2024 04:09:32 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87dd6569cb6956c0-OSL
x-frame-options: DENY
x-content-type-options: nosniff

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

162 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
date: Fri, 03 May 2024 04:09:29 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=74%2Bm%2BBdBM4YDvlerdKIgrYPOPrwHqm6bzrh9cbYcQWmsz9yVaww0EIx1%2FpMdM0h%2FIzFi9ds8JXof5ojdteV4X%2BInGqqshde%2FrPFxOpEKO%2FvxjFR2yo2nH1YgCEGJ5vG%2FcvvxbY2VHWfDJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd6558ac395694-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Comic+Neue&display=swap

142.250.74.106

200 OK

290 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Comic+Neue&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
ASCII text
Size
290 B (290 bytes)
Hash
6656f3a1fea13339d16a8e972482491c
07f1bad19d0c2f4ece9d75b85a9e5d9298a5393b
e3e572c48086372c2017fd03434bb4bc69dcf451729e0c852880a2187218e2bf

HTTP Headers

GET /css2?family=Comic+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 04:09:27 GMT
date: Fri, 03 May 2024 04:09:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

p.a64x.com/in/tip_shows/?katds_ep=Z6whPW3lJq0_6qWQxZKOHpNkdI9IDdlfdmqbPGDBVnl6nF9rLiy4pmtct3amlIlJ9Vkufdsvpo-6d8i9Vei6BEdrw05Qf_kuv7KIsr4FJDXe4gd5ANE5JgNRHMW5mMaXNTjhRaJdQZew_k71KmVAmy0n8KgxIFmjOCvqqwnbFA7xMb2-h1cZn8IFLCvi9Kw4G59_n14fRyCxb06AQffkxxf0azalW1SbEg0bBsmAFnveiocqFSNp0cpUF9Q2ztJrIFuxclV-7wjCa3qOStKtN4KFQscQgWsxAzCc_tvCXNS-Di7DUjlNQCL4OBE8O7-Xvp4VyuykQNJVrQZpXo7rlaPVk6s_ymvioXuu8UPhwSR7e1H6D8dmKtGqBKmNNP21jGOc_ahzIJFcTzSUqSqNCZR37I57U62ZEYHDvIyLli5vQa6PGABAJysMpITPUBRH2eJmJJHWrPFLrN_IlPJpY5eN94qanPvOIHBhGJY0MmJxhBGU_bjqHahD_qhUUfZ0tx_EJ9wBdJ0KgClfnxcN2hSJ2vm3Q6aSkNpgAToQQavVcHmIOPlDkATyvSmTZY2RTI7KViMcisrmo19heecAAXvn4ALwM_E5a_fFwQUz1Vl5nN2-KRyF1b8IUAcmQwSVqG469HLCIRYZnFHZzJtcvQ2a7AxkT5ckWPWJTWNVdQiwSSNGn_Q1_7s31RZ1tR7mUL9Uo7zJTf8BWsxX3JzYRCokkKNYG3sNX4zh7oPbIqA4WwfiMVwJQ0PNbm2VGDM5qcCXWj8v6CSojVHQ32TancvSDZGU7qxhaJfg_BcVTEPkNCjk5CjpfIDdxSi4CKAJBdAz8qCjtYKMuSRsMo34trk5nXV7O9piyzpW796b9TOXTVyCvt6T8sARvNIA6gBYHFwJRo0jxhMJI4VoTG2_sJDfc9HAYVU9TzOcK3pXSqub&bid=0.0026&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.06&cpa=c9816a13-c2d8-4e22-bc98-e3335fbd101b&prev_step_diff=2134

172.67.185.171

302 Found

0 B

URL GET HTTP/2
p.a64x.com/in/tip_shows/?katds_ep=Z6whPW3lJq0_6qWQxZKOHpNkdI9IDdlfdmqbPGDBVnl6nF9rLiy4pmtct3amlIlJ9Vkufdsvpo-6d8i9Vei6BEdrw05Qf_kuv7KIsr4FJDXe4gd5ANE5JgNRHMW5mMaXNTjhRaJdQZew_k71KmVAmy0n8KgxIFmjOCvqqwnbFA7xMb2-h1cZn8IFLCvi9Kw4G59_n14fRyCxb06AQffkxxf0azalW1SbEg0bBsmAFnveiocqFSNp0cpUF9Q2ztJrIFuxclV-7wjCa3qOStKtN4KFQscQgWsxAzCc_tvCXNS-Di7DUjlNQCL4OBE8O7-Xvp4VyuykQNJVrQZpXo7rlaPVk6s_ymvioXuu8UPhwSR7e1H6D8dmKtGqBKmNNP21jGOc_ahzIJFcTzSUqSqNCZR37I57U62ZEYHDvIyLli5vQa6PGABAJysMpITPUBRH2eJmJJHWrPFLrN_IlPJpY5eN94qanPvOIHBhGJY0MmJxhBGU_bjqHahD_qhUUfZ0tx_EJ9wBdJ0KgClfnxcN2hSJ2vm3Q6aSkNpgAToQQavVcHmIOPlDkATyvSmTZY2RTI7KViMcisrmo19heecAAXvn4ALwM_E5a_fFwQUz1Vl5nN2-KRyF1b8IUAcmQwSVqG469HLCIRYZnFHZzJtcvQ2a7AxkT5ckWPWJTWNVdQiwSSNGn_Q1_7s31RZ1tR7mUL9Uo7zJTf8BWsxX3JzYRCokkKNYG3sNX4zh7oPbIqA4WwfiMVwJQ0PNbm2VGDM5qcCXWj8v6CSojVHQ32TancvSDZGU7qxhaJfg_BcVTEPkNCjk5CjpfIDdxSi4CKAJBdAz8qCjtYKMuSRsMo34trk5nXV7O9piyzpW796b9TOXTVyCvt6T8sARvNIA6gBYHFwJRo0jxhMJI4VoTG2_sJDfc9HAYVU9TzOcK3pXSqub&bid=0.0026&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.06&cpa=c9816a13-c2d8-4e22-bc98-e3335fbd101b&prev_step_diff=2134
IP
172.67.185.171:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjecta64x.com
Fingerprint86:FD:2B:DD:CC:BD:8D:ED:C0:8D:41:81:C1:48:2D:45:D6:4F:67:88
ValidityTue, 19 Mar 2024 14:58:28 GMT - Mon, 17 Jun 2024 14:58:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/tip_shows/?katds_ep=Z6whPW3lJq0_6qWQxZKOHpNkdI9IDdlfdmqbPGDBVnl6nF9rLiy4pmtct3amlIlJ9Vkufdsvpo-6d8i9Vei6BEdrw05Qf_kuv7KIsr4FJDXe4gd5ANE5JgNRHMW5mMaXNTjhRaJdQZew_k71KmVAmy0n8KgxIFmjOCvqqwnbFA7xMb2-h1cZn8IFLCvi9Kw4G59_n14fRyCxb06AQffkxxf0azalW1SbEg0bBsmAFnveiocqFSNp0cpUF9Q2ztJrIFuxclV-7wjCa3qOStKtN4KFQscQgWsxAzCc_tvCXNS-Di7DUjlNQCL4OBE8O7-Xvp4VyuykQNJVrQZpXo7rlaPVk6s_ymvioXuu8UPhwSR7e1H6D8dmKtGqBKmNNP21jGOc_ahzIJFcTzSUqSqNCZR37I57U62ZEYHDvIyLli5vQa6PGABAJysMpITPUBRH2eJmJJHWrPFLrN_IlPJpY5eN94qanPvOIHBhGJY0MmJxhBGU_bjqHahD_qhUUfZ0tx_EJ9wBdJ0KgClfnxcN2hSJ2vm3Q6aSkNpgAToQQavVcHmIOPlDkATyvSmTZY2RTI7KViMcisrmo19heecAAXvn4ALwM_E5a_fFwQUz1Vl5nN2-KRyF1b8IUAcmQwSVqG469HLCIRYZnFHZzJtcvQ2a7AxkT5ckWPWJTWNVdQiwSSNGn_Q1_7s31RZ1tR7mUL9Uo7zJTf8BWsxX3JzYRCokkKNYG3sNX4zh7oPbIqA4WwfiMVwJQ0PNbm2VGDM5qcCXWj8v6CSojVHQ32TancvSDZGU7qxhaJfg_BcVTEPkNCjk5CjpfIDdxSi4CKAJBdAz8qCjtYKMuSRsMo34trk5nXV7O9piyzpW796b9TOXTVyCvt6T8sARvNIA6gBYHFwJRo0jxhMJI4VoTG2_sJDfc9HAYVU9TzOcK3pXSqub&bid=0.0026&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.06&cpa=c9816a13-c2d8-4e22-bc98-e3335fbd101b&prev_step_diff=2134 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 03 May 2024 04:09:32 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/796/796797/conversions/SL5914Pj-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DejUECX1bo3NyIJjucwsgyl4O%2FipvrpAGQTkHyvqDETMFT4wHtWbXP1qLihn0K%2FKDpNu9vP6AFMfVg%2Fj29we46r7CvZOhW6a%2F%2FRXtdlDki8CgS1%2FSUt5h0qs5%2BAC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd656a4fd456b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/MyBid_Logo_1000px_Color__1_.jpg

45.133.44.24

200 OK

52 kB

URL GET HTTP/2
static.bookmsg.com/creatives/MyBid_Logo_1000px_Color__1_.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=8, height=0, bps=8, xresolution=110, yresolution=118, resolutionunit=2, width=0], baseline, precision 8, 1000x145, components 3
Size
52 kB (52487 bytes)
Hash
084252b0ae0091b39bb5ef1e35003ee5
5a9cd9d6d06563b5a27da5d2719fa8162c02b4a0
0bb486355a97f805e01f9a29d57fbe14502997b45f3c45cce3c240a5067cdb80

HTTP Headers

GET /creatives/MyBid_Logo_1000px_Color__1_.jpg HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:32 GMT
content-type: image/jpeg
content-length: 52487
server: nginx/1.24.0
last-modified: Mon, 11 Mar 2024 13:45:15 GMT
etag: "65ef0aeb-cd07"
expires: Sat, 03 May 2025 04:09:32 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

0afc4c07a9.9fbdc30642.com/79c7e8dad32f8bc2b158100c803052e7.js

45.133.44.52

200 OK

48 kB

URL GET HTTP/2
0afc4c07a9.9fbdc30642.com/79c7e8dad32f8bc2b158100c803052e7.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subject0afc4c07a9.9fbdc30642.com
Fingerprint9D:0F:4E:A7:C3:AC:A0:6E:EF:F4:56:62:CC:83:32:E6:02:20:E0:CB
ValidityTue, 30 Apr 2024 02:20:22 GMT - Mon, 29 Jul 2024 02:20:21 GMT

File type
gzip compressed data, from Unix
Size
48 kB (47600 bytes)
Hash
faf57f0c9e663d3e4c95cb0994a5ace8
08a51b211b294f0006327a8413bdc60df8bffdaf
935a528ca04f6b22c36f0f5ecb5bb47587fdb2fa02e2d24cc4d39c27d8be4d89

HTTP Headers

GET /79c7e8dad32f8bc2b158100c803052e7.js HTTP/1.1
Host: 0afc4c07a9.9fbdc30642.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Fri, 03 May 2024 04:14:29 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

1.3 kB

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type
data
Size
1.3 kB (1296 bytes)
Hash
e3266ec571692e10f4c1e58fb05ff9dc
f92e651502f982cb4e782b4cadecfa0342305551
52000a56b0d2073ecdcbb40829a3ba56e1391ba42d66397efbc7a00d4c0a7365

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
date: Fri, 03 May 2024 04:09:31 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eq%2Fe52pdixWoBdCjxjmbvSTz5OdpFIboUQIG37RLIQ2TXydqsS0cPyr8jEfluZcExM%2FIibSq%2FFlqpP7ysnKr4zQ51FelR5htzjMJ6MHWQ0h3kilqYZh6WG2CLTZ5bjrFBJbLQdPQcSAP%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd656248e15694-OSL
alt-svc: h3=":443"; ma=86400

imdn.pics/m/p/0/796/796798/conversions/C5kTkS9z-minify.jpg

45.133.44.25

200 OK

22 kB

URL GET HTTP/2
imdn.pics/m/p/0/796/796798/conversions/C5kTkS9z-minify.jpg
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3
Size
22 kB (21898 bytes)
Hash
8b940c6417902affc1aae52aa756fa99
bc677ae2248f8a331dc3c8e88c10e1e01fe6d11e
a34ce5594ed0360ac7d24497a96d7d87b438db9ca5e9d174fcd79d2b83fe79b5

HTTP Headers

GET /m/p/0/796/796798/conversions/C5kTkS9z-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:32 GMT
content-type: image/jpeg
content-length: 21898
server: nginx
last-modified: Thu, 02 May 2024 12:58:32 GMT
etag: "66338df8-558a"
x-request-id: d29bda490b1e95d8b122e7c5a130d54f
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

imdn.pics/m/p/0/796/796797/conversions/SL5914Pj-minify.jpg

45.133.44.25

200 OK

2.0 kB

URL GET HTTP/2
imdn.pics/m/p/0/796/796797/conversions/SL5914Pj-minify.jpg
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3
Size
2.0 kB (1954 bytes)
Hash
5dfa5c0dbdd88ec85e7c3b90dcf999ef
4cf3c9764ab206d3e60d109f1c97bcded5e58987
423a82f807780d5a69020dd45d692dc8d3a0f1ce8aca164521df5f40f8919783

HTTP Headers

GET /m/p/0/796/796797/conversions/SL5914Pj-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:32 GMT
content-type: image/jpeg
content-length: 1954
server: nginx
last-modified: Thu, 02 May 2024 12:58:24 GMT
etag: "66338df0-7a2"
x-request-id: 11efa3211be5c8137cc83eb91a8da363
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

43b71e837e.d8388cd984.com/in/multy

168.119.25.102

200 OK

0 B

URL POST HTTP/2
43b71e837e.d8388cd984.com/in/multy
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectd8388cd984.com
Fingerprint5C:36:8D:99:1A:7F:F6:92:44:F7:B8:16:AD:0F:53:77:A8:09:E9:AD
ValidityMon, 29 Apr 2024 14:01:57 GMT - Sun, 28 Jul 2024 14:01:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 43b71e837e.d8388cd984.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Fri, 03 May 2024 04:09:35 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

43b71e837e.d8388cd984.com/in/multy

168.119.25.102

200 OK

4.3 kB

URL POST HTTP/2
43b71e837e.d8388cd984.com/in/multy
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectd8388cd984.com
Fingerprint5C:36:8D:99:1A:7F:F6:92:44:F7:B8:16:AD:0F:53:77:A8:09:E9:AD
ValidityMon, 29 Apr 2024 14:01:57 GMT - Sun, 28 Jul 2024 14:01:56 GMT

File type
JSON text data
Size
4.3 kB (4274 bytes)
Hash
400a427b753da8e1ff04d6467dd61f21
af9d0e32ce704f60ad00d5af5d65b25acfca3c4b
3b94430605396bb7bd4b26349cbabd983a098a03f1a5ac49a0eac7c57c7fc7b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /in/multy HTTP/1.1
Host: 43b71e837e.d8388cd984.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2391
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 May 2024 04:09:35 GMT
content-type: application/json
content-length: 4274
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

storage.mbidstorage.com/log/count.html

104.21.65.172

301 Moved Permanently

648 B

URL GET HTTP/3
storage.mbidstorage.com/log/count.html
IP
104.21.65.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectmbidstorage.com
Fingerprint8C:81:E9:1C:1E:C6:E4:E4:7B:C3:13:B8:D1:10:9D:F0:54:1B:0E:95
ValiditySat, 27 Apr 2024 08:20:36 GMT - Fri, 26 Jul 2024 08:20:35 GMT

File type
data
Size
648 B (648 bytes)
Hash
d45f08ade72324750b816c9e379c41b7
9d1699ce28a3953d8a3d0328a407dbcc7df1daa0
c8c5188e372aa8edf821097544ad5845bc1630d161b1ae81db35a3584f6aa0bf

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.mbidstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
date: Fri, 03 May 2024 04:09:32 GMT
content-type: text/html
location: https://storage.mbidstorage.com/log/count.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TXioOLTOmDuwgAJTZ5%2FQRnuNrbPuuRG8nWClJfMz%2Bce2UWKESIWo0uJPeFVo9NMV1I%2BWsy8itSkosSnPBMQjEo%2BZEjgYjEMpum56ZIcLF4EhZVTLUj%2BLR9w%2FmNb6dCCTeD4r9CEaYFCLOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd6565da8c5694-OSL
alt-svc: h3=":443"; ma=86400

43b71e837e.d8388cd984.com/in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709375&subid=1511354673&sid=3741713305&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=13734950386773246760&score=55.478040632585646&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&icons=Iy7VEWexvxpw5-1EMNBfv06Bh7VErCgUH2vWF-i4Kqw4V0VLdKnzbadM6xsCiws1n1fH5JSIaEyAp1c-_zpnQ4NMDH6Ufg3LXsnQ0vYR_18O-y6zDf8hXwgt1VMThvvHOsGQVOWuzEFz5L9HcumYUscATfy5Gi2MXLIxsFHq4oA8PL2-YQ&ext_cid=0&px_id=529500&min_cpm=0.03349760855080511&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=5600106225452095280&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.009045692534829224&cpm=0&verify_hash=f9618ead733d1453dc4556a2784ef7b5&is_native=4&real_bid=0.0003745124656374122&original_bid_usd=0.001386878&original_bid=0.001386878&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,20,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.001386878&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001386878&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.12&cpa=e1deb1cc-7d27-4e6c-b1be-7552fc8d49c4&prev_step_diff=826

168.119.25.102

200 OK

0 B

URL GET HTTP/2
43b71e837e.d8388cd984.com/in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709375&subid=1511354673&sid=3741713305&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=13734950386773246760&score=55.478040632585646&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&icons=Iy7VEWexvxpw5-1EMNBfv06Bh7VErCgUH2vWF-i4Kqw4V0VLdKnzbadM6xsCiws1n1fH5JSIaEyAp1c-_zpnQ4NMDH6Ufg3LXsnQ0vYR_18O-y6zDf8hXwgt1VMThvvHOsGQVOWuzEFz5L9HcumYUscATfy5Gi2MXLIxsFHq4oA8PL2-YQ&ext_cid=0&px_id=529500&min_cpm=0.03349760855080511&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=5600106225452095280&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.009045692534829224&cpm=0&verify_hash=f9618ead733d1453dc4556a2784ef7b5&is_native=4&real_bid=0.0003745124656374122&original_bid_usd=0.001386878&original_bid=0.001386878&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,20,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.001386878&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001386878&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.12&cpa=e1deb1cc-7d27-4e6c-b1be-7552fc8d49c4&prev_step_diff=826
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectd8388cd984.com
Fingerprint5C:36:8D:99:1A:7F:F6:92:44:F7:B8:16:AD:0F:53:77:A8:09:E9:AD
ValidityMon, 29 Apr 2024 14:01:57 GMT - Sun, 28 Jul 2024 14:01:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709375&subid=1511354673&sid=3741713305&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=13734950386773246760&score=55.478040632585646&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&icons=Iy7VEWexvxpw5-1EMNBfv06Bh7VErCgUH2vWF-i4Kqw4V0VLdKnzbadM6xsCiws1n1fH5JSIaEyAp1c-_zpnQ4NMDH6Ufg3LXsnQ0vYR_18O-y6zDf8hXwgt1VMThvvHOsGQVOWuzEFz5L9HcumYUscATfy5Gi2MXLIxsFHq4oA8PL2-YQ&ext_cid=0&px_id=529500&min_cpm=0.03349760855080511&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=5600106225452095280&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.009045692534829224&cpm=0&verify_hash=f9618ead733d1453dc4556a2784ef7b5&is_native=4&real_bid=0.0003745124656374122&original_bid_usd=0.001386878&original_bid=0.001386878&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,20,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.001386878&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001386878&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.12&cpa=e1deb1cc-7d27-4e6c-b1be-7552fc8d49c4&prev_step_diff=826 HTTP/1.1
Host: 43b71e837e.d8388cd984.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 May 2024 04:09:35 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

43b71e837e.d8388cd984.com/in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709375&subid=1511354673&sid=3741713305&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=13734950386773246760&score=55.478040632585646&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DipK02sS_06m0qTvpFa_2k5YD_0xzapApdy3yBNzVp1B2FSVK2xTUxBjzQLz80hdqO_ZlbK4dNDTXMrNf6eeMRD-ZKFJAniItvMVvcvcW9YahcelcocHpCTdkESBcJ_8pRuhAG7DO-nUYLvzDzBlUwQ8wP3h-4TwZbwAsvs5drEGOVrnPphqpiMaIUIm8gmWCNVkt_4Dxw70ovj2G_L8BkC74DbYoO3fjxXuWdRfKySdRq-agIgi0pVZXQE0e96nBcDTpC7F420KvtLkgSf1Spv4oZU5GBgxhIGP0pU-jBAqak8ixFijwFvK0wck8gPP7KNmuC6TC7a20mcXXn98Z505n0Fg1DoTjtVtFpsv6Il-0YUtrBAabenraxs3OPANqZ8hWZO5mza8kaFLkBx4EEWSX_eut0-HJbowvcQt5qy7ZDhQ2Dm0WCF4ACaVQyuRgPIdLEOrLqunvRh4YeViy_CXpTYAAu98jvopUC-uZXp5EHKuVv9Iu4Kl3ecMaN6VBZSJxaowzaFymHCf9qIMHl-7UfK3VRGuU7noY4Y_vJpizS4j_xuN-Uo_EBokimjpa1SF002o_&icons=cKFVQtUPoHvZMhNDTHCsCuFqa_Q1WPuz-oMMXidefXPIuENv2wMdiKXn1fNmYWv0pf-97qe_1ifRmBlgV6leSEfH9Tk2ktaJnXLExP_TgKZOGerWWw-G40eOrxMzYCIVwlUPyqSc6IzdkVHHKnJFTTMNpyi-F9qAtys72Pk-UXT6nGLzVtAnbuxAuKkowl7jEG-h7rb9RZBm8Iw-aFeyIaAe1a9yPRQ2vVk0YpheZYxFxSqzMrEHOgGj95eV7foVGMD7Yw2MWmOs1N_W1kOUnlhF9LVVfv7rKherd-tDiCv2X1WSYTQO4e9tKBEWMXcGtppa4D9N4qdNGcWWY4ZbOmeaZ17XPZ8-7k5onGnKS8F04-18Lzama6SGm3kDWrpYy5QgmfMqqN-g4O3X_57o5aptCk5j5jrfOl7U_OSGjrcGOhuSx8VCk2VZnv0qvS_EAzZ3tY8Y9Hjx1VVqb5b1U3VRRywg7DKXEb359C18UE5CWT_YJATXzCSwZ9oEOpMIETOX8g6Pm-wwl8ojMbZT-dfJiMH0t2Q7LI3Rd7WN4MPuMtFR_okaeM5FcPX088yGhh6WtQPUORks2feCwRmUJ2NNiHF04sW5hdhkFBPBW1S5BcHOUMl_RKwTYmGzY2hdYKhFra2oE25h7z-SJRgdvvex8t7mqVj_hUQgfvNHU_Pz4qlMzLazHDz1AcUsC8ZsB2ovdHs&ext_cid=0&px_id=31529500&min_cpm=0.03823948183279743&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=5600106225452095280&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.08909659348188642&cpm=0&verify_hash=c5c7fcb16980f1caea7662b44fd22eaf&is_native=1&real_bid=0.0032313749939203123&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93,58&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=1714766975&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F27601134%2F551814_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.12&cpa=0cad176a-95c8-4ce4-a89c-282714327b66&prev_step_diff=826

168.119.25.102

200 OK

0 B

URL GET HTTP/2
43b71e837e.d8388cd984.com/in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709375&subid=1511354673&sid=3741713305&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=13734950386773246760&score=55.478040632585646&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DipK02sS_06m0qTvpFa_2k5YD_0xzapApdy3yBNzVp1B2FSVK2xTUxBjzQLz80hdqO_ZlbK4dNDTXMrNf6eeMRD-ZKFJAniItvMVvcvcW9YahcelcocHpCTdkESBcJ_8pRuhAG7DO-nUYLvzDzBlUwQ8wP3h-4TwZbwAsvs5drEGOVrnPphqpiMaIUIm8gmWCNVkt_4Dxw70ovj2G_L8BkC74DbYoO3fjxXuWdRfKySdRq-agIgi0pVZXQE0e96nBcDTpC7F420KvtLkgSf1Spv4oZU5GBgxhIGP0pU-jBAqak8ixFijwFvK0wck8gPP7KNmuC6TC7a20mcXXn98Z505n0Fg1DoTjtVtFpsv6Il-0YUtrBAabenraxs3OPANqZ8hWZO5mza8kaFLkBx4EEWSX_eut0-HJbowvcQt5qy7ZDhQ2Dm0WCF4ACaVQyuRgPIdLEOrLqunvRh4YeViy_CXpTYAAu98jvopUC-uZXp5EHKuVv9Iu4Kl3ecMaN6VBZSJxaowzaFymHCf9qIMHl-7UfK3VRGuU7noY4Y_vJpizS4j_xuN-Uo_EBokimjpa1SF002o_&icons=cKFVQtUPoHvZMhNDTHCsCuFqa_Q1WPuz-oMMXidefXPIuENv2wMdiKXn1fNmYWv0pf-97qe_1ifRmBlgV6leSEfH9Tk2ktaJnXLExP_TgKZOGerWWw-G40eOrxMzYCIVwlUPyqSc6IzdkVHHKnJFTTMNpyi-F9qAtys72Pk-UXT6nGLzVtAnbuxAuKkowl7jEG-h7rb9RZBm8Iw-aFeyIaAe1a9yPRQ2vVk0YpheZYxFxSqzMrEHOgGj95eV7foVGMD7Yw2MWmOs1N_W1kOUnlhF9LVVfv7rKherd-tDiCv2X1WSYTQO4e9tKBEWMXcGtppa4D9N4qdNGcWWY4ZbOmeaZ17XPZ8-7k5onGnKS8F04-18Lzama6SGm3kDWrpYy5QgmfMqqN-g4O3X_57o5aptCk5j5jrfOl7U_OSGjrcGOhuSx8VCk2VZnv0qvS_EAzZ3tY8Y9Hjx1VVqb5b1U3VRRywg7DKXEb359C18UE5CWT_YJATXzCSwZ9oEOpMIETOX8g6Pm-wwl8ojMbZT-dfJiMH0t2Q7LI3Rd7WN4MPuMtFR_okaeM5FcPX088yGhh6WtQPUORks2feCwRmUJ2NNiHF04sW5hdhkFBPBW1S5BcHOUMl_RKwTYmGzY2hdYKhFra2oE25h7z-SJRgdvvex8t7mqVj_hUQgfvNHU_Pz4qlMzLazHDz1AcUsC8ZsB2ovdHs&ext_cid=0&px_id=31529500&min_cpm=0.03823948183279743&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=5600106225452095280&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.08909659348188642&cpm=0&verify_hash=c5c7fcb16980f1caea7662b44fd22eaf&is_native=1&real_bid=0.0032313749939203123&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93,58&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=1714766975&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F27601134%2F551814_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.12&cpa=0cad176a-95c8-4ce4-a89c-282714327b66&prev_step_diff=826
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectd8388cd984.com
Fingerprint5C:36:8D:99:1A:7F:F6:92:44:F7:B8:16:AD:0F:53:77:A8:09:E9:AD
ValidityMon, 29 Apr 2024 14:01:57 GMT - Sun, 28 Jul 2024 14:01:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31529500&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709375&subid=1511354673&sid=3741713305&tcid=0&ver=8.159.0&ver_c=&spot_id=529500&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=13734950386773246760&score=55.478040632585646&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1511354673%26spot_id%3D529500%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DipK02sS_06m0qTvpFa_2k5YD_0xzapApdy3yBNzVp1B2FSVK2xTUxBjzQLz80hdqO_ZlbK4dNDTXMrNf6eeMRD-ZKFJAniItvMVvcvcW9YahcelcocHpCTdkESBcJ_8pRuhAG7DO-nUYLvzDzBlUwQ8wP3h-4TwZbwAsvs5drEGOVrnPphqpiMaIUIm8gmWCNVkt_4Dxw70ovj2G_L8BkC74DbYoO3fjxXuWdRfKySdRq-agIgi0pVZXQE0e96nBcDTpC7F420KvtLkgSf1Spv4oZU5GBgxhIGP0pU-jBAqak8ixFijwFvK0wck8gPP7KNmuC6TC7a20mcXXn98Z505n0Fg1DoTjtVtFpsv6Il-0YUtrBAabenraxs3OPANqZ8hWZO5mza8kaFLkBx4EEWSX_eut0-HJbowvcQt5qy7ZDhQ2Dm0WCF4ACaVQyuRgPIdLEOrLqunvRh4YeViy_CXpTYAAu98jvopUC-uZXp5EHKuVv9Iu4Kl3ecMaN6VBZSJxaowzaFymHCf9qIMHl-7UfK3VRGuU7noY4Y_vJpizS4j_xuN-Uo_EBokimjpa1SF002o_&icons=cKFVQtUPoHvZMhNDTHCsCuFqa_Q1WPuz-oMMXidefXPIuENv2wMdiKXn1fNmYWv0pf-97qe_1ifRmBlgV6leSEfH9Tk2ktaJnXLExP_TgKZOGerWWw-G40eOrxMzYCIVwlUPyqSc6IzdkVHHKnJFTTMNpyi-F9qAtys72Pk-UXT6nGLzVtAnbuxAuKkowl7jEG-h7rb9RZBm8Iw-aFeyIaAe1a9yPRQ2vVk0YpheZYxFxSqzMrEHOgGj95eV7foVGMD7Yw2MWmOs1N_W1kOUnlhF9LVVfv7rKherd-tDiCv2X1WSYTQO4e9tKBEWMXcGtppa4D9N4qdNGcWWY4ZbOmeaZ17XPZ8-7k5onGnKS8F04-18Lzama6SGm3kDWrpYy5QgmfMqqN-g4O3X_57o5aptCk5j5jrfOl7U_OSGjrcGOhuSx8VCk2VZnv0qvS_EAzZ3tY8Y9Hjx1VVqb5b1U3VRRywg7DKXEb359C18UE5CWT_YJATXzCSwZ9oEOpMIETOX8g6Pm-wwl8ojMbZT-dfJiMH0t2Q7LI3Rd7WN4MPuMtFR_okaeM5FcPX088yGhh6WtQPUORks2feCwRmUJ2NNiHF04sW5hdhkFBPBW1S5BcHOUMl_RKwTYmGzY2hdYKhFra2oE25h7z-SJRgdvvex8t7mqVj_hUQgfvNHU_Pz4qlMzLazHDz1AcUsC8ZsB2ovdHs&ext_cid=0&px_id=31529500&min_cpm=0.03823948183279743&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=5600106225452095280&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.08909659348188642&cpm=0&verify_hash=c5c7fcb16980f1caea7662b44fd22eaf&is_native=1&real_bid=0.0032313749939203123&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93,58&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=2&expiration_timestamp=1714766975&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F27601134%2F551814_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-3-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.12&cpa=0cad176a-95c8-4ce4-a89c-282714327b66&prev_step_diff=826 HTTP/1.1
Host: 43b71e837e.d8388cd984.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 May 2024 04:09:35 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

imgsdn.com/ie?v=4&c=nr03IdT_RQ6oyvLQcL7ZmV9Tfi0csovy1i_Evj6Njv86Wkxg7Cs2Cs-7v8a14zE9R0pMi2XhEhjJ4cgb66fy1lvEqQzD6d1R2nlcXP3XNlvn-HUyiRL5g5XyyQ1OfQw6RHEjPDb-6OUtz1loUO4FbDMW8a-jU6rj3AjSOT88b25GYme6taXYnTkM8WjSFTsNL6YeWm58IG09PO2Y02ZobcKz2PQjVQ1inJ01fdinZkgcQoY6opbhEYaqSpZUzSTYlPLPiXlDJr0nhE8K3yws9rxZanj4uuyJsOoKwDa6QRGZ4kSEKjInRGMdGEAJCa9Zwb1DsB_2Bw6qJy0NQ9Qj-Wwji5hH1z0E5yF9Y-ZKeWMA3Hh9NBffmMzDTT3nQC-LAu6RuWD88uBVlBsflI-pmp_YDS7lVdm1G_G9s6bJF6mA3GsIjmqu5G7MO8eNHQ==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.12&cpa=e8d5dc85-2f13-42ba-bb95-3e4105b33cc2&prev_step_diff=825

138.201.194.90

301 Moved Permanently

0 B

URL GET HTTP/1.1
imgsdn.com/ie?v=4&c=nr03IdT_RQ6oyvLQcL7ZmV9Tfi0csovy1i_Evj6Njv86Wkxg7Cs2Cs-7v8a14zE9R0pMi2XhEhjJ4cgb66fy1lvEqQzD6d1R2nlcXP3XNlvn-HUyiRL5g5XyyQ1OfQw6RHEjPDb-6OUtz1loUO4FbDMW8a-jU6rj3AjSOT88b25GYme6taXYnTkM8WjSFTsNL6YeWm58IG09PO2Y02ZobcKz2PQjVQ1inJ01fdinZkgcQoY6opbhEYaqSpZUzSTYlPLPiXlDJr0nhE8K3yws9rxZanj4uuyJsOoKwDa6QRGZ4kSEKjInRGMdGEAJCa9Zwb1DsB_2Bw6qJy0NQ9Qj-Wwji5hH1z0E5yF9Y-ZKeWMA3Hh9NBffmMzDTT3nQC-LAu6RuWD88uBVlBsflI-pmp_YDS7lVdm1G_G9s6bJF6mA3GsIjmqu5G7MO8eNHQ==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.12&cpa=e8d5dc85-2f13-42ba-bb95-3e4105b33cc2&prev_step_diff=825
IP
138.201.194.90:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnimrute.com
FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4
ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ie?v=4&c=nr03IdT_RQ6oyvLQcL7ZmV9Tfi0csovy1i_Evj6Njv86Wkxg7Cs2Cs-7v8a14zE9R0pMi2XhEhjJ4cgb66fy1lvEqQzD6d1R2nlcXP3XNlvn-HUyiRL5g5XyyQ1OfQw6RHEjPDb-6OUtz1loUO4FbDMW8a-jU6rj3AjSOT88b25GYme6taXYnTkM8WjSFTsNL6YeWm58IG09PO2Y02ZobcKz2PQjVQ1inJ01fdinZkgcQoY6opbhEYaqSpZUzSTYlPLPiXlDJr0nhE8K3yws9rxZanj4uuyJsOoKwDa6QRGZ4kSEKjInRGMdGEAJCa9Zwb1DsB_2Bw6qJy0NQ9Qj-Wwji5hH1z0E5yF9Y-ZKeWMA3Hh9NBffmMzDTT3nQC-LAu6RuWD88uBVlBsflI-pmp_YDS7lVdm1G_G9s6bJF6mA3GsIjmqu5G7MO8eNHQ==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.12&cpa=e8d5dc85-2f13-42ba-bb95-3e4105b33cc2&prev_step_diff=825 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 03 May 2024 04:09:35 GMT
content-length: 0
location: https://img.vmmcdn.com/get/22852114/551814_icon.png
x-app-id: 14

nereserv.com/in/dip?site=native-push&wl=1&event_id=209a1646-c7a4-4d5d-b6a3-92f983989cc6&subid=1511354673&sid=3741713305&spot_id=529500&created_at=2024-05-03&timezone=0&ver=8.159.0&is_native=1

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=209a1646-c7a4-4d5d-b6a3-92f983989cc6&subid=1511354673&sid=3741713305&spot_id=529500&created_at=2024-05-03&timezone=0&ver=8.159.0&is_native=1
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=209a1646-c7a4-4d5d-b6a3-92f983989cc6&subid=1511354673&sid=3741713305&spot_id=529500&created_at=2024-05-03&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 03 May 2024 04:09:35 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

img.vmmcdn.com/get/27601134/551814_image.jpg

138.201.51.142

200 OK

12 kB

URL GET HTTP/1.1
img.vmmcdn.com/get/27601134/551814_image.jpg
IP
138.201.51.142:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7
ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3
Size
12 kB (12075 bytes)
Hash
ee921bcd225785444d8ab128ca1d0941
e92f5588c738df6912e3658d883aeb66b486560b
4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c

HTTP Headers

GET /get/27601134/551814_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 03 May 2024 04:09:35 GMT
Content-Type: image/jpeg
Content-Length: 12075
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-2f2b"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes

img.vmmcdn.com/get/22852114/551814_icon.png

138.201.51.142

200 OK

29 kB

URL GET HTTP/1.1
img.vmmcdn.com/get/22852114/551814_icon.png
IP
138.201.51.142:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7
ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
29 kB (29202 bytes)
Hash
dd2c731a8f080adb931798b1d813d244
a3f0f78d921c47d13c31cbbe3495020630dce6ed
1c5549bc94e19b2ee372e85368ad01f7ff34e8186c92b83e85a5bbf45689babc

HTTP Headers

GET /get/22852114/551814_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 03 May 2024 04:09:35 GMT
Content-Type: image/png
Content-Length: 29202
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-7212"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes

www.amdahost.com/cdn-cgi/rum?

104.21.40.89

204 No Content

0 B

URL POST HTTP/3
www.amdahost.com/cdn-cgi/rum?
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 520
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Fri, 03 May 2024 04:09:52 GMT
access-control-allow-origin: https://www.amdahost.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87dd65e8fb4556c0-OSL
x-frame-options: DENY
x-content-type-options: nosniff

js.mbidpsh.com/npc/sdk/push.m.js?v=1

45.133.44.52

200 OK

34 kB

URL GET HTTP/2
js.mbidpsh.com/npc/sdk/push.m.js?v=1
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectjs.mbidpsh.com
FingerprintFB:CB:96:60:36:41:56:0B:E6:D1:90:FE:AB:B3:59:6E:D0:21:67:78
ValidityThu, 18 Apr 2024 03:01:07 GMT - Wed, 17 Jul 2024 03:01:06 GMT

File type

Size
34 kB (33882 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.mbidpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Sat, 27 Apr 2024 11:13:42 GMT
etag: W/"662cdde6-845a"
content-encoding: gzip
expires: Fri, 03 May 2024 04:14:29 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

mbdippex.com/in/multy

157.90.84.246

200 OK

50 kB

URL POST HTTP/2
mbdippex.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
50 kB (50161 bytes)
Hash
65e924484f946084d18d3bf1e229532d
5bda4a0d200fb8bdec2213aad78cd6d56f93cd00
5240e4987ee8a14214a69bc2b2573855a5e13731695a6bf14a7aaa18cacf43b3

HTTP Headers

POST /in/multy HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2172
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 03 May 2024 04:09:31 GMT
content-type: application/json
content-length: 6698
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:32 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sat, 03 May 2025 04:09:32 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Archivo+Black&display=swap

142.250.74.106

200 OK

819 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Archivo+Black&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
ASCII text, with very long lines (837), with no line terminators
Size
819 B (819 bytes)
Hash
fa0b91b21b81c25b4d2bb89c6d9d84fb
1788d71d75cf429352999edca5573800814aba3f
5385a711b1675e90eb76b002d80f1c53e71449889caf26b5ee6ec34f3df23fa7

HTTP Headers

GET /css2?family=Archivo+Black&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 04:09:27 GMT
date: Fri, 03 May 2024 04:09:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2

216.58.207.227

200 OK

13 kB

URL GET HTTP/2
fonts.gstatic.com/s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13184, version 1.0
Size
13 kB (13184 bytes)
Hash
37b12babb3bd0f9d9587cc8ca89a19b9
49cfe5b31144493cec4f21dc63fb2f1051061b45
73351bb42cb7827d0cd08c5d5832140700139b86eb6dd9a49047017924cb3ed0

HTTP Headers

GET /s/karla/v31/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:41:24 GMT
expires: Fri, 02 May 2025 02:41:24 GMT
cache-control: public, max-age=31536000
age: 91683
last-modified: Wed, 27 Sep 2023 15:40:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.06&cpa=73ce6f95-8997-4050-8192-2cae6ec1deea&prev_step_diff=2134

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.06&cpa=73ce6f95-8997-4050-8192-2cae6ec1deea&prev_step_diff=2134
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.06&cpa=73ce6f95-8997-4050-8192-2cae6ec1deea&prev_step_diff=2134 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:32 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 03 May 2025 04:09:32 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

js.mbidadm.com/static/scripts.js

45.133.44.53

200 OK

1.7 kB

URL GET HTTP/2
js.mbidadm.com/static/scripts.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectjs.mbidadm.com
FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80
ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT

File type
JavaScript source, ASCII text, with very long lines (1884), with no line terminators
Size
1.7 kB (1732 bytes)
Hash
920f349834adf2faa94a7c6047814e52
34557304112fe9d61f23b8f89ceead6db43b98d4
2ddd6ffb00a0971092562d2c424678425e8496d315e38967a4ca2e26fdcfeafc

HTTP Headers

GET /static/scripts.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:27 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:14 GMT
etag: W/"6627832a-6c4"
content-encoding: gzip
expires: Fri, 03 May 2024 04:14:27 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

js.mbidinp.com/npc/sdk/wpu/npush.m.js

45.133.44.52

200 OK

169 kB

URL GET HTTP/2
js.mbidinp.com/npc/sdk/wpu/npush.m.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectjs.mbidinp.com
FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C
ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT

File type

Size
169 kB (168568 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Fri, 03 May 2024 04:14:29 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.12&cpa=fbf621d3-7984-429d-8190-cf4ced1451a0&prev_step_diff=826

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.12&cpa=fbf621d3-7984-429d-8190-cf4ced1451a0&prev_step_diff=826
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.12&cpa=fbf621d3-7984-429d-8190-cf4ced1451a0&prev_step_diff=826 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:35 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 03 May 2025 04:09:35 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.tailwindcss.com/

104.22.20.144

302 Found

366 kB

URL GET HTTP/2
cdn.tailwindcss.com/
IP
104.22.20.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type

Size
366 kB (365681 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 03 May 2024 04:09:26 GMT
cache-control: max-age=14400
location: /3.4.3
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::77gzv-1714708733268-2821f770c1e9
cf-cache-status: HIT
age: 492
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dd65476adb7131-OSL
X-Firefox-Spdy: h2

www.amdahost.com/css/root.css

104.21.40.89

200 OK

3.2 kB

URL GET HTTP/3
www.amdahost.com/css/root.css
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type
ASCII text, with very long lines (3175), with no line terminators
Size
3.2 kB (3175 bytes)
Hash
b29e82a0b6fab49b186f1878409b49cf
632d7a94b851c7c879e29825bee06920d7b5cb99
5b7746d8aa2c0a8a908f6a5df646167afb319fc1d2a6ec08d275e195a275afdf

HTTP Headers

GET /css/root.css HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 04:09:26 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=6128
last-modified: Tue, 27 Feb 2024 08:09:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5008
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTOdZVnHqOvltnutAngctVt%2FMvLqL1EKXpdwa%2BKYI6a9ecc9waIM7KiyoDdIgAH3PsllIAjzXBKy1ZEqZjCo5WrJltC19Wojkq17XkOctZar%2Bu%2FG3bbkGWSrMyXrvapLpN%2BE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd65471b4856c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

12ezo5v60.com/get/2020090?zoneid=2020090&jp=_cl8vivna5sag18ga58jn0k&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6586299657504256&eclog=0&im=1&freq=0&uf=0

212.117.190.202

200 OK

6.3 kB

URL GET HTTP/2
12ezo5v60.com/get/2020090?zoneid=2020090&jp=_cl8vivna5sag18ga58jn0k&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6586299657504256&eclog=0&im=1&freq=0&uf=0
IP
212.117.190.202:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerBuypass AS-983163327
Subject
FingerprintDB:57:32:8B:71:3B:E2:BC:8C:B1:94:D1:8A:25:4E:EE:A7:BA:C5:59
ValidityTue, 09 Jan 2024 13:35:13 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (6429), with no line terminators
Size
6.3 kB (6328 bytes)
Hash
a2b8a74c69ffeaec1ae864abef046a19
e91c90e5b02fb27cdefd932a82b92686a7bedeba
986b094d94ecabeb7fdcab378270822b0a6bf34550d734c64a1a78b13b88e6cc

HTTP Headers

GET /get/2020090?zoneid=2020090&jp=_cl8vivna5sag18ga58jn0k&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=6586299657504256&eclog=0&im=1&freq=0&uf=0 HTTP/1.1
Host: 12ezo5v60.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:28 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=240502230995c67ac760dd47c6ab9694c5a1; Path=/; Expires=Fri, 06 Jun 2025 04:09:28 GMT; Secure; SameSite=None
CHCK=1; Path=/; Expires=Fri, 06 Jun 2025 04:09:28 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

mbdippex.com/in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709370&subid=1211831614&sid=718096993&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_21d88bfd-8d6d-4795-b481-f0107129fe47%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253DkwbCfsA3P2bJ9eSQV7TO7BUOhkQnBCNM2boV0fXEkGTG2CqkAJufTxQ8QmEgl5-iSqAk8SzXxshORrkNsza6fhOM_Ah67TFoJK3QIkaYhshN-QlDAcaQCN672T3mHzJsVE_UvhEfDiyyNxCLvSk-SxLt44emTfFXMDXiz_gEV72i2lQ-aCDB42Oj83NJhOTk_86bon8vtIVP61jN0pV_Uf3eJtp30-A3FUZkNscM-7HU8NAR1bKeDSFQhvarRr8XH2CTc3jpAjR7JtaD9PxHfXng3PKfobHf_Y1vvQ9ofPePEsSgHo4qnIBze7n91G-iEM_udKiw1oOwStdqL7nwW0u-Bn5wUsMuKSMOIscLc0IAfbZ640IlzS4Cxe7PXxMhM0bBpqECW3HOeiEekPObVMdE8SaZZrQeRrhm1sUoZg_vuHBGb8bj2vou3d7Kk3lTH3FCA0_1E-mFZ97UPEnINKpl409OuZOdQPal9GUZLCecq1F363FHoFWI68AWm6EA-zFbxqorTg5ciC9xWzsZavRHH3UTeVsdxXFo_Ib1noK5QrAKHF71U_6U0WPf5lBpqWAlvrfRc0bgxwLvT2bAmbFSF9p5g3oxkE3JWlXkC78ulcZ_yuNvEuVnHTDSSE4WhxVJRUql2I9seh6CPM8CHVJll8Da2jdkRbHL1Hc44fiHRfIRIB-hFwVSG1UNR7dhZq1zer4iQAyxjqT-ktWx9qb3h6GDan1T7JLS0opS4yk6xK3R2PA1KySPPbkU-jV4pXQmXtJCgelmr9BYMNGJB0m6asSYcsIdqR7Nr2T2lNVwKYSfnK5HBD7DuAmfbPXzuH0xW9ddtBZqzYoJVj7hizcruKZmCPvxKeMRLAejTqqMldmTXsBDnly6ntM9YNvd--s1mkXjE2ryaBWPrGoG_rbKauvcxW9UYT1d40qPmYKvPOAHvukze5cHKIZJ1cq3yUx4XoV49CnEyJ6yrazm3g2%2526kw%253Dadult%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=fDo0mNkHZU9HBU4rmVhsWOrBnQA3P267XKuxF9A1p-M6iXh-IgwRYi6LctWIGP_3cH_et2hr05mKWNuaFnt3GnHzc22-bLhMkikuge1szuRY8M1TsAX3vKZJPBriAqd7_73j3VkKMKNZe49geG8ePBXCpP0E-54mBwTCx_DGrWdks5yv7Q&ext_cid=0&px_id=55560190&min_cpm=0.07126355847472454&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=5454897795451653018&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04545401615001421&cpm=0&verify_hash=da6329b799237bbcc6172064aef631ce&is_native=2&real_bid=0.00088459201812744&original_bid_usd=0.00144&original_bid=0.00144&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,20,27,108,0,4&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00144&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000014400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.06&cpa=2b1e2b56-c292-4a5d-9098-2f72d4102b58&prev_step_diff=2134

157.90.84.246

200 OK

0 B

URL GET HTTP/2
mbdippex.com/in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709370&subid=1211831614&sid=718096993&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_21d88bfd-8d6d-4795-b481-f0107129fe47%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253DkwbCfsA3P2bJ9eSQV7TO7BUOhkQnBCNM2boV0fXEkGTG2CqkAJufTxQ8QmEgl5-iSqAk8SzXxshORrkNsza6fhOM_Ah67TFoJK3QIkaYhshN-QlDAcaQCN672T3mHzJsVE_UvhEfDiyyNxCLvSk-SxLt44emTfFXMDXiz_gEV72i2lQ-aCDB42Oj83NJhOTk_86bon8vtIVP61jN0pV_Uf3eJtp30-A3FUZkNscM-7HU8NAR1bKeDSFQhvarRr8XH2CTc3jpAjR7JtaD9PxHfXng3PKfobHf_Y1vvQ9ofPePEsSgHo4qnIBze7n91G-iEM_udKiw1oOwStdqL7nwW0u-Bn5wUsMuKSMOIscLc0IAfbZ640IlzS4Cxe7PXxMhM0bBpqECW3HOeiEekPObVMdE8SaZZrQeRrhm1sUoZg_vuHBGb8bj2vou3d7Kk3lTH3FCA0_1E-mFZ97UPEnINKpl409OuZOdQPal9GUZLCecq1F363FHoFWI68AWm6EA-zFbxqorTg5ciC9xWzsZavRHH3UTeVsdxXFo_Ib1noK5QrAKHF71U_6U0WPf5lBpqWAlvrfRc0bgxwLvT2bAmbFSF9p5g3oxkE3JWlXkC78ulcZ_yuNvEuVnHTDSSE4WhxVJRUql2I9seh6CPM8CHVJll8Da2jdkRbHL1Hc44fiHRfIRIB-hFwVSG1UNR7dhZq1zer4iQAyxjqT-ktWx9qb3h6GDan1T7JLS0opS4yk6xK3R2PA1KySPPbkU-jV4pXQmXtJCgelmr9BYMNGJB0m6asSYcsIdqR7Nr2T2lNVwKYSfnK5HBD7DuAmfbPXzuH0xW9ddtBZqzYoJVj7hizcruKZmCPvxKeMRLAejTqqMldmTXsBDnly6ntM9YNvd--s1mkXjE2ryaBWPrGoG_rbKauvcxW9UYT1d40qPmYKvPOAHvukze5cHKIZJ1cq3yUx4XoV49CnEyJ6yrazm3g2%2526kw%253Dadult%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=fDo0mNkHZU9HBU4rmVhsWOrBnQA3P267XKuxF9A1p-M6iXh-IgwRYi6LctWIGP_3cH_et2hr05mKWNuaFnt3GnHzc22-bLhMkikuge1szuRY8M1TsAX3vKZJPBriAqd7_73j3VkKMKNZe49geG8ePBXCpP0E-54mBwTCx_DGrWdks5yv7Q&ext_cid=0&px_id=55560190&min_cpm=0.07126355847472454&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=5454897795451653018&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04545401615001421&cpm=0&verify_hash=da6329b799237bbcc6172064aef631ce&is_native=2&real_bid=0.00088459201812744&original_bid_usd=0.00144&original_bid=0.00144&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,20,27,108,0,4&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00144&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000014400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.06&cpa=2b1e2b56-c292-4a5d-9098-2f72d4102b58&prev_step_diff=2134
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709370&subid=1211831614&sid=718096993&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_21d88bfd-8d6d-4795-b481-f0107129fe47%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253DkwbCfsA3P2bJ9eSQV7TO7BUOhkQnBCNM2boV0fXEkGTG2CqkAJufTxQ8QmEgl5-iSqAk8SzXxshORrkNsza6fhOM_Ah67TFoJK3QIkaYhshN-QlDAcaQCN672T3mHzJsVE_UvhEfDiyyNxCLvSk-SxLt44emTfFXMDXiz_gEV72i2lQ-aCDB42Oj83NJhOTk_86bon8vtIVP61jN0pV_Uf3eJtp30-A3FUZkNscM-7HU8NAR1bKeDSFQhvarRr8XH2CTc3jpAjR7JtaD9PxHfXng3PKfobHf_Y1vvQ9ofPePEsSgHo4qnIBze7n91G-iEM_udKiw1oOwStdqL7nwW0u-Bn5wUsMuKSMOIscLc0IAfbZ640IlzS4Cxe7PXxMhM0bBpqECW3HOeiEekPObVMdE8SaZZrQeRrhm1sUoZg_vuHBGb8bj2vou3d7Kk3lTH3FCA0_1E-mFZ97UPEnINKpl409OuZOdQPal9GUZLCecq1F363FHoFWI68AWm6EA-zFbxqorTg5ciC9xWzsZavRHH3UTeVsdxXFo_Ib1noK5QrAKHF71U_6U0WPf5lBpqWAlvrfRc0bgxwLvT2bAmbFSF9p5g3oxkE3JWlXkC78ulcZ_yuNvEuVnHTDSSE4WhxVJRUql2I9seh6CPM8CHVJll8Da2jdkRbHL1Hc44fiHRfIRIB-hFwVSG1UNR7dhZq1zer4iQAyxjqT-ktWx9qb3h6GDan1T7JLS0opS4yk6xK3R2PA1KySPPbkU-jV4pXQmXtJCgelmr9BYMNGJB0m6asSYcsIdqR7Nr2T2lNVwKYSfnK5HBD7DuAmfbPXzuH0xW9ddtBZqzYoJVj7hizcruKZmCPvxKeMRLAejTqqMldmTXsBDnly6ntM9YNvd--s1mkXjE2ryaBWPrGoG_rbKauvcxW9UYT1d40qPmYKvPOAHvukze5cHKIZJ1cq3yUx4XoV49CnEyJ6yrazm3g2%2526kw%253Dadult%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=fDo0mNkHZU9HBU4rmVhsWOrBnQA3P267XKuxF9A1p-M6iXh-IgwRYi6LctWIGP_3cH_et2hr05mKWNuaFnt3GnHzc22-bLhMkikuge1szuRY8M1TsAX3vKZJPBriAqd7_73j3VkKMKNZe49geG8ePBXCpP0E-54mBwTCx_DGrWdks5yv7Q&ext_cid=0&px_id=55560190&min_cpm=0.07126355847472454&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=5454897795451653018&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04545401615001421&cpm=0&verify_hash=da6329b799237bbcc6172064aef631ce&is_native=2&real_bid=0.00088459201812744&original_bid_usd=0.00144&original_bid=0.00144&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,20,27,108,0,4&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00144&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000014400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.06&cpa=2b1e2b56-c292-4a5d-9098-2f72d4102b58&prev_step_diff=2134 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 03 May 2024 04:09:32 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

show.revopush.com/api/v1/inpage/show/?uid=180170&subacc=1222898310&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult

116.202.233.120

200 OK

727 B

URL GET HTTP/2
show.revopush.com/api/v1/inpage/show/?uid=180170&subacc=1222898310&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult
IP
116.202.233.120:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoDaddy.com, Inc.
Subjectshow.revopush.com
Fingerprint14:6E:2A:BA:82:13:C7:FC:12:52:18:54:8C:98:74:9E:31:18:6B:94
ValidityFri, 22 Mar 2024 16:58:42 GMT - Sat, 22 Mar 2025 16:58:42 GMT

File type
Unicode text, UTF-8 text, with very long lines (742), with no line terminators
Size
727 B (727 bytes)
Hash
898cd5cba0b742f252f9c14a8596b1ac
4d9ab006c42d57b8c25fd457b8fc5619c11a9c6c
350f2b49e570962ff7cee03a35178292ccf4d89cc01cbe2ec161ffce18afc55b

HTTP Headers

GET /api/v1/inpage/show/?uid=180170&subacc=1222898310&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult HTTP/1.1
Host: show.revopush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:28 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Wow64
access-control-allow-origin: https://www.amdahost.com
vary: Origin
content-encoding: br
X-Firefox-Spdy: h2

32879.2481april2024.com/iSRHD4w2PQ3aQ8wooFnGLyBBnJMRooyILftVM5vPHJoWNprCpdgDpsnaV4Nhe92bwY4FdvZ5ganWQumxGvu6ZAmXmcLBvbOAeQsXTddF7mwtk1_Ohk62ZfVlPB5b?kws=video&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20May%2003%202024%2004%3A09%3A28%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1

88.208.22.4

200 OK

1.5 kB

URL GET HTTP/2
32879.2481april2024.com/iSRHD4w2PQ3aQ8wooFnGLyBBnJMRooyILftVM5vPHJoWNprCpdgDpsnaV4Nhe92bwY4FdvZ5ganWQumxGvu6ZAmXmcLBvbOAeQsXTddF7mwtk1_Ohk62ZfVlPB5b?kws=video&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20May%2003%202024%2004%3A09%3A28%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
IP
88.208.22.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subject*.2481april2024.com
FingerprintFC:0B:87:DF:4F:43:9B:81:FD:04:D2:4C:5C:79:77:1B:C6:BB:F4:49
ValidityTue, 02 Apr 2024 14:41:38 GMT - Mon, 01 Jul 2024 14:41:37 GMT

File type
ASCII text, with very long lines (1492), with no line terminators
Size
1.5 kB (1492 bytes)
Hash
aadfeb2247414a50c8b05bf5e4ab4bd6
caee04823dedd9d3385b54af82221fa1c1e7d753
139d9e014861828b6aeff713d2db61100706a8ace4394d309bbd669b04dec454

HTTP Headers

GET /iSRHD4w2PQ3aQ8wooFnGLyBBnJMRooyILftVM5vPHJoWNprCpdgDpsnaV4Nhe92bwY4FdvZ5ganWQumxGvu6ZAmXmcLBvbOAeQsXTddF7mwtk1_Ohk62ZfVlPB5b?kws=video&abl=0&fsb=0&pageUri=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20May%2003%202024%2004%3A09%3A28%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 HTTP/1.1
Host: 32879.2481april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:31 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://www.amdahost.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 03 May 2024 04:09:31 UTC
expires: Fri, 03 May 2024 04:09:31 UTC
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.fluidplayer.com/v3/current/6aef4fee473c54e96ff8.svg

185.76.9.21

200 OK

19 kB

URL GET HTTP/2
cdn.fluidplayer.com/v3/current/6aef4fee473c54e96ff8.svg
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectfluidplayer.com
FingerprintCD:21:BA:85:8A:CA:A4:37:0F:0A:BD:F7:50:25:DA:75:9E:D3:FB:76
ValidityMon, 26 Feb 2024 13:51:53 GMT - Sun, 26 May 2024 13:51:52 GMT

File type
SVG Scalable Vector Graphics image
Size
19 kB (18560 bytes)
Hash
805524b1fa0e091076d7afbf68e31133
ab696de0e85a7ce728cbe9b4131f5f4d528fb788
ad0276c58ec6a9875a2e1d39d972950763aac2e8f6262638d5868402ae2466fd

HTTP Headers

GET /v3/current/6aef4fee473c54e96ff8.svg HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:28 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 13:23:12 GMT
etag: W/"65fc34c0-4880"
expires: Fri, 22 Mar 2024 21:45:09 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH36VkAAAwBuUwKDAH3AAAAAAwBisclxAGzgVEBAA
x-77-nzt-ray: af58563036559d9d7863346662becf04
x-accel-expires: @1714772751
x-accel-date: 1714686351
x-77-cache: HIT
x-77-age: 23017
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 23017
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

js.mbidadm.com/static/scripts.m.js

45.133.44.53

200 OK

109 kB

URL GET HTTP/2
js.mbidadm.com/static/scripts.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectjs.mbidadm.com
FingerprintCA:45:B3:CA:F7:B8:6E:BC:AD:15:14:54:8B:69:08:1F:93:CC:C1:80
ValidityThu, 18 Apr 2024 03:01:13 GMT - Wed, 17 Jul 2024 03:01:12 GMT

File type

Size
109 kB (109375 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/scripts.m.js HTTP/1.1
Host: js.mbidadm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:28 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab3f"
content-encoding: gzip
expires: Fri, 03 May 2024 04:14:28 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Bungee+Spice&display=swap

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bungee+Spice&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
ASCII text, with very long lines (1310), with no line terminators
Size
1.3 kB (1280 bytes)
Hash
6ed7e36a675f79912a60041296e6712c
90726391e4efdc836774a463094dbce3f980c761
59214048cf850c5c635c4bd6669db6222a200dd806e8ec2b2e8f504fa0b9393d

HTTP Headers

GET /css2?family=Bungee+Spice&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 04:09:27 GMT
date: Fri, 03 May 2024 04:09:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bid.mbidtg.com/tags/179977?version_name=d

45.133.44.25

200 OK

2.8 kB

URL GET HTTP/2
bid.mbidtg.com/tags/179977?version_name=d
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectbid.mbidtg.com
Fingerprint62:EA:1B:EE:02:E5:88:CC:26:72:9B:BA:BF:B3:B6:2B:67:14:74:67
ValidityWed, 01 May 2024 03:00:45 GMT - Tue, 30 Jul 2024 03:00:44 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3188), with no line terminators
Size
2.8 kB (2820 bytes)
Hash
8816bff52f9fded39f1f43c9aeab5bc3
57fae41230eddbd9191b81b5beaef1a2b3f02175
268388d0590f470513a490a7766f1cc8af06928c47e70c7fede0083e650bb790

HTTP Headers

GET /tags/179977?version_name=d HTTP/1.1
Host: bid.mbidtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:28 GMT
content-type: application/json
server: nginx/1.24.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxE2JGfT4c6ayJtOMHki2IWO4sNNmccGZzzmtCn9cHhgfP_U4GSlTixh6wxoS0tYG_3gDQRmw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S806124284%3A1714709370780258&theme=mn&ddm=0

74.125.131.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxE2JGfT4c6ayJtOMHki2IWO4sNNmccGZzzmtCn9cHhgfP_U4GSlTixh6wxoS0tYG_3gDQRmw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S806124284%3A1714709370780258&theme=mn&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxE2JGfT4c6ayJtOMHki2IWO4sNNmccGZzzmtCn9cHhgfP_U4GSlTixh6wxoS0tYG_3gDQRmw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S806124284%3A1714709370780258&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 04:09:30 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-a368H7SCV2FBlh4C5tNK9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.amdahost.com/watch_direct.php?id=e1e12c25d6

104.21.40.89

200 OK

24 kB

URL User Request GET HTTP/2
www.amdahost.com/watch_direct.php?id=e1e12c25d6
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
24 kB (24457 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch_direct.php?id=e1e12c25d6 HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:26 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b; path=/; domain=.amdahost.com
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r88u1%2BUZ3LBR08NpWZSmlweq4nublZgAkvagCFs%2BOtrccKwUfgNiA2CbcjCLvDpU3yanW9Syl6Y%2BRgPe%2FQwIjyVBVkgj%2FwHZFX23PGxksw%2FJLRjaL%2FPFTxpF5LW3X0D8mZOE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd6543cb0ab523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

0afc4c07a9.9fbdc30642.com/3fa30860af561c50f9fa6f09cdabda07.js

45.133.44.52

200 OK

97 kB

URL GET HTTP/2
0afc4c07a9.9fbdc30642.com/3fa30860af561c50f9fa6f09cdabda07.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subject0afc4c07a9.9fbdc30642.com
Fingerprint9D:0F:4E:A7:C3:AC:A0:6E:EF:F4:56:62:CC:83:32:E6:02:20:E0:CB
ValidityTue, 30 Apr 2024 02:20:22 GMT - Mon, 29 Jul 2024 02:20:21 GMT

File type

Size
97 kB (97000 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /3fa30860af561c50f9fa6f09cdabda07.js HTTP/1.1
Host: 0afc4c07a9.9fbdc30642.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Fri, 03 May 2024 04:14:29 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.amdahost.com/includes/update_visits.php

104.21.40.89

200 OK

0 B

URL POST HTTP/3
www.amdahost.com/includes/update_visits.php
IP
104.21.40.89:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectamdahost.com
Fingerprint29:4E:5C:52:EB:B2:9F:20:B3:FE:A0:0D:29:E2:5A:2D:9E:F6:E4:FF
ValidityThu, 21 Mar 2024 09:21:34 GMT - Wed, 19 Jun 2024 09:21:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /includes/update_visits.php HTTP/1.1
Host: www.amdahost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 54
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Cookie: PHPSESSID=7d9b0f8a6b512ac1332269638a70123b; cf_clearance=INERgHwaerfPT03VMVdgJmLRbkAaZJSe5d2fHnJkK9c-1714709369-1.0.1.1-MPTO7NYuGF9j9CYpOIyKti2A1L2Ja0v2rk9kS_2q.2GAaE0BHc5TqROFUcdLmOAfip4a5yMxp7P8MjKJs3hsxg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 04:09:49 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OnoogVk2%2FDpRApVPk8ejxOOMoN57PGRjvb6SXi2Z7zfzjINq0KZRmxiFSPWJB%2FhnS9Lx0qKT2CZ7ddAyf2iTvDaIioSCAeB7NbdTmoKxyfn7Arr9h8ZtTdOKLWmwKVUAwaU3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87dd65d0a80256c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

0afc4c07a9.9fbdc30642.com/345572815f3b6726ddc5ccee20a9f4a8.js

45.133.44.52

200 OK

109 kB

URL GET HTTP/2
0afc4c07a9.9fbdc30642.com/345572815f3b6726ddc5ccee20a9f4a8.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subject0afc4c07a9.9fbdc30642.com
Fingerprint9D:0F:4E:A7:C3:AC:A0:6E:EF:F4:56:62:CC:83:32:E6:02:20:E0:CB
ValidityTue, 30 Apr 2024 02:20:22 GMT - Mon, 29 Jul 2024 02:20:21 GMT

File type

Size
109 kB (109340 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /345572815f3b6726ddc5ccee20a9f4a8.js HTTP/1.1
Host: 0afc4c07a9.9fbdc30642.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:28 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab1c"
content-encoding: gzip
expires: Fri, 03 May 2024 04:14:28 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

104.16.79.73

200 OK

19 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19189), with no line terminators
Size
19 kB (19189 bytes)
Hash
4c980ee97cb5c001b4d19e2895fa5603
2c6fe998aa7486c4becd74cf253bdd82666a64c3
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

HTTP Headers

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:26 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dd65476827b4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

mbdippex.com/in/multy

157.90.84.246

204 No Content

0 B

URL OPTIONS HTTP/2
mbdippex.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.amdahost.com/
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Fri, 03 May 2024 04:09:30 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

ku42hjr2e.com/aas/r45d/vki/2020088/3f23ef09.js

212.117.190.201

200 OK

106 kB

URL GET HTTP/2
ku42hjr2e.com/aas/r45d/vki/2020088/3f23ef09.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint15:EC:3A:52:11:EC:ED:35:8E:60:38:E6:CC:79:A7:3E:A3:5B:B6:62
ValidityTue, 09 Jan 2024 12:43:23 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65106)
Size
106 kB (106460 bytes)
Hash
282e4211c6aa475b438a8af84a2d5f2a
236912a2a74165b3864a118f55461948e6a25e13
51a486924bfae60d6f89619eda1ea7ee9313d1d74039b03f98dc03536b0469fb

HTTP Headers

GET /aas/r45d/vki/2020088/3f23ef09.js HTTP/1.1
Host: ku42hjr2e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:26 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-1a022"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.tailwindcss.com/3.4.3

104.22.20.144

200 OK

366 kB

URL GET HTTP/2
cdn.tailwindcss.com/3.4.3
IP
104.22.20.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (52292)
Size
366 kB (365681 bytes)
Hash
4bdcdace639cc6c0f08a15c295482172
6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31
d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c

HTTP Headers

GET /3.4.3 HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.amdahost.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:27 GMT
content-type: text/javascript
cache-control: max-age=31536000
content-encoding: br
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::rn74h-1711569125689-ef02b3caf33b
last-modified: Wed, 27 Mar 2024 19:52:06 GMT
cf-cache-status: HIT
age: 201455
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dd654a4c1a7131-OSL
X-Firefox-Spdy: h2

news-galuzo.cc/process.js?id=1222898310&p1=sub1&p2=sub2&p3=sub3&p4=sub4

23.158.56.123

200 OK

45 kB

URL GET HTTP/2
news-galuzo.cc/process.js?id=1222898310&p1=sub1&p2=sub2&p3=sub3&p4=sub4
IP
23.158.56.123:443
ASN
#63023 AS-GLOBALTELEHOST

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subject*.news-galuzo.cc
Fingerprint29:96:67:1F:2C:DD:23:45:EA:5F:11:0B:F4:0B:E7:D5:0D:C3:D1:FB
ValidityMon, 15 Apr 2024 08:11:44 GMT - Sun, 14 Jul 2024 08:11:43 GMT

File type
JavaScript source, ASCII text, with very long lines (44310)
Size
45 kB (44836 bytes)
Hash
b9600e0dcc10556c53732d94b7b7aa75
571a1664a93a336de5ec6d71c2e246f22969bee2
2e930b159e402240d097552e0cd2efd0b34cc6471e30b6bb66f48139a0b0b4d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /process.js?id=1222898310&p1=sub1&p2=sub2&p3=sub3&p4=sub4 HTTP/1.1
Host: news-galuzo.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:27 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
X-Firefox-Spdy: h2

12ezo5v60.com/bultykh/ipp24/7/bazinga/2020090

212.117.190.202

200 OK

158 kB

URL GET HTTP/2
12ezo5v60.com/bultykh/ipp24/7/bazinga/2020090
IP
212.117.190.202:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerBuypass AS-983163327
Subject
FingerprintDB:57:32:8B:71:3B:E2:BC:8C:B1:94:D1:8A:25:4E:EE:A7:BA:C5:59
ValidityTue, 09 Jan 2024 13:35:13 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65107)
Size
158 kB (158045 bytes)
Hash
3dfaf38c2289e292cc712a7019b2d145
4ef2d477f159e89f5ce4954eb2a8fdb0a727b323
e40fa397a311e3027f5bf108f54ec3ac18a94ea259c061e49840843010d84994

HTTP Headers

GET /bultykh/ipp24/7/bazinga/2020090 HTTP/1.1
Host: 12ezo5v60.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:26 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-269a3"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Lobster&display=swap

142.250.74.106

200 OK

1.8 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Lobster&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
ASCII text, with very long lines (1825), with no line terminators
Size
1.8 kB (1780 bytes)
Hash
785af4cad14c8087afd0b4ca069742ba
b81dc83d9ec505a925e3da6bac340491a13460af
dc804cd560b63c44aea3659ce684d8b21a4ccbe7180f953716be1e3e1c4f5274

HTTP Headers

GET /css2?family=Lobster&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 04:09:27 GMT
date: Fri, 03 May 2024 04:09:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Bebas+Neue&display=swap

142.250.74.106

200 OK

799 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bebas+Neue&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
ASCII text, with very long lines (817), with no line terminators
Size
799 B (799 bytes)
Hash
c493231efba2219e3348f16e938d7380
95b2c3d6221a58cbd7e96f2c05c40d03f53fb16c
ff65de3252fffb1650fca0c23a1a87351bf5b2385dc11e35e19b94c3495e4cf0

HTTP Headers

GET /css2?family=Bebas+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 04:09:27 GMT
date: Fri, 03 May 2024 04:09:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ku42hjr2e.com/get/2020088?zoneid=2020088&jp=_clkmifxtz9qrke2h8z6vpp&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275149517799424&eclog=0&im=1&uf=0

212.117.190.201

200 OK

2.8 kB

URL GET HTTP/2
ku42hjr2e.com/get/2020088?zoneid=2020088&jp=_clkmifxtz9qrke2h8z6vpp&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275149517799424&eclog=0&im=1&uf=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint15:EC:3A:52:11:EC:ED:35:8E:60:38:E6:CC:79:A7:3E:A3:5B:B6:62
ValidityTue, 09 Jan 2024 12:43:23 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
ASCII text, with very long lines (3141), with no line terminators
Size
2.8 kB (2805 bytes)
Hash
41151597211c4cd87208d9b512bd3218
fd6994687071a3a75e68f3e3500c812c4c0ca9f0
19f0c55c4d32721043a37e00392e707bc61f7600103d9f2379e5de7f29aefe28

HTTP Headers

GET /get/2020088?zoneid=2020088&jp=_clkmifxtz9qrke2h8z6vpp&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8275149517799424&eclog=0&im=1&uf=0 HTTP/1.1
Host: ku42hjr2e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 04:09:28 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Fri, 06 Jun 2025 04:09:28 GMT; Secure; SameSite=None
UID=2405022309d59ecd791691428197dec88cd6; Path=/; Expires=Fri, 06 Jun 2025 04:09:28 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

mbdippex.com/in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709370&subid=1211831614&sid=718096993&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=16792&crtid=c2aefc875b3f04e5bbb42b12bba9d97f&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DVxqolNm0VNQVDm7OZGBHGDoowco2hjr4kptphHuu5LzbpEmqj4ZA7B4EKPoXQcdwO12Qfha0lTdPm8gDI_ohYooOG0XgiM5laCdiz_lTUsTbhiqn53R9wFeQRU0XYYYbw887Dh4J36dcGahq-JzNLi2M-QyT92DZvjeolRE5Ng_yo5J326028-6fBn_T4pIuCSe6QTubQD3uFa2P8_hC3_TVJmsZ7jD1AwXT1aUA95zaF1Q7tBMoMdQSpzb9SlNcfQVK9VrmycGGuBCvpmHac-FeJ144Bve4dBCgL23kSL6-CqmJMHya3SneY37r_mGIOuQdjGHqilyoGSAPPfChTRBw2j2v2iAA5Exl7vJZZfhuFzx7K0LepKHyVfZc1zy_zDCSl4cjigkoSU2kVwamrLZu-n8dsjskCwbXVKDe78uWNKu7V3JPm5lMmK-ujn0Cq0JhaEAm9etDy4CcB0e9OgbmL_gxP7gwkycMyQuf0OyJ3xIhUwFKdSId_gczex5TjaMhzY8hoPPzKi-vfln9VotCaglEf1woR2UED_JdXATlX2AxCChWLkl1D8mtXhzRqRuz0QGi014jwnn4zsXBsZV_sDu7kIUqU0gr_oIbJRCNHtHV-YnPFOqLhcgjcCi-0qvQwa_l2IsEuZ2mpL55LQ5WwDOtdk4drJYJ0rL7FSgoHeuyuu1xeGyqAXrHjtPKDy7orizXjSNNqOzroTw3EGMZxs0lulF_dt4F74w4iz-lB_V04aJ1djVHXYoDCOKC7b2dtXbX-MOdGI78oQLQeAex2jtBshJ0wq6P_FHcS3_tnMCe0wMYJ_Sw2gFQXVsRCQFR2uEIOtCAQYdwQN-RAvMegFarugWbI889X6D8GrNec2h_-ctFnlWGMTrigL1KOzncihlD75XuEhWQH0wx4PjuCDQWNviKay73tpD28EJuAsd_qStrYWnZELc2RKqsMrw%26bid%3D0.0026&icons=nz3aA-YvPXJBJt4if-xXzvmcpVT8prGK1I5Juh7i6p5gMIWyubWVX6qEqv0fomciyD1wzDFHwB4CmBCBeaD6CcthEZYQSQtT2XC7UwrONz8wcfr0htNTf9HRmtNniNlvSMjl23bMuiGhU8NyeLuvPhnTiOPMdU_SKdFyMwwKIdRkB1sWyE6Y84eVtnexjQjoU25X9q8hiWwNoviWuqTMNZCsQORPfj5iykwBY1oHO46OfKTtfF8dhpFFhBakdOovxLEOkby-b1FBnN6s3xtPwtmrdXp_mYq0pAj3c-afcK6NYPw6f2iq9yPphCOON0kAowjSCM8CCXARYip97utUy7AJUOJvyOcNRvFzks_TBXGtVEjSwfzTz8EYIwcETlwj1E3JIpTr1Dl0-ziMEl2GWm1zQMwwuxP399WTIu1s3pVij6wQYJCB6U7f-5LMutg_CmexDljcj7ZmYFGUipyg8eJbOU2Xu2a15xTtOsPZyx8z-rMD-xL-JI8HziTDSTnxCb-9iaIf8t2vutNqjigHx-c9al7wRucl2pdxyWWXZVqVVbe3_vnL1xvTyKLv1HfMJ_n5T1pWHaFxVNM5pv12zJ2lwdn81lgG1PERBHVTl_34NqIxwnKV5HYMRMkV0VFmx5F9BpmOUeVPx_JinZppRmVgrLz0xfsAqs2uK0neTGhbXtZ8taJgazvWsz51gBIntVAy5N3eGiBwxbatzffB0LGfY2L_ws_kdoA808fcY2yj_SqZLQxa8ppU-WXJ_SFMZJmart-3PpOzmVKBPvyB6siC6NZUkV39yOiYWqtX_zhY6cgaUU2xsNLyn4_W3hTzhrlwAdx4ZyKx7uHclVqPVSmgfWZ0pcWkWx4MgfFMOKYTn_f7fanT6qIQEcbHB7LasQglph1F34qdKrrno9iDza2-LiHWNKqrnCXKnq0XEIJOdKIs1x9PqDRKOq57TMcNwlt1PUn8pDtMNjRHRUvGlKYZlrOs5RdKPfo4huP5d5vCWbm7twViCvZTkvJ5nTkxOnIqy8cjnNuWqc0_O3dTo6g2KlNX6BMSg-0_58FggDxc7ra57TL0XJ7cmLcp7bpir2EuaJhxcxm887_fyLJ8l2p56Vq4R_zBoKvvGc3YNiFgTlx4xJTV9ON2wWo_3LVRclFqeKGzbcdorMrgkrWXFkoM4fEXFG1m2gURUJZx7Kj-O4uR6OATe9C4PyhvMkJT_VLuyZrNHQy2ylomlWZ7h-Knqk74I6vTUOfcYt_2LuYXEd52ODgIRIw284F5PUcjjvtmp5kKIuNW7ABQfWZH-Ck9fHFRpZ5dZA3pC-JZYK5cHr7KfhnYxrIxUUTowyRFeVVku1h9C5Gdy3qGzklUNS4_v0X-Iscx6g&ext_cid=233045&px_id=73560190&min_cpm=0.0035055894167275677&out_id=0&campaign_type=hq&aid=127&cid=12697&uniq=&mid=5454897795451653018&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.006571978561554568&cpm=0&verify_hash=a10899c5d1a873ffc246242be95e7262&is_native=1&real_bid=0.0026&original_bid_usd=0.0026&original_bid=0.0026&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,45,127,108,98,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714882170&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F796%2F796798%2Fconversions%2FC5kTkS9z-minify.jpg&site=native-push-adult&price=0.0026&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000025999999999999997&ext_campaign_id_str=233045&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.06&cpa=5d90403a-4d24-47d4-b581-c22caf3ade37&prev_step_diff=2134

157.90.84.246

200 OK

0 B

URL GET HTTP/2
mbdippex.com/in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709370&subid=1211831614&sid=718096993&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=16792&crtid=c2aefc875b3f04e5bbb42b12bba9d97f&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DVxqolNm0VNQVDm7OZGBHGDoowco2hjr4kptphHuu5LzbpEmqj4ZA7B4EKPoXQcdwO12Qfha0lTdPm8gDI_ohYooOG0XgiM5laCdiz_lTUsTbhiqn53R9wFeQRU0XYYYbw887Dh4J36dcGahq-JzNLi2M-QyT92DZvjeolRE5Ng_yo5J326028-6fBn_T4pIuCSe6QTubQD3uFa2P8_hC3_TVJmsZ7jD1AwXT1aUA95zaF1Q7tBMoMdQSpzb9SlNcfQVK9VrmycGGuBCvpmHac-FeJ144Bve4dBCgL23kSL6-CqmJMHya3SneY37r_mGIOuQdjGHqilyoGSAPPfChTRBw2j2v2iAA5Exl7vJZZfhuFzx7K0LepKHyVfZc1zy_zDCSl4cjigkoSU2kVwamrLZu-n8dsjskCwbXVKDe78uWNKu7V3JPm5lMmK-ujn0Cq0JhaEAm9etDy4CcB0e9OgbmL_gxP7gwkycMyQuf0OyJ3xIhUwFKdSId_gczex5TjaMhzY8hoPPzKi-vfln9VotCaglEf1woR2UED_JdXATlX2AxCChWLkl1D8mtXhzRqRuz0QGi014jwnn4zsXBsZV_sDu7kIUqU0gr_oIbJRCNHtHV-YnPFOqLhcgjcCi-0qvQwa_l2IsEuZ2mpL55LQ5WwDOtdk4drJYJ0rL7FSgoHeuyuu1xeGyqAXrHjtPKDy7orizXjSNNqOzroTw3EGMZxs0lulF_dt4F74w4iz-lB_V04aJ1djVHXYoDCOKC7b2dtXbX-MOdGI78oQLQeAex2jtBshJ0wq6P_FHcS3_tnMCe0wMYJ_Sw2gFQXVsRCQFR2uEIOtCAQYdwQN-RAvMegFarugWbI889X6D8GrNec2h_-ctFnlWGMTrigL1KOzncihlD75XuEhWQH0wx4PjuCDQWNviKay73tpD28EJuAsd_qStrYWnZELc2RKqsMrw%26bid%3D0.0026&icons=nz3aA-YvPXJBJt4if-xXzvmcpVT8prGK1I5Juh7i6p5gMIWyubWVX6qEqv0fomciyD1wzDFHwB4CmBCBeaD6CcthEZYQSQtT2XC7UwrONz8wcfr0htNTf9HRmtNniNlvSMjl23bMuiGhU8NyeLuvPhnTiOPMdU_SKdFyMwwKIdRkB1sWyE6Y84eVtnexjQjoU25X9q8hiWwNoviWuqTMNZCsQORPfj5iykwBY1oHO46OfKTtfF8dhpFFhBakdOovxLEOkby-b1FBnN6s3xtPwtmrdXp_mYq0pAj3c-afcK6NYPw6f2iq9yPphCOON0kAowjSCM8CCXARYip97utUy7AJUOJvyOcNRvFzks_TBXGtVEjSwfzTz8EYIwcETlwj1E3JIpTr1Dl0-ziMEl2GWm1zQMwwuxP399WTIu1s3pVij6wQYJCB6U7f-5LMutg_CmexDljcj7ZmYFGUipyg8eJbOU2Xu2a15xTtOsPZyx8z-rMD-xL-JI8HziTDSTnxCb-9iaIf8t2vutNqjigHx-c9al7wRucl2pdxyWWXZVqVVbe3_vnL1xvTyKLv1HfMJ_n5T1pWHaFxVNM5pv12zJ2lwdn81lgG1PERBHVTl_34NqIxwnKV5HYMRMkV0VFmx5F9BpmOUeVPx_JinZppRmVgrLz0xfsAqs2uK0neTGhbXtZ8taJgazvWsz51gBIntVAy5N3eGiBwxbatzffB0LGfY2L_ws_kdoA808fcY2yj_SqZLQxa8ppU-WXJ_SFMZJmart-3PpOzmVKBPvyB6siC6NZUkV39yOiYWqtX_zhY6cgaUU2xsNLyn4_W3hTzhrlwAdx4ZyKx7uHclVqPVSmgfWZ0pcWkWx4MgfFMOKYTn_f7fanT6qIQEcbHB7LasQglph1F34qdKrrno9iDza2-LiHWNKqrnCXKnq0XEIJOdKIs1x9PqDRKOq57TMcNwlt1PUn8pDtMNjRHRUvGlKYZlrOs5RdKPfo4huP5d5vCWbm7twViCvZTkvJ5nTkxOnIqy8cjnNuWqc0_O3dTo6g2KlNX6BMSg-0_58FggDxc7ra57TL0XJ7cmLcp7bpir2EuaJhxcxm887_fyLJ8l2p56Vq4R_zBoKvvGc3YNiFgTlx4xJTV9ON2wWo_3LVRclFqeKGzbcdorMrgkrWXFkoM4fEXFG1m2gURUJZx7Kj-O4uR6OATe9C4PyhvMkJT_VLuyZrNHQy2ylomlWZ7h-Knqk74I6vTUOfcYt_2LuYXEd52ODgIRIw284F5PUcjjvtmp5kKIuNW7ABQfWZH-Ck9fHFRpZ5dZA3pC-JZYK5cHr7KfhnYxrIxUUTowyRFeVVku1h9C5Gdy3qGzklUNS4_v0X-Iscx6g&ext_cid=233045&px_id=73560190&min_cpm=0.0035055894167275677&out_id=0&campaign_type=hq&aid=127&cid=12697&uniq=&mid=5454897795451653018&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.006571978561554568&cpm=0&verify_hash=a10899c5d1a873ffc246242be95e7262&is_native=1&real_bid=0.0026&original_bid_usd=0.0026&original_bid=0.0026&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,45,127,108,98,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714882170&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F796%2F796798%2Fconversions%2FC5kTkS9z-minify.jpg&site=native-push-adult&price=0.0026&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000025999999999999997&ext_campaign_id_str=233045&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.06&cpa=5d90403a-4d24-47d4-b581-c22caf3ade37&prev_step_diff=2134
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31560190&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fwww.amdahost.com%2Fwatch_direct.php%3Fid%3De1e12c25d6&refdom=www.amdahost.com&auction_time=1714709370&subid=1211831614&sid=718096993&tcid=0&ver=8.159.0&ver_c=&spot_id=560190&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-03&iabcat=IAB25-3&keywords=adult&user_fp=6241671574567358293&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1211831614%26spot_id%3D560190%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.amdahost.com%252Fwatch_direct.php%253Fid%253De1e12c25d6%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=16792&crtid=c2aefc875b3f04e5bbb42b12bba9d97f&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DVxqolNm0VNQVDm7OZGBHGDoowco2hjr4kptphHuu5LzbpEmqj4ZA7B4EKPoXQcdwO12Qfha0lTdPm8gDI_ohYooOG0XgiM5laCdiz_lTUsTbhiqn53R9wFeQRU0XYYYbw887Dh4J36dcGahq-JzNLi2M-QyT92DZvjeolRE5Ng_yo5J326028-6fBn_T4pIuCSe6QTubQD3uFa2P8_hC3_TVJmsZ7jD1AwXT1aUA95zaF1Q7tBMoMdQSpzb9SlNcfQVK9VrmycGGuBCvpmHac-FeJ144Bve4dBCgL23kSL6-CqmJMHya3SneY37r_mGIOuQdjGHqilyoGSAPPfChTRBw2j2v2iAA5Exl7vJZZfhuFzx7K0LepKHyVfZc1zy_zDCSl4cjigkoSU2kVwamrLZu-n8dsjskCwbXVKDe78uWNKu7V3JPm5lMmK-ujn0Cq0JhaEAm9etDy4CcB0e9OgbmL_gxP7gwkycMyQuf0OyJ3xIhUwFKdSId_gczex5TjaMhzY8hoPPzKi-vfln9VotCaglEf1woR2UED_JdXATlX2AxCChWLkl1D8mtXhzRqRuz0QGi014jwnn4zsXBsZV_sDu7kIUqU0gr_oIbJRCNHtHV-YnPFOqLhcgjcCi-0qvQwa_l2IsEuZ2mpL55LQ5WwDOtdk4drJYJ0rL7FSgoHeuyuu1xeGyqAXrHjtPKDy7orizXjSNNqOzroTw3EGMZxs0lulF_dt4F74w4iz-lB_V04aJ1djVHXYoDCOKC7b2dtXbX-MOdGI78oQLQeAex2jtBshJ0wq6P_FHcS3_tnMCe0wMYJ_Sw2gFQXVsRCQFR2uEIOtCAQYdwQN-RAvMegFarugWbI889X6D8GrNec2h_-ctFnlWGMTrigL1KOzncihlD75XuEhWQH0wx4PjuCDQWNviKay73tpD28EJuAsd_qStrYWnZELc2RKqsMrw%26bid%3D0.0026&icons=nz3aA-YvPXJBJt4if-xXzvmcpVT8prGK1I5Juh7i6p5gMIWyubWVX6qEqv0fomciyD1wzDFHwB4CmBCBeaD6CcthEZYQSQtT2XC7UwrONz8wcfr0htNTf9HRmtNniNlvSMjl23bMuiGhU8NyeLuvPhnTiOPMdU_SKdFyMwwKIdRkB1sWyE6Y84eVtnexjQjoU25X9q8hiWwNoviWuqTMNZCsQORPfj5iykwBY1oHO46OfKTtfF8dhpFFhBakdOovxLEOkby-b1FBnN6s3xtPwtmrdXp_mYq0pAj3c-afcK6NYPw6f2iq9yPphCOON0kAowjSCM8CCXARYip97utUy7AJUOJvyOcNRvFzks_TBXGtVEjSwfzTz8EYIwcETlwj1E3JIpTr1Dl0-ziMEl2GWm1zQMwwuxP399WTIu1s3pVij6wQYJCB6U7f-5LMutg_CmexDljcj7ZmYFGUipyg8eJbOU2Xu2a15xTtOsPZyx8z-rMD-xL-JI8HziTDSTnxCb-9iaIf8t2vutNqjigHx-c9al7wRucl2pdxyWWXZVqVVbe3_vnL1xvTyKLv1HfMJ_n5T1pWHaFxVNM5pv12zJ2lwdn81lgG1PERBHVTl_34NqIxwnKV5HYMRMkV0VFmx5F9BpmOUeVPx_JinZppRmVgrLz0xfsAqs2uK0neTGhbXtZ8taJgazvWsz51gBIntVAy5N3eGiBwxbatzffB0LGfY2L_ws_kdoA808fcY2yj_SqZLQxa8ppU-WXJ_SFMZJmart-3PpOzmVKBPvyB6siC6NZUkV39yOiYWqtX_zhY6cgaUU2xsNLyn4_W3hTzhrlwAdx4ZyKx7uHclVqPVSmgfWZ0pcWkWx4MgfFMOKYTn_f7fanT6qIQEcbHB7LasQglph1F34qdKrrno9iDza2-LiHWNKqrnCXKnq0XEIJOdKIs1x9PqDRKOq57TMcNwlt1PUn8pDtMNjRHRUvGlKYZlrOs5RdKPfo4huP5d5vCWbm7twViCvZTkvJ5nTkxOnIqy8cjnNuWqc0_O3dTo6g2KlNX6BMSg-0_58FggDxc7ra57TL0XJ7cmLcp7bpir2EuaJhxcxm887_fyLJ8l2p56Vq4R_zBoKvvGc3YNiFgTlx4xJTV9ON2wWo_3LVRclFqeKGzbcdorMrgkrWXFkoM4fEXFG1m2gURUJZx7Kj-O4uR6OATe9C4PyhvMkJT_VLuyZrNHQy2ylomlWZ7h-Knqk74I6vTUOfcYt_2LuYXEd52ODgIRIw284F5PUcjjvtmp5kKIuNW7ABQfWZH-Ck9fHFRpZ5dZA3pC-JZYK5cHr7KfhnYxrIxUUTowyRFeVVku1h9C5Gdy3qGzklUNS4_v0X-Iscx6g&ext_cid=233045&px_id=73560190&min_cpm=0.0035055894167275677&out_id=0&campaign_type=hq&aid=127&cid=12697&uniq=&mid=5454897795451653018&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.006571978561554568&cpm=0&verify_hash=a10899c5d1a873ffc246242be95e7262&is_native=1&real_bid=0.0026&original_bid_usd=0.0026&original_bid=0.0026&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,45,127,108,98,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714882170&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F796%2F796798%2Fconversions%2FC5kTkS9z-minify.jpg&site=native-push-adult&price=0.0026&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000025999999999999997&ext_campaign_id_str=233045&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.06&cpa=5d90403a-4d24-47d4-b581-c22caf3ade37&prev_step_diff=2134 HTTP/1.1
Host: mbdippex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 03 May 2024 04:09:32 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

cdn.fluidplayer.com/v3/current/fluidplayer.min.js

185.76.9.21

200 OK

233 kB

URL GET HTTP/2
cdn.fluidplayer.com/v3/current/fluidplayer.min.js
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectfluidplayer.com
FingerprintCD:21:BA:85:8A:CA:A4:37:0F:0A:BD:F7:50:25:DA:75:9E:D3:FB:76
ValidityMon, 26 Feb 2024 13:51:53 GMT - Sun, 26 May 2024 13:51:52 GMT

File type
JavaScript source, ASCII text, with very long lines (65463)
Size
233 kB (232616 bytes)
Hash
9829e8e730a9125e695789512d85177a
e20a0d55ab1722ef3ad13741a2b8975413d43909
7c38ede4727de973827091514a83d24a039bda1d0d4cac219eb20571a2cc3698

HTTP Headers

GET /v3/current/fluidplayer.min.js HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 21 Mar 2024 13:23:13 GMT
etag: W/"65fc34c1-38ca8"
expires: Fri, 22 Mar 2024 21:42:05 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3oFoAAAwBuUwKDAH3AAAAAAwBJRPCMQH3AAAAAA
x-77-nzt-ray: af58563036559d9d77633466d3840e00
x-accel-expires: @1714772567
x-accel-date: 1714686167
x-77-cache: HIT
x-77-age: 23200
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 23200
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13820, version 1.0
Size
14 kB (13820 bytes)
Hash
2dd698f2699a5ef991625825011bff90
523ff9357131751e57dd78cb92b218a49a130d1d
02f5dfc0c21e92f3c724260f035833e627513a1b91230cc490a1ea756c95e5e5

HTTP Headers

GET /s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:34:50 GMT
expires: Fri, 02 May 2025 02:34:50 GMT
cache-control: public, max-age=31536000
age: 92077
last-modified: Thu, 24 Aug 2023 21:28:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.mbidinp.com/skins/nmain.m.js

45.133.44.52

200 OK

470 kB

URL GET HTTP/2
js.mbidinp.com/skins/nmain.m.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectjs.mbidinp.com
FingerprintB8:EA:0B:88:14:F5:73:F1:FE:F1:D5:59:09:E6:70:08:F2:1C:4A:5C
ValidityMon, 22 Apr 2024 03:00:30 GMT - Sun, 21 Jul 2024 03:00:29 GMT

File type

Size
470 kB (470121 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /skins/nmain.m.js HTTP/1.1
Host: js.mbidinp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:30 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Fri, 03 May 2024 04:14:30 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

js.mbidpp.com/popunder-admanager/build.m.js

45.133.44.53

200 OK

97 kB

URL GET HTTP/2
js.mbidpp.com/popunder-admanager/build.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subjectjs.mbidpp.com
Fingerprint5B:B3:95:84:D0:2B:0C:9A:68:98:53:B0:A4:A5:68:88:B2:A5:5F:82
ValidityThu, 18 Apr 2024 03:01:11 GMT - Wed, 17 Jul 2024 03:01:10 GMT

File type

Size
97 kB (97000 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /popunder-admanager/build.m.js HTTP/1.1
Host: js.mbidpp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:29 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Fri, 03 May 2024 04:14:29 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

0afc4c07a9.9fbdc30642.com/5014ec36976a0c921ff879617422392b/161855?version_name=d

45.133.44.52

200 OK

2.4 kB

URL GET HTTP/2
0afc4c07a9.9fbdc30642.com/5014ec36976a0c921ff879617422392b/161855?version_name=d
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.amdahost.com/watch_direct.php?id=e1e12c25d6
Certificate
IssuerLet's Encrypt
Subject0afc4c07a9.9fbdc30642.com
Fingerprint9D:0F:4E:A7:C3:AC:A0:6E:EF:F4:56:62:CC:83:32:E6:02:20:E0:CB
ValidityTue, 30 Apr 2024 02:20:22 GMT - Mon, 29 Jul 2024 02:20:21 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2744), with no line terminators
Size
2.4 kB (2425 bytes)
Hash
57ed9e8789c799ac1c0cb88a331fc507
9499433765f97a3c779b7bd8bb0c6d61001bbe70
23725421b5fecd31ac898b0c3b41b8d7dfef35d750da060be73c3d6350b3e5ca

HTTP Headers

GET /5014ec36976a0c921ff879617422392b/161855?version_name=d HTTP/1.1
Host: 0afc4c07a9.9fbdc30642.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.amdahost.com
DNT: 1
Connection: keep-alive
Referer: https://www.amdahost.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 04:09:28 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Fri, 03 May 2024 04:14:28 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by